Many of the Federal Bureau of Investigation's field agents assigned to an elite cyber investigative unit lack the skills needed to investigate cases of cyberespionage and other computerized attacks on the US, the Justice Department inspector general reported Wednesday.
That's a problem because the US is under constant and increasing cyberattack with 5,499 known intrusions into US government computer systems in 2008 alone – a 40 percent jump from 2007, the inspector general's office found.
Investigating these kinds of cyberespionage attacks falls largely on the FBI as the lead agency for the National Cyber Investigative Joint Task force, which also includes representatives from 18 different intelligence agencies and is assigned to investigate the most difficult national security intrusions – those by a foreign power for intelligence gathering or terrorist purposes.
But in interviews with 36 field agents in 10 of the FBI's 56 field offices nationwide, 13 agents, or more than a third, “reported that they lacked the networking and counterintelligence expertise to investigate national security [computer] intrusion cases.” Five of the agents told investigators “they did not think they were able or qualified” to investigate such cases, the report said. The inspector general report does not indicate whether the 36 field agents who were interviewed are a representative sampling of the FBI’s cyber unit.
Still, having enough highly qualified digital experts defending US government and other computer systems is neither an unknown problem nor one exclusive to the FBI.
More experts are needed
“While billions of dollars are being spent on new technologies to secure the US government in cyberspace, it is the people with the right knowledge, skills, and abilities to implement those technologies who will determine success,” the cyber education section of President Obama's Comprehensive National Cybersecurity Initiative found last year. “However there are not enough cybersecurity experts within the federal government or private sector” to secure the government.
Existing training and education programs, it said, are “limited in focus and lack unity of effort.” To ensure an adequate pipeline of skilled people “it will take a national strategy, similar to the effort to upgrade science and mathematics education in the 1950s, to meet this challenge.”
Other cybersecurity experts have cited the same problem.
“There are about 1,000 security people in the US who have the specialized security skills to operate at world-class levels in cyberspace – we need 10,000 to 30,000,” Jim Gosler, founding director of the CIA's Clandestine Information Technology Office, was quoted as saying in a report last year by the Center for Strategic and International Studies in Washington.
Agent rotation is criticized
Among the issues that impeded developing strong expertise and solving cyber investigations was the practice of rotating field agents to a new field office every three years, the inspector general said. After rotating to a new office, an agent with cyber investigation experience often is not assigned to a cyber unit “leaving their cyber background underutilized.”
“When a foreign country uses computer networks to attack a cleared-defense contractor in Memphis, it uses the same technology and techniques” as an attack on a defense contractor in New York, the inspector general's report said.
The FBI cybersquads were also not as effective as they could be because the squads did not always have intelligence analysts embedded in their units to provide a strategic perspective and overall threat analysis, the inspector general found. The FBI also “needs to make also failed to share information better with other agencies in the joint task force,” the report said.
In its written response to the critical report, FBI associated deputy director T.J. Harrington concurred with 10 recommendations in the report and noted that the bureau had met 20 of 22 mandates outlined in the president's Comprehensive National Cybersecurity Initiative. The bureau also outlined a number of other steps it is taking to cultivate cyber expertise said it is also considering “developing regional hubs with agents expert in investigating national security intrusions.”