Auditors give FBI tech fixes mixed marks
- By Wilson P. Dizard III
- Oct 08, 2007
The Justice Department's Inspector General Office concluded that the FBI has improved its system security since the Robert Hanssen spy debacle but pointed out areas where improvements are incomplete or lacking.
The auditors' report, titled 'A Review of the FBI's Progress in Responding to the Recommendations in the Office of the Inspector General Report on Robert Hanssen,' Special Report, September 2007
, specifically addressed the system upgrades and other reforms that Justice urged the bureau to adopt in the aftermath of the spy case. Hanssen, a senior FBI counterintelligence officer, sold secrets to the Soviet and later Russian government for many years, disclosing intelligence that resulted in the execution of three confidential FBI sources overseas.
The report presented detailed analysis of the status of system upgrades Justice had recommended. The verdict on system upgrade progress included both favorable and unfavorable items.
- With regard to systems for handling information from confidential sources, the auditors learned that the FBI had rejected the CIA's system for handling its most sensitive human source data, which is called the Human Intelligence Control System. The bureau told the auditors that its own approach, including a reformed business model and the Human Intelligence Reengineering Program, which is intended to improve the FBI's human intelligence program, is better than HCS. The auditors said they could not tell whether the new business model was a part of the Human Intelligence Reengineering program or a separate project. They wrote that the upgrade programs were promising but still in their early stages and so could not be fully evaluated.
- Justice had recommended that the bureau build a central repository of negative information about its employees that might tend to indicate that they were involved in espionage against this country. The bureau responded that its security division is in the early stages of developing the Security Management Information System. The auditors concluded that the FBI has not yet built a single automated repository for all the information it gathers on its employees, including health and financial data in addition to records of security rule infractions.
- The auditors paid special attention to the FBI's Automated Case Support System. The ACS in many ways serves as the core case management system that stores information about old and ongoing cases. Hanssen's mastery of ACS helped him track the activities of the counterespionage team that was attempting to hunt him down. The investigators noted that the bureau has installed significant upgrades to ACS, but the system still is hampered by inadequate training and security problems that are inherent in its design. The FBI is building a new case management system, Sentinel, that is beginning to come online in phases. But the Sentinel launch was preceded by the collapse of another case management system project, the Virtual Case File, which involved $100 million of wasted expenditures.
The auditors concluded that the bureau has made significant progress in improving its information technology security by adopting some of Justice's recommendations. However, the IG staff pointed to significant shortcomings that still present IT security vulnerabilities at the FBI.
The FBI issued a response to the Justice IG's report over the name of FBI Assistant Director John Miller. 'While the OIG found that some of the recommendations had not yet been implemented, we continue to concur with all the recommendations made by the original report,' the statement said. 'We will continue to work with the OIG to make additional progress toward implementing these recommendations and in our efforts regarding espionage activities on the whole.'