Government Accountability Office Report Slams FBI Internal Security


Ah, FBI slammed again, it’s not the first time this has happened.

Remember when a Consultant Breached FBI’s Computers?

It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security: FBI Needs to Address Weaknesses in Critical Network,” the authors — Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes — said the FBI lacks adequate network security controls.

The FBI “has an incomplete security plan,” the report concluded.

Those who are supposed to protect eh?

The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.

In a letter of response to the GAO, Dean Hall, the FBI’s deputy CIO, and Zalmal Azni, the FBI’s CIO, noted, “The FBI concurs with many of the GAO’s technical recommendations and the programmatic recommendation to continue the implementation of information security activities in order to fully establish a comprehensive Information Assurance Program.”

Let’s hope they can make less excuses and just sort it out.

Source: PC World

Posted in: Hacking News

,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


3 Responses to Government Accountability Office Report Slams FBI Internal Security

  1. Alfred Farrington June 21, 2007 at 1:35 am #

    Hmmm seems like they are spending alot of money and still can’t get it right. Seems like our same good ol government.

  2. Bogwitch June 21, 2007 at 2:00 pm #

    The article paints an all-too-familiar story – IT and security departments taking the blame for a lack of funding.
    I have no doubt that agencies like the FBI rely too heavily on staff vetting which, unfortunately, is not completely reliable. Just because someone has passed a background check, does not always mean they are trustworthy….
    However, the biggest problem is convincing any organisation that investment in information security is worthwhile. It is very difficult to convince organisations to perceive that there is a return on investment let alone to attempt to calculate that return.
    Until this happens, IT departments and information security departments will always take the blame for poor security management.

  3. Sandeep Nain July 11, 2007 at 1:56 am #

    Well i am sure their budget does have a huge amount sanctioned for IT Security.. and that money must have been shown used too…

    is it just me who is thinking that… management over their is just assuming that their infrastructure is secure and putting the money in their bank accounts instead…

    sounds like corruption to me and not just the IT (in)security