A government watchdog has discovered several roadblocks preventing the FBI from fully implementing a cybersecurity initiative aimed at thwarting threats to the United States.
The FBI launched the initiative, known as Next Generation Cyber, in 2012 and has made “considerable progress” toward addressing cyber intrusion threats, according to a report compiled by Department of Justice Inspector General Michael Horowitz.
Over the past three years, the FBI has been able strengthen the National Cyber Investigative Joint Task Force, which serves as a coordination, integration, and information sharing center among 19 U.S. agencies and international representatives for cyber threat information. But the FBI has not been able to achieve all of its goals, which including hiring more people and partnering with other agencies, according to a watchdog statement.
The FBI has not hired all the computer scientists that it was authorized to hire, according to a summary of the 35-page report that describes the initiative’s shortfalls. Additionally, the Department of Justice Office of the Inspector General uncovered that some of the FBI’s 56, nationwide field offices did not have computer scientist assigned to their local cyber task forces.
“We found that recruiting highly qualified personnel has been difficult because the FBI’s background investigation process is more onerous than those used by many private sector employers, and retention remains a concern because private sector entities can often pay higher salaries,” the summary states. “We found that the FBI has had difficulty attracting external participants, particularly state and local law enforcement agencies, to its local Cyber Task Forces. We also found that although the FBI is working to enhance outreach to private sector entities, both the FBI and private sector representatives acknowledged to us that information sharing remains a challenge, in part because of private sector concerns about sharing sensitive information with the FBI.”
The FBI contends in a July 20 response letter to the Department of Justice Office of the Inspector General’s report on its cybersecurity initiative that it has made measurable progress through its cyber initiative.
“As noted, since September 2013, the FBI has provided 256 briefings to over 900 private sector companies to provide relevant, valuable, and timely information outside the FBI,” the response letter states. “To effectuate those briefings, which were classified, the FBI also enabled temporary access to classified information to approximately 350 of these private sector parties. Additionally, through our FBI Liaison Alert System (FLASH) Reports, we have broadly shared 70 anonymous and declassified technical indicators for immediate action to protect critical networks.”
The Justice Department’s inspector general made eight recommendations to the FBI on how to improve its Next Generation Cyber initiative. The report shows that those recommendations span from developing a process to track and measure the timeliness of information sharing at the National Cyber Investigative Joint Task Force to ensuring that changes within the cyber division organizational structure are clearly communicated to the FBI’s field offices.
The FBI has agreed to implement all eight recommendations, according to the report.