GAO: FBI Network Not Very Secure

from the shocking dept

Thu, May 31st 2007 6:51am — Mike Masnick

The Government Accountability Office continues to break through the political clutter with its reports on what's really going on. The latest in a long series of reports notes that the FBI's new Trilogy data network "place sensitive information transmitted on the network at increased risk of unauthorized disclosure or modification, and could result in a disruption of service." Should this really comes as a surprise? After all, this is the same FBI that wasted hundreds of millions of dollars on a computer system that was late, overbudget and useless at tracking terrorists -- which was eventually scrapped entirely before researchers who examined its security could kick off a crime spree to celebrate how useless the system was. After completely ditching the old useless system, the government set aside another $500 million for this new system -- but apparently forgot to do anything to make sure that the system was actually useful. While it's nice that the GAO is actually pointing out how bad the new system is, wouldn't it be nice if there were some actual accountability from the folks who both commissioned and built the systems?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Wyatt, 31 May 2007 @ 8:14am

GAO = my hero
[ link to this | view in thread ]
Rob, 31 May 2007 @ 8:14am

What's the point?
So what exactly is the point of the GAO anyway? Has the government EVER responded in any positive, constructive way to anything the GAO has ever said? Has any problem the GAO pointed out ever been fixed? Without enforcement teeth it might as well not exist.
[ link to this | view in thread ]
Normal Guy, 31 May 2007 @ 9:54am

GAO
I read through GAO-07-368 at Goa.gov (take a look). I myself found it to be a fairly weak document on the status of the FBI’s internal network security. I see that many statements start with "FBI did not always", what does that mean? In a perfect world without humans, could there be an "Always". I don’t find any of their action items to be conclusive or solid, most are generic and convoluted. The only "action item" that could be provable is "in some instances, personnel did not follow physical security policies and procedures" (p.11). That only proves my previous point, humans, yep, always getting in the way! I personally disagree with many of the other areas of the document because they are incorrect, I know this to be true. I would take a look at the document closely and objectively before attacking the FBI’s information technology in regard to this document. The prior mistakes specifically in the area of failed programs are common to any organization trying to increase quality and scalability of their IT systems, they are usually written off as growing pains and life lessons especially when it comes to handling internal IT security. For the Federal agencies these issues are seemingly worse because of the public exposure in the attempt for accountability to the tax payer. When I would rather waste my tax dollars on making sure a system will actually be the best way to prevent me from waking up to reports of deadly attacks from enemies. Really when compared to the approximant cost of a senator to change offices within the same building, which could be up too, 500,000 dollars, makes the cost of ensuring an IT system for the FBI will be effective when implemented is minor.
For those concerned over the cost and issues with the FBI, remember that banks, online stores and corporations we trust in daily with our information have had the same issues. If one thinks for a minute and then uses the search engine of choice it will be seen that there are no reports of the Bureau losing data or being compromised electronically post Trilogy. If that is the case why such harsh criticism, just because a proactive accountability report said there could be an issue, which could a exaggerated example of a machines Anti-Virus being two days out of date or an individual forgot to sign in, when entering a secure room?
I know it is hard with all the media, rumors and anti-Government propaganda to be objective when looking at Federal agencies, but they do a job that needs to be done and they have increased in effectiveness greatly in recent years. The only way to prove that would with an It’s A Wonderful Life scenario, make it so they never existed and see what happens…I don’t think I would take that chance personally.

*Off topic: I plea to all my fellow blog readers. Please be informed, objective and critical readers. I so often read comments that show that many do not read thoroughly or with understanding, also many do not verify the topics covered in the article. That is our responsibility if we truly want to seek out the truth, if it can be found.
[ link to this | view in thread ]
Overcast, 31 May 2007 @ 12:36pm

Whoever expects the government to be an efficient machine and/or solve the problems of the world, should really see a therapist.

And the GAO could help to insure the overall security of government systems by not advertising this... we are all on the same team, right? You know - I don't think that's the case anymore.

How's that saying go? United we Stand, Divided we fall...
[ link to this | view in thread ]
Anonymous Coward, 1 Jun 2007 @ 1:57pm

Just wonderful
How wonderful, all very private citizen information FBI has collected is vulnerable to being stolen from unknown evil entities who wish to steal, extort, rape, kill, or whatever evil people do to others for fun or profit. I feel safe as a USA citizen knowing the data is so secure...
[ link to this | view in thread ]
Bot TT, 5 Jun 2007 @ 6:42pm

If fed agencies comply with their own standards, m
Most agencies these days are following federally mandated federal information processing standards (FIPS) which set some very strict standards for security. More details can be found here: http://www.govitwiki.com/wiki/IT_Security but the bottom line is, if agencies receive proper funding for their security efforts, they can usually comply, and that compliance makes a big difference.
[ link to this | view in thread ]