Zalmai Azmi on the agency's tech modernisation plans
By Anne Broache
Published: 17 July 2006 11:05 GMT
What made the FBI decide on Lockheed Martin as the primary contractor in March? Will there be other companies working on Sentinel as well?
Azmi: The contract was completed under the National Institutes of Health's [procedure]. There were a number of vendors that actually bid on this, and Lockheed was the one that was selected based on their proposal and their strategy for developing this program. Lockheed has a number of [subcontractors] under it. About 10 primary subs are working with Lockheed to support Lockheed in this endeavor. [Some of them are Accenture, Computer Sciences Corp., and CACI.]
The Washington Post recently reported that a former contractor broke into secret FBI systems without proper authorisation. The contractor that broke in, working from a field office in Virginia, apparently took advantage of an antiquated security mechanism (/etc/passwd files in cleartext) that the private sector abandoned a decade ago. Why was the FBI so behind? Do you plan changes in security with Sentinel?
Azmi: It's two different issues - first of all, let me clarify that the individual who had access to our networks was a privilege that was granted to him because he was part of our system administrative staff when he was deploying Trilogy. So he already had access to the system, took advantage of those privileges, so that's how he was caught.
Sentinel is actually an application that has its own security mechanism, which is different and actually does not even relate to the case in Springfield at all, because we manage passwords and security in Sentinel much different than what happened in Springfield. Springfield was [about] access to the network, and Sentinel is access to an application, two different things.
Statements were made that this guy cracked the passwords and that's how he gained access to the network. That's not true. He had the privilege already to the network, and he abused that privilege and that's how he was caught.
We knew of the vulnerability, and we also are protecting our password files, but the fact that this guy had the administrative rights to our system, that's what made it vulnerable, and that's why we call it insider threats. It's very difficult to defend against that. It's almost like you shouldn't give anybody administrative rights, but who's going to manage the system? So there's a balance you always have to reach.
Previous
Page 2 of 2
The Software Localisation engineer must have attention to detail and the ability to create and adapt.The Localisation Engineer performs general ...
Please contact Martin Olima at molima@jclbs.co.uk Services offered by JCL Burns Sheehan Limited are those of an employment business and/or employment ...
My client in the Czech Republic has a DB2 Database Administrator Mainframe. These services include providing support of the Operating System ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath
Let's shine a light into the public sector IT money pit
With £16bn being spent, why is productivity still falling?
Tim Ferguson
BBC is taking tech seriously, so give it a break!
Auntie is the envy of the world but doesn't get the credit it deserves at home...
Peter Cochrane
Peter Cochrane's Blog: Open info for all?
Government stonewalling citizens
Nick Heath
Home Office CIO on taming tech and why ID cards are good news
Interview: Annette Vernon, Home Office CIO
Nick Heath
NHS records, Google and Microsoft: Where do you want your data?
Politicians: Heal thyself
Alan Hunt
NHS network: Time to get secure
Patient data in need of a check up