Tuesday, October 2, 2007

FBI at risk for internal espionage

In an MS NBC article:

the FBI remains vulnerable to espionage from within, the parent Justice Department said in a report Monday.
Source: http://www.msnbc.msn.com/id/21085241/

My first reaction to this headline was "well, duh!" Most people who work in information security repeat the adagio "protect against insider threats" at least once a day.


After some more reading, the article turned out not to be quite as shallow as I initially thought:

However, the internal investigation found that the FBI had yet to put
in place internal monitoring procedures other recommendations by the [Inspector General]
-- such as creating a central repository to collect and analyze bizarre
or otherwise derogatory information -- concerning FBI employees.
It seems that the root cause of the FBI's problem is twofold: a lack of comprehensiveness in understanding their own infrastructure, and, as a result, lack of structured approach to log collection and analysis. I am sure that Anton Chuvakin will also comment on this.

Anybody who works in crisis management, whether it is a cop on the street who responds to an emergency call, a military commander who is trapped in an ambush, or a computer incident responder; they all need to have timely, reliable and (as complete as possible) information about the situation at hand. A properly designed and well-implemented data collection system will bring that to an organization. One of the main sources of computer security data is log information. When that log information is not treated appropriately and with due care, it is useless when it is really needed: in the middle of determining the impact of an incident, while containing and mitigating the effects of an incident, or as a post-mortem forensics analysis. Reliable log information is of crucial importance. Knowing the environment that generates the log information makes it even more useful.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.