Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/18/2011
11:37 AM
50%
50%

Cyber Strategies: National Security Versus Child Pornography

Among the interesting findings of an audit of the FBI's cyber crime capabilities: how Congress budgets the bureau, as well as the extent to which all cyber crime is local.

Does the FBI have its cyber priorities and investigative strategies straight?

That's one of the questions raised by an audit of the FBI's computer intrusion investigation capabilities, released earlier this year, which painted an unflattering picture of the bureau's ability to investigate cyber crime, especially cases involving national security. Notably, the audit, conducted by the Department of Justice's Office of the Inspector General (OIG), suggested that the FBI was failing to properly train and support its cyber investigators.

After the audit was released, the FBI fired back, alleging that the OIG's report was outdated and skewed by the opinions of a handful of agents who were training in a program that has changed numerous times over the past few years in response to the rapidly evolving nature of attacks and crimes perpetrated online.

"The FBI capacity that exists today is much greater than the capacity that existed two years ago, because we created a cyber career path specifically because we realized that all of the agents would not be at the [required] level," Steven Chabinsky, deputy assistant director of the FBI's cyber division, told me in a telephone interview earlier this year. "This is not something where we're coming to the table, seeing the OIG's report, and saying, we should have thought of this. Just the opposite."

In fact, the OIG's audit presented 10 actions that were necessary to resolve or close out the audit. By April 2011, the bureau had met all of those requirements. In addition, the bureau has been earning accolades from security experts for its cyber investigation capabilities, and it has chalked up some notable successes in recent months, including shutting down the Coreflood botnet and coordinating the international bust of two scareware rings.

But the audit raises at least one question that still needs answering. The auditors found that the bureau spends almost as many man-hours investigating child pornography as cyber crime. According to the report, in 2009 the FBI "used 19% of its cyber agents on national security intrusion investigations, 31% to address criminal-based intrusions, and 41% to investigate online child pornography matters."

In this era of targeted attacks--exploits involving everyone from RSA and Lockheed Martin to Sony and the U.S. Senate--is the FBI focusing on the right areas? To some extent, the bureau's hands are tied by funding, which is determined by Congress, "in different allocations," said Chabinsky. Notably, national security investigations are funded from different sources than child protection or investigating intellectual property crimes.

Furthermore, according to a different report from the OIG, "FBI Personnel Resource Management and Casework," released in 2010, the resources used by the bureau appear to be in line with what it has been told to pursue.

Another interesting question raised by the OIG's audit is whether the FBI should centralize more of its cybercrime operations. The FBI does have some regional hubs, for example, for digital forensic investigations. But in an age of distributed managed services, cloud computing, and virtual infrastructure, might it make more sense to further centralize the bureau's overstretched cyber resources?

While the FBI is exploring the creation of some additional regional hubs, Chabinsky ruled out any large-scale centralization of its cyber activities. "At the end of the day, we still have real victims who have real locations, and if you were to centralize, it would be difficult to have a private relationship with the owners and operators who are responsible for the networks," he said. That's why the FBI has cyber specialists in every field office.

Interestingly, the FBI also liaises with the country's top cyber targets based on the bureau's own field office locations. This structure gives FBI personnel direct responsibility for understanding which critical infrastructure exists in their territory, and for fostering relationships with the organizations that own that infrastructure. The FBI also uses its public-private partnership program, InfraGard, to reinforce these local relationships.

"There is a very local component to national security and law enforcement," even when it involves computer-related crime, Chabinsky said. In fact, information frequently flows in both directions. "It's often the case now that the FBI is informing people that they've been victimized, rather than victims coming to the FBI," he said.

Finally, keeping agents local means they don't have to hop on a plane to follow every lead or launch an investigation. In fact, "remote investigating" is often not an option, he said, as "some of our cases have information that you couldn't even approach on a telephone."

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17660
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-11281
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
CVE-2019-16521
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
CVE-2019-16522
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
CVE-2019-16523
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.