Weak data-security at the FBI network30/05/2007 Written by Martin Arnsteiner
A new report concerning the state of security at the FBI network was created in April and released yesterday. US independent audit office (Government Accountability Office –GAO) accuses heavy lacks in the configuration of the internal police network FBI.
The FBI has closed computer networks, in which information about all aspects of the police work is exchanged. The GAO found out with its examination that the internal data security programs are incomplete and insufficient. The audit office stated that the network and the devices are not configured correctly to prevent unauthorized data access. In some places the FBI missed to restrict access checks and to graduate the access authorizations to safety level of the users. Because of this, user data could have been accessed although they were not allowed to do so.
Further on, the federal police failed in using strong encryption techniques in order to protect their data. Also software patches for servers and workstations have been implemented too slowly by the FBI Admins, whereby well-known safety gaps had remained longer open in the systems than necessary.
A very substantial point of criticism in the report deals with “weaknesses”, which became unfortunately virulent in times of free official data gathering: internal logging and observing of the own accesses to sensitive data. The report concludes: “If you summarize all the found weaknesses there is an increased risk, that data could be given to unauthorized personnel or data being manipulated.”The audit office recommends the FBI to convert their own IT-security policies with the necessary consequence.