FBI, Secret Service must improve cybercrime training

The FBI, the Homeland Security Department and other federal agencies are underequipped and lack enough properly trained employees to combat cybercrime, according to a recent report by the Government Accountability Office.GAO found that staffing was one of four major challenges to addressing cybercrime. In a report for the House Homeland Security and Judiciary committees, auditors said law enforcement agencies can do more to improve their ability to combat cybercrime.Specifically, GAO recommended that the Secret Service and FBI modify their staff rotational policies to retain employees with key expertise in investigating and prosecuting cybercrimes.“Law enforcement organizations often have difficulty obtaining and retaining investigators, prosecutors and examiners with the specialized skills needed to address cybercrime,” GAO auditors wrote. “This is due in part to the staff rotation policies in place at certain law enforcement agencies.”The FBI and the Secret Service have begun to address the issue. In written comments to GAO, George Rogers, assistant director of the Secret Service’s Office of Inspection, said about 770 of the organization’s agents will have completed the Electronic Crimes Special Agency Program by Sept. 30.Shawn Henry, deputy assistant director of the FBI’s Cyber Division, said in written comments that the bureau is establishing new policies to ensure that more agents receive cybercrime training and field experience. Additionally, the FBI established a career path for agents who want to specialize in combating cybercrime.GAO also said the FBI, Secret Service and other law enforcement agencies have a hard time competing with the private sector for workers with these skills. Furthermore, the reports states that law enforcement agencies must “continuously upgrade technical equipment and software tools. Such equipment and tools are expensive, and agencies’ need for them does not always fall in the typical federal replacement cycle.”Law enforcement professionals also have trouble keeping up with new techniques and technologies, such as dealing with botnets and extracting forensic data from newer devices.Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, reacted to the GAO report by pointing out DHS’ cybersecurity woes.“In order to provide leadership to the private sector, the Department of Homeland Security must demonstrate control of its networks,” Thompson said in a statement. “Unfortunately, previous GAO engagement and our own investigations into the department have shown that information security has become an oxymoron. This is simply unacceptable.”GAO said implementing strong cybersecurity and raising awareness about appropriate practices are major challenges for the government. Auditors said agencies do not adequately protect their information systems because administrators often do not enable security features on hardware and software.Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, said the panel would identify incentives for the private sector to improve and invest in cybersecurity.Other major challenges include the lack of cybercrime reporting and the fact that such crimes occur in a borderless environment that involves multiple jurisdictions. GAO also pointed out that cyberthreats come from terrorist groups, organized crime and nations such as China.“There remains a lack of understanding about the precise magnitude of cybercrime and its impact because cybercrime is not always detected or reported,” auditors wrote.