FBI systems still need work, IG says

Department of Justice Inspector General report

The FBI's technology systems still suffer from weak security planning and management and inefficient access controls, according to a Justice Department Inspector General report released Oct. 14.

The bureau has been the subject of numerous information technology audits listing hundreds of recommendations over the years, and it needs a process to ensure those studies are followed up, the report says.

"For years, reviews have found major weaknesses associated with the FBI's IT," Inspector General Glenn Fine said in the report. "The FBI has made upgrading its [IT] one of its top 10 priorities."

Since September 2002, the FBI has been developing ways to document the audits and follow-up procedures, the report said. The FBI's Inspection Division developed a database — the Automated Response and Compliance System — to document and track data requests from auditors and provide the status of improvements.

FBI officials should develop procedures to follow up audit recommendations, and ensure the compliance system is complete, Fine said. The bureau should show that managers are held accountable for making changes by quickly closing auditors' recommendations, the report states.

The office interviewed personnel with the FBI, inspector general and General Accounting Office and reviewed more than 100 documents on the process for tracking the resolution of the recommendations, the report states.

Although the FBI has implemented many recommendations from inspector general reports since 1990, recent reviews found "repeated deficiencies" in compliance with information security requirements, the report states. As of April, the FBI had weaknesses in protecting sensitive information and guarding against fraudulent financial transactions or unauthorized software changes.

The inspector general also found the FBI fixed about one-fourth of the deficiencies cited in a fiscal 2001 audit on compliance with the Government Information Security Reform Act of 2000. However, the bureau still has problems with security policies, network backup and restoration controls, password management, log-on management, and system patches, Fine wrote.

The report also identifies two factors that could affect the success of the FBI's Virtual Case File system, the automated case support system to be completed in December as part of the bureau's Trilogy modernization project. The technical requirements have not been defined for the system's second and third releases, which could pose a problem, the report said.

"We believe the lack of technical, cost and schedule baselines not only creates uncertainties for how much the [system] will cost and when it will be completed, but also how it will perform upon implementation," Fine wrote.

Meeting the technical requirements and ensuring the system's acceptance by agents are necessary for its success, the report states.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.