via Information Week
Does the FBI have its cyber priorities and investigative strategies straight?
That’s one of the questions raised by an audit of the FBI’s computer intrusion investigation capabilities, released earlier this year, which painted an unflattering picture of the bureau’s ability to investigate cyber crime, especially cases involving national security. Notably, the audit, conducted by the Department of Justice’s Office of the Inspector General (OIG), suggested that the FBI was failing to properly train and support its cyber investigators.
After the audit was released, the FBI fired back, alleging that the OIG’s report was outdated and skewed by the opinions of a handful of agents who were training in a program that has changed numerous times over the past few years in response to the rapidly evolving nature of attacks and crimes perpetrated online.
“The FBI capacity that exists today is much greater than the capacity that existed two years ago, because we created a cyber career path specifically because we realized that all of the agents would not be at the [required] level,” Steven Chabinsky, deputy assistant director of the FBI’s cyber division, told me in a telephone interview earlier this year. “This is not something where we’re coming to the table, seeing the OIG’s report, and saying, we should have thought of this. Just the opposite.”
In fact, the OIG’s audit presented 10 actions that were necessary to resolve or close out the audit. By April 2011, the bureau had met all of those requirements. In addition, the bureau has been earning accolades from security experts for its cyber investigation capabilities, and it has chalked up some notable successes in recent months, including shutting down the Coreflood botnet and coordinating the international bust of two scareware rings.
But the audit raises at least one question that still needs answering. The auditors found that the bureau spends almost as many man-hours investigating child pornography as cyber crime. According to the report, in 2009 the FBI “used 19% of its cyber agents on national security intrusion investigations, 31% to address criminal-based intrusions, and 41% to investigate online child pornography matters.”