In 2008, as part of the Comprehensive National Cybersecurity Initiative (CNCI), President George W. Bush tasked the FBI with investigating, disrupting and neutralizing computer attacks against domestic targets.
In a report released last week, the Office of the Inspector General for the U.S. Department of Justice found that the investigative and response capabilities of the multi-agency organization led by the FBI and tasked with national security intrusion investigations still fails to meet its goals. More than a third of the agents interviewed by the OIG said that they lacked the expertise or the network of contacts to investigate national security intrusion cases.
"We also found that the forensic and analytical capability in the field offices was inadequate to support national security intrusion investigations," the report stated.
The audit is based on interviews and observations at FBI headquarters in Washington D.C., at the National Cyber Investigative Joint Task Force (NCIJTF) and ten of the FBI's 56 field offices.
The FBI created the operational plan for the NCIJTF in April 2008, essentially establishing a prototype organization aimed at bringing together the U.S. agencies that had some authority or responsibility in cyberspace. The formation of the taskforce came the same year that the U.S. Department of Homeland Security reported that it had detected nearly 5,500 intrusions into the systems of the U.S. government, a 40 percent increase over 2007.
A major problem identified in the report, and one that should come as no surprise to CSOs that work with the government, is information sharing. While the FBI has worked with the other principles to come up with guidelines to share information, it has no legal power to compel other agencies to share attack or investigation details. The four presidentially mandated partner agencies -- the FBI, National Security Agency, U.S. Secret Service and a fourth redacted agency -- signed a memorandum of understanding on information sharing, but only eight of the 14 partner agencies have agreed. In addition, the information sharing language in the signed memoranda are more restrictive than originally envisioned.
"In our opinion, the FBI should ensure that all member agencies are aware of the statutory and policy limitations to information sharing at the NCIJTF to avoid misunderstandings surrounding the sharing of information," the report states.
The report is heavily redacted in several places. In one part, it takes issue that the National Security Agency has failed to be fully integrated into the NCIJTF, but more detailed comments on the matter are blacked out.
Overall, the FBI has treated online child pornography cases as the main focus of its cyber agents, according to the report. Nearly 41 percent of cyber-trained agents were used to investigate child pornography cases, while 31 were used to investigate criminal intrusions and only 19 percent were focused on national security intrusions.
Read more about data protection in CSOonline's Data Protection section.