FBI at risk for internal espionage
In an MS NBC article:
My first reaction to this headline was "well, duh!" Most people who work in information security repeat the adagio "protect against insider threats" at least once a day.
After some more reading, the article turned out not to be quite as shallow as I initially thought:
Anybody who works in crisis management, whether it is a cop on the street who responds to an emergency call, a military commander who is trapped in an ambush, or a computer incident responder; they all need to have timely, reliable and (as complete as possible) information about the situation at hand. A properly designed and well-implemented data collection system will bring that to an organization. One of the main sources of computer security data is log information. When that log information is not treated appropriately and with due care, it is useless when it is really needed: in the middle of determining the impact of an incident, while containing and mitigating the effects of an incident, or as a post-mortem forensics analysis. Reliable log information is of crucial importance. Knowing the environment that generates the log information makes it even more useful.
the FBI remains vulnerable to espionage from within, the parent Justice Department said in a report Monday.Source: http://www.msnbc.msn.com/id/21085241/
My first reaction to this headline was "well, duh!" Most people who work in information security repeat the adagio "protect against insider threats" at least once a day.
After some more reading, the article turned out not to be quite as shallow as I initially thought:
However, the internal investigation found that the FBI had yet to putIt seems that the root cause of the FBI's problem is twofold: a lack of comprehensiveness in understanding their own infrastructure, and, as a result, lack of structured approach to log collection and analysis. I am sure that Anton Chuvakin will also comment on this.
in place internal monitoring procedures other recommendations by the [Inspector General]
-- such as creating a central repository to collect and analyze bizarre
or otherwise derogatory information -- concerning FBI employees.
Anybody who works in crisis management, whether it is a cop on the street who responds to an emergency call, a military commander who is trapped in an ambush, or a computer incident responder; they all need to have timely, reliable and (as complete as possible) information about the situation at hand. A properly designed and well-implemented data collection system will bring that to an organization. One of the main sources of computer security data is log information. When that log information is not treated appropriately and with due care, it is useless when it is really needed: in the middle of determining the impact of an incident, while containing and mitigating the effects of an incident, or as a post-mortem forensics analysis. Reliable log information is of crucial importance. Knowing the environment that generates the log information makes it even more useful.