Documents/FBI/12: Security/T A.2: Compromise of Communications and Information

T A.2: Compromise of Communications and Information

Protect the FBI from compromise of its communications and information.

Other Information:

The proliferation of information technology in recent years has resulted in dramatic changes in the threat environment. The explosion in electronic data handling has profoundly altered the manner in which most modern organizations, including the FBI, manage information. While modern technology allows the storage, movement, and retrieval of vast amounts of data to the benefit of investigators and analysts, it also allows, absent highly sophisticated security precautions, the lightning-fast theft of vast amounts of information, or the crippling of response capabilities in a time of crisis. Experience has shown that the cyber threat is typically a human problem, not a technical problem. Even though it is true that information systems and networks offer attractive targets, it is invariably the human element in those systems that make them exploitable. Information systems and networks have human involvement during the complete system life-cycle. They are vulnerable during construction, shipment, installation, operation, maintenance, and disposal. Advanced technology solutions alone will not solve the problem. The approach must be multidisciplinary and must cover the complete life-cycle of information systems, data, and human intervention. To meet these threats, the FBI developed and implemented a Certification and Accreditation process that has been incorporated into the organization’s information technology investment and development life-cycle, including all legacy systems. However, additional measures are needed to further protect the FBI from the compromise of its information technology systems. Priority Actions: Bring the Enterprise Security Operations Center to full operating capacity in order to detect and prevent FBI network intrusions. Establish an Information System Security Manager (ISSM) Program, with ISSMs assigned to all operational and major support divisions.

Indicator(s):

Indicator:1
Content