GAO: FBI Network Not Very Secure

from the shocking dept

The Government Accountability Office continues to break through the political clutter with its reports on what's really going on. The latest in a long series of reports notes that the FBI's new Trilogy data network "place sensitive information transmitted on the network at increased risk of unauthorized disclosure or modification, and could result in a disruption of service." Should this really comes as a surprise? After all, this is the same FBI that wasted hundreds of millions of dollars on a computer system that was late, overbudget and useless at tracking terrorists -- which was eventually scrapped entirely before researchers who examined its security could kick off a crime spree to celebrate how useless the system was. After completely ditching the old useless system, the government set aside another $500 million for this new system -- but apparently forgot to do anything to make sure that the system was actually useful. While it's nice that the GAO is actually pointing out how bad the new system is, wouldn't it be nice if there were some actual accountability from the folks who both commissioned and built the systems?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Wyatt, May 31st, 2007 @ 8:14am

    GAO = my hero

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Rob, May 31st, 2007 @ 8:14am

    What's the point?

    So what exactly is the point of the GAO anyway? Has the government EVER responded in any positive, constructive way to anything the GAO has ever said? Has any problem the GAO pointed out ever been fixed? Without enforcement teeth it might as well not exist.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Normal Guy, May 31st, 2007 @ 9:54am

    GAO

    I read through GAO-07-368 at Goa.gov (take a look). I myself found it to be a fairly weak document on the status of the FBI’s internal network security. I see that many statements start with "FBI did not always", what does that mean? In a perfect world without humans, could there be an "Always". I don’t find any of their action items to be conclusive or solid, most are generic and convoluted. The only "action item" that could be provable is "in some instances, personnel did not follow physical security policies and procedures" (p.11). That only proves my previous point, humans, yep, always getting in the way! I personally disagree with many of the other areas of the document because they are incorrect, I know this to be true. I would take a look at the document closely and objectively before attacking the FBI’s information technology in regard to this document. The prior mistakes specifically in the area of failed programs are common to any organization trying to increase quality and scalability of their IT systems, they are usually written off as growing pains and life lessons especially when it comes to handling internal IT security. For the Federal agencies these issues are seemingly worse because of the public exposure in the attempt for accountability to the tax payer. When I would rather waste my tax dollars on making sure a system will actually be the best way to prevent me from waking up to reports of deadly attacks from enemies. Really when compared to the approximant cost of a senator to change offices within the same building, which could be up too, 500,000 dollars, makes the cost of ensuring an IT system for the FBI will be effective when implemented is minor.
    For those concerned over the cost and issues with the FBI, remember that banks, online stores and corporations we trust in daily with our information have had the same issues. If one thinks for a minute and then uses the search engine of choice it will be seen that there are no reports of the Bureau losing data or being compromised electronically post Trilogy. If that is the case why such harsh criticism, just because a proactive accountability report said there could be an issue, which could a exaggerated example of a machines Anti-Virus being two days out of date or an individual forgot to sign in, when entering a secure room?
    I know it is hard with all the media, rumors and anti-Government propaganda to be objective when looking at Federal agencies, but they do a job that needs to be done and they have increased in effectiveness greatly in recent years. The only way to prove that would with an It’s A Wonderful Life scenario, make it so they never existed and see what happens…I don’t think I would take that chance personally.

    *Off topic: I plea to all my fellow blog readers. Please be informed, objective and critical readers. I so often read comments that show that many do not read thoroughly or with understanding, also many do not verify the topics covered in the article. That is our responsibility if we truly want to seek out the truth, if it can be found.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Overcast, May 31st, 2007 @ 12:36pm

    Whoever expects the government to be an efficient machine and/or solve the problems of the world, should really see a therapist.

    And the GAO could help to insure the overall security of government systems by not advertising this... we are all on the same team, right? You know - I don't think that's the case anymore.

    How's that saying go? United we Stand, Divided we fall...

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jun 1st, 2007 @ 1:57pm

    Just wonderful

    How wonderful, all very private citizen information FBI has collected is vulnerable to being stolen from unknown evil entities who wish to steal, extort, rape, kill, or whatever evil people do to others for fun or profit. I feel safe as a USA citizen knowing the data is so secure...

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Bot TT, Jun 5th, 2007 @ 6:42pm

    If fed agencies comply with their own standards, m

    Most agencies these days are following federally mandated federal information processing standards (FIPS) which set some very strict standards for security. More details can be found here: http://www.govitwiki.com/wiki/IT_Security but the bottom line is, if agencies receive proper funding for their security efforts, they can usually comply, and that compliance makes a big difference.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This