FBI shakes up security in wake of IG report on spy
- By Wilson P. Dizard III
- Aug 14, 2003
As the Justice Department's inspector general this morning issued a critical report on the FBI's handling of bureau agent and Russian spy Robert P. Hanssen, agency director Robert S. Mueller III ordered security reforms that include sweeping IT policy changes.
Glenn A. Fine issued the report
on Hanssen's damaging espionage, which spanned November 1979 to February 2001. The members of the IG investigative team generated 21 reform recommendations for the FBI, such as:Create a Penetration Unit at FBI headquarters within the Counterespionage Section to detect double agents Create a central repository for critical information about FBI employees who have access to sensitive informationImplement an annual financial disclosure program for employees who have access to sensitive informationAdopt proven security, including audit programs, to detect misuse of FBI systems and programs and protect restricted information, and enforce need-to-know rules Create a method to account for and track documents and electronic media containing sensitive informationCreate a security compliance program.
The bureau issued a point-by-point response to the IG's report, generally stating methods by which it has or will adopt its recommendations. For example, the FBI is implementing a new computerized financial disclosure program.
The bureau also plans to launch an Enterprise Security Operations Center to protect FBI systems from external attacks and insider misuse through techniques such as real-time network monitoring, intrusion detection and data auditing.
In addition, the bureau said it has nearly completed certifying and accrediting all headquarters IT systems and created a new wireless security team to devise methods of protecting data on notebook PCs and wireless devices.
The bureau's Trilogy network also will help upgrade security, the bureau said. (Click for Jan. 31 GCN coverage)
The FBI also has created a force of full-time, career security officers that will be led by a new chief security officer.
During his espionage career, Hanssen frequently used the bureau's antiquated Automated Case File system not only to find and steal secret information, but to track the activities of the bureau's counterespionage efforts against him.
'Hanssen compromised some of this nation's most important counterespionage and military secrets, including the identities of dozens of human sources, at least three of whom were executed,' auditors wrote in the IG report.