IG slams FBI's technology management

The Justice Department inspector general's audit division reported that the FBI has not yet adopted dozens of needed improvements to its IT infrastructure and management. The bureau still struggles with security problems, obsolescence and other major weaknesses in its systems, the IG said.

The report included a detailed response by the FBI showing its progress in implementing recommendations Justice made previously.

The bureau spends about $606 million on IT annually, and has made improving its systems one of its top 10 priorities, according to the IG report issued Tuesday.

Since 1990, the IG has issued several critical reports about the bureau's systems, and the General Accounting Office also has called for reforms. But the bureau did not track its response to these recommendations until recently, according to the report, which covered events through April 2003.

The auditors said the bureau's major IT problems include:

  • Poor security program management and planning

  • Poor system access controls

  • Faulty software development and change controls that increase the risk of inaccurate and unauthorized software changes

  • Weak segregation of duty controls that expose bureau systems to the entry of faulty or fraudulent data

  • Inadequate service continuity controls

  • Substandard application controls that create the risk of unauthorized transactions.

  • The auditors found that 30 recommendations that the IG previously had made were repeated in subsequent reports.

    The bureau has made some progress in correcting security problems, but 17 of 23 recommendations made in a 2001 report by the Commerce Department's National Institute of Standards and Technology remain open, according to the report.

    The auditors called these 'vulnerabilities a high to moderate risk for the protection of the FBI's investigative and mainframe systems. ' These vulnerabilities occurred because [Justice] and FBI security management had not enforced compliance with existing security policies, developed a complete set of policies to effectively secure the administrative and investigative mainframes, or held FBI personnel responsible for timely correction of recurring findings,' according to the report.

    inside gcn

    • When cybersecurity capabilities are paid for, but untapped

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group