The FBI is apparently not great at keeping its own memory systems secure
It has promised to do better, though
The FBI has “significant weaknesses” in how it handles storage devices for digital media, as well as how it disposes of the media containing sensitive or classified information, a new report has claimed.
Findings from the Department of Justice’s Office of the Inspector General (OIG) say the FBI does not have adequate policies and procedures, or controls, to account for electronic storage media extracted from larger devices and thumb drives.
Furthermore, it does not label its electronic storage media with the appropriate NSI classification, or SBU levels.
New FBI directive
The law enforcement agency did not dispute the findings, and has instead promised to do better.
“Our audit found that the FBI is not properly securing classified NSI or SBU information and is neither marking all electronic storage media as required, nor accounting for this media consistent with FBI internal policies and Department of Justice (DOJ) guidance,” the report states. “The lack of accountability of this electronic storage media is compounded by inadequate internal physical access and security controls at the Facility, potentially placing these media at risk of loss or theft without the possibility of detection.”
Ultimately, the FBI needs to improve the internal physical access and security controls in relevant areas at the facility, the document claims.
In the audit, the OIG suggested the FBI revises its procedures to make sure all electronic storage media containing sensitive or classified information are appropriately accounted for, tracked, timely sanitized, and destroyed, to implement controls to make sure electronic storage media are properly marked with the right NSI classification level markings, and to overall strengthen its control and practice.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The FBI acknowledged the findings, BleepingComputer added, and said it was currently building a new directive, called “Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive,” which should address these issues.
Via BleepingComputer
More from TechRadar Pro
- FBI is probing alleged hack on US presidential campaigns
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.