FBI network security slammed

Summary:The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.

The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.

In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.

The GAO had this to say about the spooks' security systems:

"Certain information security controls over the critical internal network reviewed were ineffective in protecting the confidentiality, integrity, and availability of information and information resources.

Specifically, FBI did not consistently (1) configure network devices and services to prevent unauthorized insider access and ensure system integrity; (2) identify and authenticate users to prevent unauthorized access; (3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; (4) apply strong encryption techniques to protect sensitive data on its networks; (5) log, audit, or monitor security-related events; (6) protect the physical security of its network; and (7) patch key servers and workstations in a timely manner. Taken collectively, these weaknesses place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats."

In a press release, responding to the GAO criticisms, John Miller, FBI assistant director for public affairs, admitted that the dressing down was valid, but said the FBI was already taking action on it:

"The majority of the issues and recommendations brought up in the GAO report have been previously identified by the FBI through our own audits and internal controls. The report omitted the fact that the FBI already has corrective action plans in place that proactively and aggressively address information security issues," said Miller.

Considering the number of attacks against governmental systems by hackers and by other governments, I wonder how much information has been compromised?

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.