/>
X
Innovation

FBI network security slammed

The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.
tom-espiner.jpg
Written by Tom Espiner, Contributor on

The FBI has been given a dressing down by the US Government Accountability Office (GAO) over its network security.

In a report entitled "FBI Needs to Address Weaknesses in Critical Network", the GAO said that the FBI was not doing enough to guard its law enforcement data from insider threats.

The GAO had this to say about the spooks' security systems:

"Certain information security controls over the critical internal network reviewed were ineffective in protecting the confidentiality, integrity, and availability of information and information resources.

Specifically, FBI did not consistently (1) configure network devices and services to prevent unauthorized insider access and ensure system integrity; (2) identify and authenticate users to prevent unauthorized access; (3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; (4) apply strong encryption techniques to protect sensitive data on its networks; (5) log, audit, or monitor security-related events; (6) protect the physical security of its network; and (7) patch key servers and workstations in a timely manner. Taken collectively, these weaknesses place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats."

In a press release, responding to the GAO criticisms, John Miller, FBI assistant director for public affairs, admitted that the dressing down was valid, but said the FBI was already taking action on it:

"The majority of the issues and recommendations brought up in the GAO report have been previously identified by the FBI through our own audits and internal controls. The report omitted the fact that the FBI already has corrective action plans in place that proactively and aggressively address information security issues," said Miller.

Considering the number of attacks against governmental systems by hackers and by other governments, I wonder how much information has been compromised?

Editorial standards

Related

Southwest Airlines has a big problem and customers may not know it
screen-shot-2022-09-27-at-9-38-07-am.png

Southwest Airlines has a big problem and customers may not know it

FBI: Beware of fake batteries, here's what to watch out for
fbi-hacker-left-align.jpg

FBI: Beware of fake batteries, here's what to watch out for

After being smashed into by a NASA spacecraft, Dimorphos asteroid grows a tail
noirlab2223a

After being smashed into by a NASA spacecraft, Dimorphos asteroid grows a tail