The US Federal Bureau of Investigation (FBI) says an audit finding insufficient national cybersecurity investigation skills does not reflect current expertise and results.
The latest Department of Justice Office of the Inspector General (OIG) audit says the FBI’s field offices lack the skills and expertise required for investigating national cybersecurity intrusions.
The audit report also charges that many field offices are facing a shortage of forensic investigators, intelligence analysts and tactical intelligence.
But Steven Chabinsky, deputy assistant director of the FBI’s cyber division, has told Information Week that he largely disputes those findings.
Instead of focusing on the subjective opinions of a few agents who were in the process of being trained, Chabinsky said observers should examine the FBI’s results, which he said the report largely ignores: “Case success is relegated to a footnote that said there have been some successes which are beyond the classification level of the report,” he said.
According to Chabinsky, the FBI’s cyber unit and the FBI-led National Cyber Investigative Joint Task Force (NCIJTF) have received praise for their results, notably from the Office of the Directorate of National Intelligence (ODNI), which oversees the NCIJTF and evaluates its performance; and Alan Paller, director of research at the SANS Institute.
If there is a shortcoming of the FBI’s cyber unit or the NCIJTF, said Paller, it is that they have too many cases for the number of people they have, but that highlights the problem of skills.
According to Paller, colleges are graduating people who can talk about security, but have no forensics or intrusion detection or exploit skills, but he said internal training and initiatives such as the US Cyber Challenge, (replicated in the UK), will help fill this gap.