Those recently foiled terrorist attacks aimed at Fort Dix and JFK Airport underscore the critical importance of monitoring homegrown “sleeper cells” within the United States. But they’re not the only internal threats to America’s homeland security. Judging by the headlines, it appears the federal government is itself a security problem.
In response to criticism that it failed to “connect the dots” prior to the Sept. 11 attacks, the FBI unveiled a massive database last summer that contains information culled from its own files and those of other federal agencies, including the Treasury and Homeland Security departments. The bureau’s 12,000 agents can now scan hundreds of millions of records stored in the Investigative Data Warehouse and get linked, cross-matched information within minutes. That’s a major improvement over the archaic system in place before Sept. 11, 2001.
Recommended Stories
However, a review of the FBI’s internal network conducted by the Government Accountability Office found that, much like the nation it protects, the bureau itself remains “vulnerable to insider threats.” Specifically, the GAO said there were insufficient controls to prevent the same kind of “unauthorized insider access” that allowed former FBI agent Robert Hanssen to sell secrets to the Soviets undetected for years. Thus, the possible disclosure, modification or even destruction of sensitive national security or law enforcement data clearly remains a serious problem today.
And it’s not just the FBI. Federal agencies across the board have failed to keep up with cyber threats from within their own ranks. “We have designated information security as a government-wide high-risk area since 1997 — a designation that remains today,” the April GAO report concluded. In fact, the Office of Management and Budget has determined that the greatest harm to sensitive government computer systems does not come from outside hackers, but from authorized individuals who trigger little or no suspicion as they engage in illegal or improper activities right under their superiors’ noses.
Then there’s the little problem of the missing computers. A Department of Energy audit couldn’t locate 20 desktop computers — 14 of which were used to process classified information about nuclear weapons — in addition to the 1,427 laptops the department lost during the past six years. Hundreds of other laptops containing census data and veterans’ medical information have also gone missing, not to mention the 160 laptops that were either lost or stolen from the FBI in less than four years. Pray that none of the latter had suspected al Qaeda cells or Witness Protection Program data on them.
Agency managers have to acknowledge the possibility that their own employees may be capable of undermining or sabotaging the organization’s mission. Officials also must be sure they can detect and prevent such internal threats. This iseasier said than done, particularly in a law enforcement agency like the FBI that tends to retreat into a bunker mentality whenever it’s criticized by outsiders. Congress must insist that GAO’s recommendations to beef up internal security are implemented immediately. No excuses.
Eternal vigilance — including of and within our own government — is still the price we pay to preserve our free and open society.
