Risk
7/26/2011
02:06 PM
50%
50%

FBI Data Exchange System Now Fully Operational

The National Data Exchange system lets the agency share information with 18,000 local and regional criminal justice organizations.

Government Innovators
Slideshow: Government Innovators
(clickimage for larger view and for full slideshow)
A new system that allows the FBI to automatically share information with local, state, regional, and other law-enforcement and criminal justice partners is now fully operational.

Raytheon said it completed work on the last phase of the National Data Exchange (N-DEx) system, which allows the FBI to pass on information about criminal justice cases automatically to 200,000 investigators in more than 18,000 federal, local, state, and tribal agencies. The system also performs analysis to identify crime trends and patterns to aid in crime-prevention tactics, according to the FBI.

The completion of N-DEx is slightly behind schedule, as original plans called for it to be completed last year, according to the FBI website. Nonetheless, authorized FBI partners now can use the system to make nationwide searches for information such as incident reports and criminal incarceration records; receive notifications of similar investigations and suspects to ones they are querying; and identify hotspots for criminal activity, among other capabilities.

The system uses standards-based technology and Web services to connect multiple disparate systems and users to rapidly search and visualize FBI data about incidents and cases, the company said. The FBI awarded Raytheon the contract to build the system in 2007.

In the last phase of development, Raytheon added a set of Web services that allow users, among other things, to receive information alerts about persons of interests when new records are entered into the system.

The FBI's Criminal Justice Information Services Division (CJIS)--which also manages another key information-sharing FBI database, the National Crime Information Center (NCIC) system--is managing N-DEx. Once the system is available to all the users that are authorized to access it, the agency expects it to handle about 6 million queries a day, which is on par with the NCIC system.

FBI has been stepping up improvements to how it shares information and data with various law-enforcement organizations that need swift access to it, a task that historically has been difficult and arduous. Earlier this year it deployed a new biometric ID system aimed at creating a more effective and accurate process for identifying fingerprints and other forms of biometric information and sharing it with appropriate organizations.

Developed by Lockheed Martin, the multimillion-dollar Next Generation Identification System (NGIS) allows the FBI exchange fingerprints with more than 18,000 law-enforcement agencies and other authorized criminal-justice partners. It also provides automated fingerprint and latent search capabilities, as well as electronic image storage.

What industry can teach government about IT innovation and efficiency. Also in the new, all-digital issue of InformationWeek Government: Federal agencies have to shift from annual IT security assessments to continuous monitoring of their risks. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.