Risk
7/26/2011
02:06 PM
Connect Directly
RSS
E-Mail
50%
50%

FBI Data Exchange System Now Fully Operational

The National Data Exchange system lets the agency share information with 18,000 local and regional criminal justice organizations.

Government Innovators
Slideshow: Government Innovators
(clickimage for larger view and for full slideshow)
A new system that allows the FBI to automatically share information with local, state, regional, and other law-enforcement and criminal justice partners is now fully operational.

Raytheon said it completed work on the last phase of the National Data Exchange (N-DEx) system, which allows the FBI to pass on information about criminal justice cases automatically to 200,000 investigators in more than 18,000 federal, local, state, and tribal agencies. The system also performs analysis to identify crime trends and patterns to aid in crime-prevention tactics, according to the FBI.

The completion of N-DEx is slightly behind schedule, as original plans called for it to be completed last year, according to the FBI website. Nonetheless, authorized FBI partners now can use the system to make nationwide searches for information such as incident reports and criminal incarceration records; receive notifications of similar investigations and suspects to ones they are querying; and identify hotspots for criminal activity, among other capabilities.

The system uses standards-based technology and Web services to connect multiple disparate systems and users to rapidly search and visualize FBI data about incidents and cases, the company said. The FBI awarded Raytheon the contract to build the system in 2007.

In the last phase of development, Raytheon added a set of Web services that allow users, among other things, to receive information alerts about persons of interests when new records are entered into the system.

The FBI's Criminal Justice Information Services Division (CJIS)--which also manages another key information-sharing FBI database, the National Crime Information Center (NCIC) system--is managing N-DEx. Once the system is available to all the users that are authorized to access it, the agency expects it to handle about 6 million queries a day, which is on par with the NCIC system.

FBI has been stepping up improvements to how it shares information and data with various law-enforcement organizations that need swift access to it, a task that historically has been difficult and arduous. Earlier this year it deployed a new biometric ID system aimed at creating a more effective and accurate process for identifying fingerprints and other forms of biometric information and sharing it with appropriate organizations.

Developed by Lockheed Martin, the multimillion-dollar Next Generation Identification System (NGIS) allows the FBI exchange fingerprints with more than 18,000 law-enforcement agencies and other authorized criminal-justice partners. It also provides automated fingerprint and latent search capabilities, as well as electronic image storage.

What industry can teach government about IT innovation and efficiency. Also in the new, all-digital issue of InformationWeek Government: Federal agencies have to shift from annual IT security assessments to continuous monitoring of their risks. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.