FBI information systems still at 'substantial risk,' officials say

The FBI runs major risks of having its information systems infiltrated despite the agency's recent overhaul efforts, top FBI officials said Tuesday.

After the capture of Robert Hanssen, who worked at the FBI for more than 20 years while spying for the Soviet Union, the FBI has taken steps to bolster its security and revamp its information management practices. But Kenneth Senser, the FBI's assistant director for security, told members of the Senate Judiciary Committee that the agency, along with other U.S. intelligence departments, still suffers from the threat of security breaches.

"I think we are still at substantial risk relative to what we have to do," Senser said. "I do think this is a period of time that we will have to build expertise [to] ... bring the matter under control."

But he noted that the bureau has a greater chance today than a year ago of finding a potential spy.

Committee Chairman Patrick Leahy, D-Vt., said it is vital that the FBI take measures to properly secure sensitive data, especially national security information obtained through Foreign Intelligence Security Act (FISA) searches.

"I cannot underscore how much attention I want given to this," he said. In light of new surveillance powers granted to the FBI under anti-terrorism legislation, Leahy said the FBI must repair its handling of intelligence data and follow proper procedures.

Sen. Richard Durbin, D-Ill., expressed dismay over the weak state of information technology at the bureau revealed by the Commission for the Review of FBI Security Programs, also known as the Webster Commission. Former FBI Director Louis Freeh convened the commission to comprehensively review the securities lapses at the FBI and make recommendations.

Durbin chastised the Office of Management and Budget, which he said was trying to thwart new spending initiatives to bolster technology capabilities at the FBI.

Judge William Webster, the former director of the FBI and CIA who chaired the commission, cited the need to integrate security into the bureau's daily procedures. That requires better education and training of employees, as well as an improved information system, he said.

He noted that such precautions might have snared Hanssen earlier, and he applauded provisions of a bill, S. 1974, that would implement many of the Webster Commission's recommendations.

The FBI officials highlighted measures taken to bolster security, such as the creation of counter-intelligence and security divisions. The FBI also is improving worker training and making greater efforts to modernize its computer and data systems. Senser noted that the agency is readying its information systems to eventually support technologies such as a public key infrastructure.

Senser said the FBI has not conducted a "big picture" cost analysis of necessary funds to enhance its security. Congress has allocated more than $56 million to the bureau as part of the counter-terrorism supplemental package enacted shortly after the Sept. 11 terrorist attacks. The FBI requested $78 million for fiscal 2003 to bolster data management.

Sen. Mike DeWine, R-Ohio, said that although Congress would hear the FBI's concerns, the burden of boosting the historically underfunded FBI would fall to the agency.