While the FBI has had some success in countering the most serious cyberattacks that threaten national security, the agency must bolster information sharing and education to effectively investigate intrusions, according to a government audit released Wednesday.
The review from the U.S. Department of Justice (DoJ) inspector general assessed the FBI’s ability to investigate and counter national security-related cyber intrusions, such as those carried out by foreign adversaries for intelligence or terrorist purposes.
Assessors interviewed 36 agents at 10 FBI field offices and found that 36 percent lacked the networking and counterintelligence expertise to investigate such cases.
Part of the problem is an FBI policy in which agents are rotated among different departments to promote a variety of work experience, the audit found. Specifically, the strategy has reduced the number of qualified cyber agents to assist with such investigations.
Also, the forensic and analytical capabilities within field offices are “inadequate” to support investigations of cyberincidents, thereby hindering national security, according to the audit.
“Some field agents believed this affected the FBI’s ability to determine those responsible for intrusions,” the report states.
On the positive side, the FBI has identified tactics being used to attack U.S. computer networks and established investigative management teams to address specific threats and identify those hackers responsible. In addition, the agency has increased day-to-day collaboration with intelligence community and law enforcement partners.
The FBI combats cybersecurity threats through two components: its cyber investigative squads, located in each field office, and the National Cyber Investigative Joint Task Force (NCIJTF), an FBI-led multiagency task force.
But while the NCIJTF is intended to promote interagency information sharing about cyber threats, this is not happening enough, the study found.
“We were told that some agencies are often asked to leave threat focus meetings when certain information is being shared,” the audit states.
While the FBI has no authority to require member agencies to share threat data, it has developed a framework for doing so and has asked each participating agency to sign an agreement stating they will comply. Twelve of the 18 participating agencies have signed the agreement, with the exclusions being the DoJ, three U.S. Army agencies, the Defense Intelligence Agency, and the Defense Criminal Investigative Service.
Inspector general auditors recommended the FBI work with NCIJTF partners to establish a set of agreed policies and procedures for sharing information, and gain the support of agencies which have not already agreed to the current framework.
Auditors also suggested the FBI evaluate the effectiveness of its cyber investigation training courses for agents and reconsider its rotation policy. In addition, the FBI should consider developing regional hubs with agents who are experts in investigating national security cyber incidents.
An FBI spokeswoman told SCMagazineUS.com on Thursday that the audit provides only a “snapshot” view of the bureau, based on auditor’s interviews with a small subset of field offices and agents.
However, in a written response to the audit, T.J. Harrington, associate deputy director of the FBI, said the agency concurs with all of the recommendations.