By Jason Miller
Federal Computer Week
July 23, 2007
The FBI, the Homeland Security Department and other federal agencies are
underequipped and lack enough properly trained employees to combat
cybercrime, according to a recent report  by the Government
GAO found that staffing was one of four major challenges to addressing
cybercrime. In a report for the House Homeland Security and Judiciary
committees, auditors said law enforcement agencies can do more to
improve their ability to combat cybercrime.
Specifically, GAO recommended that the Secret Service and FBI modify
their staff rotational policies to retain employees with key expertise
in investigating and prosecuting cybercrimes.
Law enforcement organizations often have difficulty obtaining and
retaining investigators, prosecutors and examiners with the specialized
skills needed to address cybercrime, GAO auditors wrote. This is due in
part to the staff rotation policies in place at certain law enforcement
The FBI and the Secret Service have begun to address the issue. In
written comments to GAO, George Rogers, assistant director of the Secret
Services Office of Inspection, said about 770 of the organizations
agents will have completed the Electronic Crimes Special Agency Program
by Sept. 30.
Shawn Henry, deputy assistant director of the FBIs Cyber Division, said
in written comments that the bureau is establishing new policies to
ensure that more agents receive cybercrime training and field
experience. Additionally, the FBI established a career path for agents
who want to specialize in combating cybercrime.
GAO also said the FBI, Secret Service and other law enforcement agencies
have a hard time competing with the private sector for workers with
these skills. Furthermore, the reports states that law enforcement
agencies must continuously upgrade technical equipment and software
tools. Such equipment and tools are expensive, and agencies need for
them does not always fall in the typical federal replacement cycle.
Law enforcement professionals also have trouble keeping up with new
techniques and technologies, such as dealing with botnets and extracting
forensic data from newer devices.
Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security
Committee, reacted to the GAO report by pointing out DHS cybersecurity
In order to provide leadership to the private sector, the Department of
Homeland Security must demonstrate control of its networks, Thompson
said in a statement. Unfortunately, previous GAO engagement and our own
investigations into the department have shown that information security
has become an oxymoron. This is simply unacceptable.
GAO said implementing strong cybersecurity and raising awareness about
appropriate practices are major challenges for the government. Auditors
said agencies do not adequately protect their information systems
because administrators often do not enable security features on hardware
Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Committees
Emerging Threats, Cybersecurity, and Science and Technology
Subcommittee, said the panel would identify incentives for the private
sector to improve and invest in cybersecurity.
Other major challenges include the lack of cybercrime reporting and the
fact that such crimes occur in a borderless environment that involves
multiple jurisdictions. GAO also pointed out that cyberthreats come from
terrorist groups, organized crime and nations such as China.
There remains a lack of understanding about the precise magnitude of
cybercrime and its impact because cybercrime is not always detected or
reported, auditors wrote.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com