FBI Addresses Internal Information Security


By: Jim Kouri, CPP

The Federal Bureau of Investigation relies on a critical network to electronically communicate, capture, exchange, and access law enforcement and investigative information.

Misuse or interruption of this critical network, or disclosure of the information traversing it, would impair FBI’s ability to fulfill its missions. Effective information security controls are essential for ensuring that information technology resources and information are adequately protected from inadvertent or deliberate misuse, fraudulent use, disclosure, modification, or destruction. The Government Accounting Office was asked to assess information security controls for one of FBI’s critical networks.

To assess controls, GAO conducted a vulnerability assessment of the internal network and evaluated the bureau’s information security program associated with the network operating environment. This report summarizes weaknesses in information security controls in one of FBI’s critical networks.

Certain information security controls over the critical internal network reviewed were ineffective in protecting the confidentiality, integrity, and availability of information and information resources.

Specifically, FBI did not consistently configure network devices and services to prevent unauthorized insider access and ensure system integrity Nor did the FBI identify and authenticate users to prevent unauthorized access. The Bureau failed to enforce the principle of least privilege to ensure that authorized access was necessary and appropriate and failed to apply strong encryption techniques to protect sensitive data on its networks.

Taken collectively, these and other weaknesses place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats. These weaknesses existed, in part, because the FBI had not fully implemented key information security program activities for the critical network reviewed.

The FBI has developed an agencywide information security program, which includes an organization to monitor and protect the bureau’s information systems from external attacks and insider misuse and to serve as the central focal point of contact for near-real-time security monitoring.

However, shortcomings exist with certain program elements for the network, including an outdated risk assessment, incomplete security plan, incomplete specialized security training, insufficient testing, untimely remediation of weaknesses, and inadequate service continuity planning. Without a fully implemented program, certain security controls will likely remain inadequate or inconsistently applied.



Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police and he’s a staff writer for the New Media Alliance (thenma.org). He’s former chief at a New York City housing project in Washington Heights nicknamed “Crack City” by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations. He’s also served on the National Drug Task Force and trained police and security officers throughout the country. Kouri writes for many police and security magazines including Chief of Police, Police Times, The Narc Officer and others. He’s a news writer for TheConservativeVoice.Com and PHXnews.com. He’s also a columnist for AmericanDaily.Com, MensNewsDaily.Com, MichNews.Com, and he’s syndicated by AXcessNews.Com. He’s appeared as on-air commentator for over 100 TV and radio news and talk shows including Oprah, McLaughlin Report, CNN Headline News, MTV, Fox News, etc. His book Assume The Position is available at Amazon.Com. Kouri’s own website is located at http://jimkouri.us

About The Author Jim Kouri, CPP:
Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police and he's a columnist for The Examiner (examiner.com) and New Media Alliance (thenma.org). In addition, he's a blogger for the Cheyenne, Wyoming Fox News Radio affiliate KGAB (www.kgab.com). Kouri also serves as political advisor for Emmy and Golden Globe winning actor Michael Moriarty. He's former chief at a New York City housing project in Washington Heights nicknamed "Crack City" by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations. He's also served on the National Drug Task Force and trained police and security officers throughout the country. Kouri writes for many police and security magazines including Chief of Police, Police Times, The Narc Officer and others. He's a news writer and columnist for AmericanDaily.Com, MensNewsDaily.Com, MichNews.Com, and he's syndicated by AXcessNews.Com. Kouri appears regularly as on-air commentator for over 100 TV and radio news and talk shows including Fox News Channel, Oprah, McLaughlin Report, CNN Headline News, MTV, etc. To subscribe to Kouri's newsletter write to COPmagazine@aol.com and write "Subscription" on the subject line.
Website:http://jimkouri.us

No Comments

No comments yet.

RSS feed for comments on this post. TrackBack URI

Sorry, the comment form is closed at this time.