The FBI must bolster its information sharing and cybersecurity expertise to effectively investigate and combat the most serious cyber intrusions, according to a new audit.
Although it had success in countering the most serious cyberattacks that threaten national security, the agency must bolster information sharing and education to effectively investigate intrusions, according to a US Government audit released Wednesday.
The review from the US Department of Justice inspector general assessed the FBI's ability to investigate and counter national security-related cyber intrusions, such as those carried out by foreign adversaries for intelligence or terrorist purposes.
Assessors interviewed 36 agents at 10 FBI field offices and found that 36 percent lacked the networking and counterintelligence expertise to investigate such cases.
Part of the problem is an FBI policy in which agents are rotated among different departments to promote a variety of work experience, the audit found. Specifically, the strategy has reduced the number of qualified cyber agents to assist with such investigations.
Also, the forensic and analytical capabilities within field offices are “inadequate” to support investigations of cyber-incidents, thereby hindering national security, assessors found.
“Some field agents believed this affected the FBI's ability to determine those responsible for intrusions,” the report states.
On the positive side, the FBI has identified tactics being used to attack US computer networks and established investigative management teams to address specific threats and identify those hackers responsible. In addition, the agency has increased day-to-day collaboration with intelligence community and law enforcement partners.
The FBI combats cybersecurity threats through its investigative squads in each field office and the National Cyber Investigative Joint Task Force, a multiagency task force it led.
Although the taskforce was intended to promote interagency information sharing about cyber threats, this is not happening enough, the study found.
“We were told that some agencies are often asked to leave threat focus meetings when certain information is being shared,” the audit states.
While the FBI has no authority to require member agencies to share threat data, it has developed a framework for doing so and has asked each participating agency to sign an agreement stating they will comply. Twelve of the 18 participating agencies have signed the agreement, with the exclusions being the DoJ, three U.S. Army agencies, the Defense Intelligence Agency, and the Defense Criminal Investigative Service.
Inspector general auditors recommended the FBI work with its taskforce partners to write policies to share information and gain the support of agencies that have not agreed to the framework.
Auditors suggested the FBI evaluate the effectiveness of its cyber investigation training courses for agents and reconsider its rotation policy. In addition, the FBI should consider developing regional hubs with agents who are experts in investigating national security cyber incidents.
An FBI spokesman said that the audit provided only a “snapshot” of the bureau based on auditor's interviews with a small subset of field offices and agents.
But in a written response to the audit, TJ Harrington, associate deputy director of the FBI, said the agency agreed with the recommendations.