Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/18/2011
11:37 AM
50%
50%

Cyber Strategies: National Security Versus Child Pornography

Among the interesting findings of an audit of the FBI's cyber crime capabilities: how Congress budgets the bureau, as well as the extent to which all cyber crime is local.

Does the FBI have its cyber priorities and investigative strategies straight?

That's one of the questions raised by an audit of the FBI's computer intrusion investigation capabilities, released earlier this year, which painted an unflattering picture of the bureau's ability to investigate cyber crime, especially cases involving national security. Notably, the audit, conducted by the Department of Justice's Office of the Inspector General (OIG), suggested that the FBI was failing to properly train and support its cyber investigators.

After the audit was released, the FBI fired back, alleging that the OIG's report was outdated and skewed by the opinions of a handful of agents who were training in a program that has changed numerous times over the past few years in response to the rapidly evolving nature of attacks and crimes perpetrated online.

"The FBI capacity that exists today is much greater than the capacity that existed two years ago, because we created a cyber career path specifically because we realized that all of the agents would not be at the [required] level," Steven Chabinsky, deputy assistant director of the FBI's cyber division, told me in a telephone interview earlier this year. "This is not something where we're coming to the table, seeing the OIG's report, and saying, we should have thought of this. Just the opposite."

In fact, the OIG's audit presented 10 actions that were necessary to resolve or close out the audit. By April 2011, the bureau had met all of those requirements. In addition, the bureau has been earning accolades from security experts for its cyber investigation capabilities, and it has chalked up some notable successes in recent months, including shutting down the Coreflood botnet and coordinating the international bust of two scareware rings.

But the audit raises at least one question that still needs answering. The auditors found that the bureau spends almost as many man-hours investigating child pornography as cyber crime. According to the report, in 2009 the FBI "used 19% of its cyber agents on national security intrusion investigations, 31% to address criminal-based intrusions, and 41% to investigate online child pornography matters."

In this era of targeted attacks--exploits involving everyone from RSA and Lockheed Martin to Sony and the U.S. Senate--is the FBI focusing on the right areas? To some extent, the bureau's hands are tied by funding, which is determined by Congress, "in different allocations," said Chabinsky. Notably, national security investigations are funded from different sources than child protection or investigating intellectual property crimes.

Furthermore, according to a different report from the OIG, "FBI Personnel Resource Management and Casework," released in 2010, the resources used by the bureau appear to be in line with what it has been told to pursue.

Another interesting question raised by the OIG's audit is whether the FBI should centralize more of its cybercrime operations. The FBI does have some regional hubs, for example, for digital forensic investigations. But in an age of distributed managed services, cloud computing, and virtual infrastructure, might it make more sense to further centralize the bureau's overstretched cyber resources?

While the FBI is exploring the creation of some additional regional hubs, Chabinsky ruled out any large-scale centralization of its cyber activities. "At the end of the day, we still have real victims who have real locations, and if you were to centralize, it would be difficult to have a private relationship with the owners and operators who are responsible for the networks," he said. That's why the FBI has cyber specialists in every field office.

Interestingly, the FBI also liaises with the country's top cyber targets based on the bureau's own field office locations. This structure gives FBI personnel direct responsibility for understanding which critical infrastructure exists in their territory, and for fostering relationships with the organizations that own that infrastructure. The FBI also uses its public-private partnership program, InfraGard, to reinforce these local relationships.

"There is a very local component to national security and law enforcement," even when it involves computer-related crime, Chabinsky said. In fact, information frequently flows in both directions. "It's often the case now that the FBI is informing people that they've been victimized, rather than victims coming to the FBI," he said.

Finally, keeping agents local means they don't have to hop on a plane to follow every lead or launch an investigation. In fact, "remote investigating" is often not an option, he said, as "some of our cases have information that you couldn't even approach on a telephone."

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.