FRAMINGHAM (10/17/2003) - Despite improvements that have been made since the Sept. 11 terrorist attacks, core parts of the U.S. Federal Bureau of Investigation's (FBI's) IT infrastructure remain vulnerable to security problems, making it harder for the agency to help protect the nation.
That's one of the main findings of an audit of the FBI's IT systems that was released this week by the U.S. Department of Justice's inspector general. The 178-page report said that some of the 11 "major internal control weaknesses" found in a 1990 audit are still applicable now.
"We do believe strongly that the FBI needs to move into the 21st century, or even the 20th century, in order to equip (its) agents with the tools they need to do their jobs better," said Paul Martin, a deputy in the inspector general's office. "They're making strides, but they have further to go."
Progress has been made in improving the security of investigative and administrative systems that run on mainframes at FBI headquarters and a data center in West Virginia, the audit found. But security gaps remain, the report said. "These repeated deficiencies indicate that, in the past, FBI management had not paid sufficient attention to improving its IT program," it added.
The report cited concerns about the agency's IT security policies, procedures and standards; its data backup and restoration controls; its password and log-on management approaches; and its system auditing and patching capabilities. The various shortcomings were labeled as "high-to-moderate risk" security flaws.
The inspector general recommended that the FBI take several steps to make additional improvements, including the development of specific procedures for implementing actions that were called for in earlier audits. The report also said the agency should ensure that its new Automated Response and Compliance System database, which is used to track IT improvements and provide real-time status information to FBI officials, is kept up to date.
FBI spokesman Paul Bresson said the agency agrees with many of the recommendations in the report. "Many of them, we're already working on," he said. "There are still deficiencies, but we have made significant progress over the years in upgrading our IT."
In addition to the security issues, the inspector general took the FBI to task for having systems that are difficult to use. For example, the report described the agency's investigative systems as "labor-intensive, complex, untimely and non-user friendly."
For the past three years, the FBI has been working on an IT modernization project called Trilogy that involves installing a new network and upgrading desktop systems and end-user applications. The project is due for completion by May, FBI officials said.