The U.S. Government Accountability Office may want to add another suspect to the FBI's "Most Wanted" list: Someone who can clean up the federal law enforcement agency's "inadequate" critical network.
That was, more or less, the message in GAO's recently released report
outlining myriad shortcomings in the FBI's network.
Included among them are misconfigured network devices that may permit insider access and problems with encrypting, authorizing users, logging events and patching vulnerabilities. Basically everything that comprises a security policy.
Woof. Sounds like a big old mess in the house that J. Edgar Hoover built.
Of course, given the federal government's miserable resume when it comes to information security, this is not at all surprising.
The FBI agreed with many of the technical recommendations, it said in a response letter, but contended it has not "placed sensitive information at an unacceptable risk for unauthorized disclosure, modification or insider threat exploitation." Then, the letter went on to explain all the strides the agency has made to protect data.
So, instead of taking constructive criticism, the FBI decided to rattle off a million and one reasons why the report was wrong.
Maybe the FBI has been making advancements and, yeah, we haven't read about any FBI data meltdowns. But when the federal government is getting hit every other day, there comes a point when you have to bow your head, swallow your pride and work on making changes - not relying on past accomplishments.