April 29, 2011, 11:35 AM — Despite its growing digital surveillance capabilities and increasing responsibility for investigating and countering cyber attacks on the U.S., the FBI's core cyber security division turns out to be basically incompetent, according to a critical report from the Dept. of Justice. [PDF]
Part of the reason is that the 14 agencies that share some responsibility for online counter-espionage don't share information well. Another contributor is the lack of effective pressure from top managers to get agents trained in national-security intrusion topics and tactics.
Most of the reason is that the FBI spends twice as much effort investigating child porn as it does attempts by foreign governments to attack U.S. facilities or steal information that would damage U.S. national security, the report found.
To put that in perspective, the number of foreign attacks on the U.S. increased 40 percent between 2007 and 2008, according to the report, whose data are pretty old for such a sensitive topic.
An April study from McAfee showed 80 percent of utilities in 14 countries had been attacked during the previous year, an increase of almost 50 percent compared to the year before. Attacks ranged from distributed denial of services to intrusions to remove data to intrusions that attempted to take control of the utility's internal IT systems.
And that's just among civilian-run utility companies.
State Dept. documents released through WikiLeaks this month showed that years-long cyberattacks launched by the Chinese military had netted "terabytes" of sensitive data ranging from names and passwords that would give access to State Department computers, to the design of major weapons systems.
The "Byzantine Hades" attacks – and others coming from Russia and other unfriendly powers – represent a new state of cyberwar the U.S. is not yet prepared to fight.
The attacks have been so successful "we have given up on the idea we can keep our networks pristine," according to Stewart Baker, a former senior cyber-security official at the U.S. Department of Homeland Security and National Security Agency.
The focus has shifted instead to more sophisticated efforts to detect and counter intrusions as they're made.
Unfortunately, those are exactly the kinds of skills the FBI cyber squads lack and the kind of crime they don't have the time or resources to investigate.
Of 36 agents with cybersecurity responsibilities the DOJ tested – from 10 of the agency's 56 field offices, each of which has at least one "cyber squad" – only 23 told investigators they had the training to investigate national security intrusions.
The other 13 "lacked the networking and counterintelligence expertise to investigate national security intrusion cases." Five said they were completely unqualified to investigate national security intrusions effectively, the report said.
In 2007 the FBI created a separate career path for digital security investigators called the Cyber Career Path, which includes a four-stage training plan covering 12 core courses and a set of elective courses agents can use to develop a specialty.
The agency's habit of moving agents to new offices or new assignments every two or three years to expand their skills or experience makes completing that training difficult, the report concluded. So does a generally inconsistent focus on both online counter-espionage and giving agents either the training or time to build experience in investigating it.
Top FBI managers are much more comfortable with agents trained to track down domestic hackers and breaking down doors than they are investigating or countering serious online attacks from overseas.
The report – some information in which was blacked out to avoid releasing sensitive or top secret information to which the public should not have access – included the total number of agents who had completed all 12 courses as of June, 2010.
The number was the only part of the paragraph explaining the program that was redacted.
Online espionage isn't the FBI cyber squads' only responsibility, however. In 2009, 19 percent of the cyber agents worked on national security intrusion investigations, while 31 percent worked on non-spy-related digital crimes and 41 percent investigated online child porn.
That's not to say child porn and domestic, non-national-security related cybercrime should not be investigated.
When you're losing terabytes of sensitive data to foreign governments who can walk freely through your most secure computer systems, however, maybe it's time to reconsider your priorities.
Maybe shift a few agents away from the wankers and point them toward the enemy?
