FBI’s Network Security Has Flaws, Says GAO

The Govt. Accountability Office (GAO), which is the watchdog agency for US federal govt., released a report on May 24 this year. The report is of great significance for the internal work of Federal Bureau of Investigation (FBI). The effort of FBI for upgrading its computers - a program that's been through various troubles and failures for years - is once again beleaguered. The report avers that there's security lack for thwarting an insider assault in FBI, as published by Computerworld on May 28, 2007.

The report is named "Information Security: FBI Needs to Address Weaknesses in Critical Network". And in it, the authors - Â Keith Rhodes who's the Chief Technologist, and information security issues' director for GAO Gregory Wilshusen - have said that FBI lacks sufficient network-security controls.

The GAO has also concluded in its report that the new network of FBI has critical security flaws that leave their computer system open for hackers both inside and outside the agency. The anonymous network is a part of FBI's up the creek Trilogy program for upgrading the bureau's obsolete information networks.

There is a long list of faults, which includes not installing the id management controls for filtering out illegitimate users, not monitoring or recording as to who accesses confidential information, encrypting critical data or updating the flaws in software from time to time so that the system is safe against latest security lapses and computer viruses.

"Collectively, these flaws put critical data transmitted over the network at jeopardy of unauthorized modification or disclosure, and may also cause service's disruption, thereby increasing the vulnerability of the bureau to insider attacks," as said by GAO. Government Executive published this on May 25, 2007.

"The FBI agrees with several technical and programmatic recommendations of GAO for resume information security activity's implementation, so that a comprehensive program for "information assurance" can be established, as per the FBI. PC Authority published this information on May 28, 2007.

Deputy CIO for FBI Dean Hall, and the CIO Zalmal Azni defended the risk management posture of FBI, and emphasized, "FBI doesn't agree that it has put critical information at jeopardy of illegitimate modification, exposure or insider peril." Computerworld published this on May 28 this year.

Related article: FBI’s ICCC Annual Report Discusses Fraudulent and Non-Fraudulent Complaints

» SPAMfighter News - 6/7/2007