X
Tech
Home Tech Security

FBI network security slammed

The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.
Written by Tom Espiner, Contributor

The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.

In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.

The GAO had this to say about the spooks' security systems:

"Certain information security controls over the critical internal network reviewed were ineffective in protecting the confidentiality, integrity, and availability of information and information resources.

Specifically, FBI did not consistently (1) configure network devices and services to prevent unauthorized insider access and ensure system integrity; (2) identify and authenticate users to prevent unauthorized access; (3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; (4) apply strong encryption techniques to protect sensitive data on its networks; (5) log, audit, or monitor security-related events; (6) protect the physical security of its network; and (7) patch key servers and workstations in a timely manner. Taken collectively, these weaknesses place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats."

In a press release, responding to the GAO criticisms, John Miller, FBI assistant director for public affairs, admitted that the dressing down was valid, but said the FBI was already taking action on it:

"The majority of the issues and recommendations brought up in the GAO report have been previously identified by the FBI through our own audits and internal controls. The report omitted the fact that the FBI already has corrective action plans in place that proactively and aggressively address information security issues," said Miller.

Considering the number of attacks against governmental systems by hackers and by other governments, I wonder how much information has been compromised?

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now