DOJ: FBI Unprepared to Combat Cyber Security Threats

Thursday, April 28, 2011



The Department of Justice has released findings from an audit which concludes that the Federal Bureau of Investigation is not adequately prepared to investigate and combat threats to national security posed by cyber intrusions.

The objectives of the audit focused mainly on counterterrorism and counterintelligence investigations, the FBI's highest cyber priorities.

Specifically, the audit examined:

  • FBI efforts in developing and operating the National Cyber Investigative Task Force (NCIJTF) to address the national security cyber threat;
  • Assessing FBI field offices' capabilities to investigate national cyber security cases.

Auditors conducted research at ten of the Bureau's fifty-six field offices, interviewing special agents responsible for managing cyber investigation units as well as thirty-six agents who carry out the investigations.

Only two-thirds of the agents interviewed indicated that they believe they had the prerequisite experience and training to undertake the critical investigations.

The audit found that one-third of the agents "lacked the networking and counterintelligence expertise to investigate these types of cases," and several agents interviewed "did not think they were able or qualified to investigate national security intrusions effectively".

The report concludes that the forensic and analytic training necessary for successfully investigating cybersecurity events that have national security implications was in need of improvement at the field offices examined.

"One agent who had recently been assigned his first counterterrorism intrusion case said that he did not know how to investigate a national security intrusion case. He was concerned about is ability to perform the investigation, especially because he viewed it as a significant case," the report stated.

Another problem noted in the audit was the lack of adequate information sharing between agencies comprising the NCIJTF.

"For example, the NCIJTF was not always sharing information about cyber threats among the partner agencies participating in the NCIJTF... Much of the information sharing at the NCIJTF occurred during threat focus cell meetings, where member agencies share new information that their agencies have gathered about a specific type of cyber threat. However, some agencies were often asked to leave threat focus cell meetings," the report states.

The lack of cooperation may be attributed to long-standing "turf wars" between rival agencies, a problem the NCIJTF was meant to bridge.

"The NCIJTF was intended to promote interagency access to and sharing of information about cyber threats. However, we found that task force members first attempted to determine the relevancy and importance of its information to another agency's operations before sharing that information with another agency," the report concludes.


Possibly Related Articles:
FBI Cyber Security Headlines DOJ National Security Cyberterrorism NCIJTF
Post Rating I Like this!
rebekah donaldson Ug. ::shaking head sadly:: That is NOT terribly good news. I know it's not that surprising. But the extent of the UNpreparedness (is that a word?) is breathtaking.
shawn merdinger I question somewhat the methodology and scope of this survey. Further, this likely fails to take into account the private sector resources brought to bear in cyber-investigations.
shawn merdinger A refreshingly candid post from a real agent about this survey posted to the scadasec mailing list. Key highlight? over 700 agents assigned to cybercrimes.

GAO could've done alot better on this survey. Seems there's more a backstory to this...
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.