A critical Federal Bureau of Investigation network for sharing law enforcement and investigative information is at risk of being misused or having its services interrupted, according to an audit released this week.
The Government Accountability Office report (PDF) on an unnamed FBI “critical network” says that the FBI’s failure to fully implement information technology security requirements left weaknesses in the network which “place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats.”
The report specifically mentioned Robert Hanssen, an FBI agent who used his insider access to obtain and sell secrets to the Soviet Union, saying that the weaknesses in the network could allow another insider to commit similar espionage. Hanssen relied on technology weaknesses to obtain his information, which resulted in many FBI agents working overseas being executed. Hanssen is now serving a life sentence without possibility of parole.
But the FBI’s chief information officer, responding to the report, said that the network weaknesses did not constitute an unacceptable risk of disclosure or unauthorized use.
The audit found that “FBI did not consistently (1) configure network devices and services securely to prevent unauthorized insider access; (2) identify and authenticate users to prevent unauthorized access; (3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; (4) apply strong encryption techniques to protect sensitive data on its networks; (5) log, audit, or monitor security-related events; (6) protect the physical security of its network; and (7) patch key servers and workstations in a timely manner.”
In a separate classified report, GAO made specific recommendations on how to better secure the network.
“Today, when an FBI agent sits down at her desk and logs on to the computer, she is connected at the ’secret’ level to a fast, secure system that allows her to send e-mails, photographs and documents to any other agent or analyst in the Bureau — across the country and around the world,” FBI director Robert S. Mueller III told Congress last year.
“For ‘top secret’ communications, we have deployed the Top Secret/Sensitive Compartmented Information Operational Network, or SCION. Nearly 4,000 personnel have been trained on the SCION and associated Intelligence Community systems. This system is the backbone for FBI personnel to coordinate, collaborate, disseminate and conduct research on analysis with the Intelligence Community.”
The FBI’s Investigative Data Warehouse, part of its Trilogy IT modernization project, allows virtually every FBI agent to access almost a billion counterterrorism and law enforcement records from what used to be several dozen discrete databases.
(No Ratings Yet)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
May 27, 2007
Cryptolife: a web blog about, linux, security, privacy, politics and other cool stuff » weekly news
eagle
May 28, 2007
It seems to me that we the people should be doing everything in our power to help protect this country we live in, and everyday, that I read what you write Michael and the comments your insite, makes me wonder why you are not the inducing public to do everything that we can do to help our, government succeed. If we had a ID system in place that would certify the idenity of all individuals living in the U.S. it would protect our civil liberties. We are living in a age where the crooks are out gunning us with their technology. While our Congress plays games introducing bill after bill, that has so much special interest $$$$$$$$ attached to them, that our tech. systems are so out dated, anyone that wanted to get acess could. We must start from the begining, and first put a certified ID system in place before we do anything else.
Gölök
May 28, 2007
FBI’s an illegal expansion of federal government anyway; big surprise another example of the nanny state fails.
David
May 28, 2007
The thought that an ID system is the first best place to start is a stretch at best. Notwithstanding the systems maintained by the Social Security Administration (SSA), virtually every other .gov has been found lacking in one manner or another. They SSA I would offer presents a model that other .govs can learn from. This model suggests standardization of systems and inter-agency collaboration. Collaboration in this case means more than “lip service” to the problems of security, but proactive efforts starting from the top and moving down. Other articles on the Internet provide a wealth of information on how to remediate most of the security issues suffered by our government, but someone (e.g., our Cyber Security Czar) appointed by Mr. Bush should be leading this effort. Every CIO, CTO and CSO (and not their designated representative) responsible for protection of our Nation’s information should be present with their particular architecture and applications in hand. From there standard platforms, policies, and procedures should be established which apply to all with on only an act of Congress to premit modifications thereto. Lastlly, this meeting should take place at a location which does not golf, tennis, or other leisure activities, nor should attendees be permitted to stay at the Ritz Carlton. Perhaps somewhere in the middle of nowhere to ensure business and only business is dealt with.
geri
May 30, 2007
No one has convinced me that a national ID is going to make anything better.
No matter how many fail safes you put in place someone, somewhere is going to be able to copy it and use it illegally. Nothing about it will make us safer.