IG slams FBI's technology management
- By Wilson P. Dizard III
- Oct 16, 2003
The Justice Department inspector general's audit division reported that the FBI has not yet adopted dozens of needed improvements to its IT infrastructure and management. The bureau still struggles with security problems, obsolescence and other major weaknesses in its systems, the IG said.
included a detailed response by the FBI showing its progress in implementing recommendations Justice made previously.
The bureau spends about $606 million on IT annually, and has made improving its systems one of its top 10 priorities, according to the IG report issued Tuesday.
Since 1990, the IG has issued several critical reports about the bureau's systems, and the General Accounting Office also has called for reforms. But the bureau did not track its response to these recommendations until recently, according to the report, which covered events through April 2003.
The auditors said the bureau's major IT problems include:Poor security program management and planningPoor system access controlsFaulty software development and change controls that increase the risk of inaccurate and unauthorized software changesWeak segregation of duty controls that expose bureau systems to the entry of faulty or fraudulent dataInadequate service continuity controls Substandard application controls that create the risk of unauthorized transactions.
The auditors found that 30 recommendations that the IG previously had made were repeated in subsequent reports.
The bureau has made some progress in correcting security problems, but 17 of 23 recommendations made in a 2001 report by the Commerce Department's National Institute of Standards and Technology remain open, according to the report.
The auditors called these 'vulnerabilities a high to moderate risk for the protection of the FBI's investigative and mainframe systems. ' These vulnerabilities occurred because [Justice] and FBI security management had not enforced compliance with existing security policies, developed a complete set of policies to effectively secure the administrative and investigative mainframes, or held FBI personnel responsible for timely correction of recurring findings,' according to the report.