A Review of FBI Security Programs

More documents

Recommendations

Info

Ames revealed more than one hundred covert operations and betrayed more than thirty operatives spying for Western intelligence services. • Ronald Pelton, a former intelligence analyst at the National Security Agency, was found guilty of having given Soviet agents an incredibly detailed account of U.S. electronic espionage capabilities, which, in the words of the sentencing judge, cost our country “inestimable damage.” • Jonathan Pollard, a military intelligence analyst, was arrested for passing to Israeli agents more than 800 classified documents and more than 1000 cables. The Secretary of Defense declared that he could not “conceive of a greater harm to national security” than Pollard’s betrayal. • John Walker, a retired naval officer, operated a spy ring that included his son and brother. Using cryptomaterial Walker supplied, Soviet agents were able to receive and decode over one million communications, leading, in the assessment of the Secretary of Defense, to “dramatic Soviet gains in all areas of naval warfare.” Thus, although our report is highly critical of fundamental practices and policies governing sensitive information within the Bureau, it would be a mistake to single out that entity for criticism. The FBI has not been alone in finding itself betrayed by trusted employees willing to imperil their country for money or some other venal or twisted political consideration. Furthermore, at least some of the critical deficiencies we found in Bureau policies have been replicated in other federal agencies. For instance, we observed critical deficiencies in the process by which the Bureau conducts background checks for security clearances, a finding sadly mirrored in a 1999 GAO study concluding that ninety-two percent of Department of Defense security investigations in the period studied were deficient. 8 8 See note 6. More recently, the GAO criticized the Department of Energy’s access controls and “need-to-know” policies in the wake of allegations that China had surreptitiously obtained U.S. nuclear warhead designs. NUCLEAR SECURITY: DOE Needs To Improve Control Over Classified Information, U.S. General Accounting Office (Aug. 2001). We will present disturbingly similar criticisms of FBI policies. Several damage assessments conducted in -19-
Furthermore, in spite of Hanssen’s purported proficiency with electronic storage systems, the methods he used to betray his country have been practiced by others with little technical knowledge. For instance, over seven years ago, the CIA Inspector General concluded that Aldrich Ames’ access to computer “terminals that had floppy disk capabilities represented a serious system vulnerability”: No specific precautions were taken by Agency officials to minimize Ames’ computer access to information within the scope of his official duties. In fact, there is one instance where Ames was granted expanded computer access despite expressions of concern . . . by management . . . about his trustworthiness. Ames . . . was surprised when he signed on [the computer] and found that he had access to information about double agent cases. This allowed him to compromise a significant amount of sensitive data . . . to which he did not have an established need-to-know. 9 National security would have been better served if deficiencies found in one agency had led other agencies to review their own practices. Unfortunately, security reform usually occurs in an agency only after it has been severely compromised. For instance, after allegations surfaced that China had obtained nuclear warhead designs from an employee of the Los Alamos National Laboratory, the Department of Energy’s programs for protecting classified information were thoroughly reviewed and found severely wanting. Again, these findings are sadly similar to the deficiencies we found in the FBI’s security programs. Had the Bureau taken advantage of the review of DOE procedures, had DOE taken advantage of reforms at the Central Intelligence Agency in light of Ames’ defection, had the CIA taken advantage of reforms at the Department of State after a security compromise there, the entire Intelligence Community would have benefitted. the wake of recent foreign espionage penetrations also recommend changes in security programs that parallel changes we suggest in our report. 9 Abstract Of Report Of Investigation, The Aldrich H. Ames Case: An Assessment of CIA’s Role In Identifying Ames As An Intelligence Penetration Of The Agency, Findings 59 & 61 (Oct. 21, 1994). -20-
Page 1 and 2: U.S. Department of Justice A Review
Page 3 and 4: Commission for the Review of FBI Se
Page 5 and 6: Contents Executive Summary ........
Page 7 and 8: The Commission for the Review of FB
Page 9 and 10: in FBI security programs that will
Page 11 and 12: Unlike other Intelligence Community
Page 13 and 14: INTRODUCTION I could have been a de
Page 15 and 16: un by an officer in the Soviet mili
Page 17 and 18: establishment, U.S. penetration of
Page 19 and 20: operatives he had exposed as double
Page 21 and 22: Hanssen was indicted on twenty-one
Page 23 and 24: een transferred to FBI Headquarters
Page 25: Gardens. The rebellious colonies di
Page 29 and 30: others.” In calling for the estab
Page 31 and 32: have discovered in FBI security pro
Page 33 and 34: The following is a compressed compi
Page 35 and 36: I. Security Investigations And Adju
Page 37 and 38: DOCUMENT SECURITY I. Classified Na
Page 39 and 40: of Central Intelligence Directives
Page 41 and 42: II. The Office of Security Should D
Page 43 and 44: INFORMATION SYSTEMS SECURITY (INFOS
Page 45 and 46: Robert Hanssen’s espionage demons
Page 47 and 48: een filled, the persons assigned of
Page 49 and 50: with the preliminary damage assessm
Page 51 and 52: FBI was investigating him. 13 While
Page 53 and 54: focus. 14 As a result of inadequate
Page 55 and 56: in unrestricted administrative case
Page 57 and 58: On October 3, 2001, an Electronic C
Page 59 and 60: senior FBI officials responsible fo
Page 61 and 62: percent of the amount sought. 16 Th
Page 63 and 64: information security policies that
Page 65 and 66: PERSONNEL SECURITY I think that [my
Page 67 and 68: The Commission conducted a detailed
Page 69 and 70: The PSU is also responsible for adm
Page 71 and 72: Unit for new applicants, the Person
Page 73 and 74: various elements is spread througho
Page 75 and 76: addressed. These interviews are ess
Page 77 and 78:
identified, these individuals can b
Page 79 and 80:
overextended and potentially at ris
Page 81 and 82:
The FBI’s polygraph program was i
Page 83 and 84:
awareness programs relating to poly
Page 85 and 86:
DOCUMENT SECURITY Security was lax
Page 87 and 88:
Much of Robert Hanssen’s espionag
Page 89 and 90:
Room. In the same year, the FBI Mai
Page 91 and 92:
Given the ubiquity of ACS, Headquar
Page 93 and 94:
(SCI). Before being given access to
Page 95 and 96:
eceived in the wake of recent terro
Page 97 and 98:
under minimum security controls. Th
Page 99 and 100:
carriers receive timely security cl
Page 101 and 102:
with the true scope of improper act
Page 103 and 104:
SECURITY STRUCTURE . . . [I]f I had
Page 105 and 106:
In general, we found serious weakne
Page 107 and 108:
executive will ensure constant focu
Page 109 and 110:
technical security countermeasures.
Page 111 and 112:
Eighty-five percent of those office
Page 113 and 114:
months training in investigations,
Page 115 and 116:
accounts cancelled. A six-hour secu
Page 117 and 118:
Unfortunately, reporting to securit
Page 119 and 120:
security violations should be subje
Page 121 and 122:
and training. -106-
Page 123 and 124:
Robert Hanssen’s treachery is hei
Page 125 and 126:
Glossary of Acronyms Acronym ACS AD
Page 127 and 128:
Acronym GSR HERU HIT HCS HQ HUMINT
Page 129 and 130:
Acronym OPM OPR OPSEC ORCON OSI OST
Page 131 and 132:
COMMISSION CHARTER
Page 133 and 134:
time equivalent government personne
Page 135 and 136:
WILLIAM H. WEBSTER, the Commission
show all

A Review of FBI Security Programs

Create successful ePaper yourself

Delete template?

Save as template?