Report: FBI cybersecurity agents often lack necessary skills
Many of the FBI field agents assigned to combat cyber threats say they do not have enough expertise to do it, according to a new report from the Justice Department's inspector general.
Justice Department officials found that more than a third of the 36 FBI agents surveyed said they don't have the networking or counterintelligence expertise needed to effectively investigate national security breaches. The report also said that field offices lacked the forensic and analytical capabilities to take on national security investigations.
Sen. Susan Collins, R-Maine, who has proposed cybersecurity legislation on Capitol Hill, said the need for a capable cybersecurity work force is "more urgent than ever."
"The threat of cyber attacks continues to grow every day," said Collins, ranking member on the Homeland Security and Governmental Affairs Committee, in a statement. "That is why it is so troubling that the federal government has not adequately trained its cyber professionals to combat these threats."
According to the Senate sergeant at arms, government computer networks are attacked or probed 1.8 billion times in an average month, and the private sector continues to experience major data breaches.
A dearth of trained cybersecurity professionals is plaguing government and industry efforts, with some analysts estimating that the U.S. needs 20,000 to 30,000 more people to adequately defend cyberspace.
The FBI has authority for counterterrorism, counterintelligence, and criminal law, and thus often investigates cyber attacks. In the partially redacted report, DOJ officials noted that the FBI has taken steps to identify cyber tactics and partner with other government departments, and had "some operational success" in reducing cyber threats to the United States.
Despite this, the report concluded that members of the FBI-led National Cyber Investigative Joint Task Force, which includes 18 law enforcement and intelligence agencies, are not effectively sharing critical information.
While the NCIJTF is the Washington, D.C.-based headquarters of FBI cybersecurity efforts, the agency's 56 field offices are tasked with actually investigating cases. The report criticized the FBI's rotation policy, which allows agents to gain a wide range of experience but can hinder their ability to specialize in national security threats.
"According to FBI officials, agents assigned to national security cyber intrusion matters need to have more advanced technical capabilities than agents investigating other cyber matters, such as online child pornography and intellectual property rights," the report states. "Because national security intrusion cases are highly technical and require a specific skill set, new cyber agents are often not equipped to assume responsibility of a national security intrusion investigation."
Investigators said that in four of the 10 field offices they visited, agents complained they had been assigned cyber cases that were over their heads. As a result of the inspector general's report, the FBI is only selecting agents with enough education or experience to handle complex cyber cases.
Among other requests, the report recommends that the FBI adopt a regional strategy to combat national security intrusions. Such centralized efforts would allow the agency to pool its best resources, the study concludes.