Apparently lack of staffing isn't the only problem afflicting America's weak cyberdefenses
America's cyberdefenses are disturbingly weak according to numerous reports both from the government and the private sector. Three out of four advisors to former President George W. Bush predicted that a major attack on a U.S. utility would occur within two years, depriving Americans of vital service. Individuals in China and Russia are suspected of breaking into government systems on a regular basis and stealing information.
But the America's cybersecurity isn't so abysmal merely from underfunding. According to a recent U.S. Department of Justice report [PDF], it is also suffering from internal incompetence and mismanagement.
The DOJ's inspector general's office performed an audit of cybersecurity staff at the U.S. Federal Bureau of Investigations. The audit examined 10 of the FBI's 56 field offices, which are designed to respond to cyberthreats.
Of the 36 agents examined, 23 proved basically competent, but 13 "lacked the networking and counterintelligence expertise to investigate national security intrusion cases."
The report complains that some of that incompetence isn't even the agents’ fault -- it’s the fault of the FBI leadership. Currently the FBI rotates its field agents every three years between offices. As a result, many agents find themselves with essentially zero expertise at their new, dramatically different cybersecurity position.
The report also complains that the FBI is doing a poor job sharing information with other intelligence agencies. And it says that many of the field offices examined were "inadequate" in both an analytical and a forensic cybersecurity capacity.
Interestingly, the FBI convinced the DOJ to redact the number of agents that had completed its Cyber Development Plan course program. The CDP consists of 12 core security sessions, similar to college courses. The sessions are designed to strengthen agents' background in cybersecurity. The program was first introduced in 2007.
Since 2009 the FBI has been trying to hire 3,000 new agents, with a heavy emphasis on individuals with IT experience. The FBI was embarrassed in 2009 by its chief's admission that he almost responded to a phishing scam.
The FBI has had some high profile successes of late -- such as taking down the CoreFlood botnet-- but it also has struggled in dealing with more organized foreign cyberaggression. The FBI and fellow agencies have also struggled in dealing with homeland cybercriminals, such as child predators. They have raided several citizens’ homes and reportedly brutalized them, only to find that it had misidentified the suspect due to a lack of investigation.
No comments:
Post a Comment