FBI details new fix-it strategy
- By Wilson P. Dizard III
- Aug 22, 2003
The FBI has detailed extensive IT security reforms it is making so insiders can't access sensitive data for purposes of espionage.
The bureau made its plans public this month in response to a new report from the Justice Department's inspector general that lambasted the FBI's handling of agent and spy Robert P. Hanssen.
The IG had 21 reform recommendations. Many relate to IT:
- Create a central repository for critical information about FBI employees who have access to sensitive information
- Adopt proven security and audit programs to detect misuse of FBI systems and to protect restricted information
- Enforce need-to-know access privileges to data
- Track use of documents and electronic media containing sensitive information
- Create a security compliance program.
The bureau's response to the report described how it is developing or will adopt the recommendations. The FBI is also implementing a new computerized financial disclosure program.
The bureau also plans to launch an Enterprise Security Operations Center to protect FBI systems from external attacks and insider misuse.Wireless security
The FBI has nearly finished a review of the security of its headquarters systems and has created a new wireless security team to devise methods of protecting data on notebook PCs and wireless devices.
During his espionage exploits, which spanned November 1979 to February 2001, Hanssen frequently used the bureau's antiquated Automated Case File system to steal secret information and to track the activities of the bureau's counterespionage efforts against him.
'Hanssen compromised some of this nation's most important counterespionage and military secrets, including the identities of dozens of human sources, at least three of whom were executed,' auditors wrote in the IG report.