[ISN] FBI outlines security upgrades

From: InfoSec News (isnat_private)
Date: Fri Aug 15 2003 - 00:57:51 PDT

  • Next message: InfoSec News: "[ISN] Richer surfers feel less secure"

    http://www.fcw.com/fcw/articles/2003/0811/web-fbi-08-14-03.asp
    
    By Sara Michael 
    Aug. 14, 2003
    
    The Justice Department's inspector general (IG) has plenty of 
    suggestions to improve FBI security, but the law enforcement agency 
    said it has already carried out many of them.
    
    An IG report released today outlined 21 recommendations for the FBI to 
    improve the security of national information from espionage. At the 
    same time, the FBI released a response, outlining several changes it 
    has already made.
    
    Since the arrest of former FBI agent Robert Hanssen two and a half 
    years ago, the bureau has made several security reforms to better 
    detect espionage, including creating a central warehouse for 
    information about people given FBI clearance, and installing a system 
    to track unauthorized access to sensitive documents.
    
    "The FBI has already implemented many new measures, including the 
    creation of a special Counterespionage Section to protect critical 
    national security information, and a Penetration Unit to uncover those 
    who would steal and sell our national security secretes to foreign 
    agents," Attorney General John Ashcroft said in a statement.
    
    The IG recommended a central repository for derogatory information 
    about FBI agents with access to sensitive information. Bureau 
    officials said they have contracted with a vendor to create a data 
    store with a single interface to enter data on clearance actions and 
    track a person's security clearance activities.
    
    "Although we found that the FBI has taken many important steps to 
    improve its internal security program since Hanssen's arrest...some of 
    the most serious weaknesses still have not been fully remedied," the 
    report states.
    
    The agency is developing tools to ensure only cleared users can get 
    specific data. The FBI is implementing the Public Key Infrastructure 
    Program to provide users with a digital identity.
    
    "The FBI's state-of-the-art Trilogy network will have the capability 
    to provide a new level of security and new capabilities, such as the 
    ability to track unauthorized access to files," the FBI said in the 
    response to the IG report.
    
    The report recommends that the FBI track classified information. 
    Agency officials responded that they are in the process of issuing a 
    contract to implement improved levels of security for sensitive 
    electronic and paper documents.
    
    Other FBI security improvements that correspond to the IG's 
    recommendations, include:
    
    * A permanent unit that was created in May 2002 under the bureau's 
      Counterintelligence Division, to investigate allegations of 
      penetration into the FBI.
    
    * Certification of the FBI's Top Secret network and legacy systems to 
      ensure the information systems.
    
    * A financial disclosure program begun in May to verify financial 
      information from selected employees.
    
    The IG criticized the FBI for "significant, longstanding deficiencies" 
    in internal security. Hanssen used the bureau's Automated Case File 
    system to track sensitive espionage investigations, including 
    references to his own name, the report said. The system, which the 
    report says lacked strong security measures, will be replaced by the 
    Virtual Case File system, expected to be implemented by December. 
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 04:35:47 PDT