GAO: FBI Network Wide Open to Hacking

The FBI's effort to upgrade its computer systems -- a program that has had numerous missteps and failures over the years -- is again under fire. This time the Government Accountability Office concludes in a report released this week that the FBI's new network has major security lapses that leave the system open to hackers both inside the agency and out.

The GAO concluded that the bureau hasn't followed some of the most basic security practices when modernizing its computer networks, a program aimed at allowing agents nationwide to share evidence in investigations and to better manage their own cases.

The list of shortcomings is long, including not installing identity management controls to filter out unauthorized users, encrypting sensitive data, not recording or monitoring who accesses sensitive information, or updating software patches on a timely basis to protect the system from the latest viruses and security holes. "Taken collectively, these weaknesses place sensitive information transmitted on the network at risk of unauthorized disclosure or modification, and could result in a disruption of service, increasing the bureau’s vulnerability to insider threats," the GAO concluded in what can arguably be characterized as an understatement.

The unnamed network is part of the FBI's troubled Trilogy program to upgrade the antiquated information networks at the bureau. Trilogy has had a series of setbacks, cost overruns, delays and failures, the most notable of which was the failure of a system to allow agents to share evidence and other information on cases they were investigating, called the Virtual Case File. The FBI killed the system after spending $170 million on the project. Trilogy ran into serious enough problems that Congress began holding hearings on the progress of the modernization effort as early as 2002.

Hat tip: Wired