[ISN] FBI, Secret Service must improve cybercrime training

From: InfoSec News (alerts@private)
Date: Mon Jul 23 2007 - 22:09:47 PDT


http://www.fcw.com/article103301-07-23-07-Web

By Jason Miller
Federal Computer Week
July 23, 2007

The FBI, the Homeland Security Department and other federal agencies are 
underequipped and lack enough properly trained employees to combat 
cybercrime, according to a recent report [1] by the Government 
Accountability Office.

GAO found that staffing was one of four major challenges to addressing 
cybercrime. In a report for the House Homeland Security and Judiciary 
committees, auditors said law enforcement agencies can do more to 
improve their ability to combat cybercrime.

Specifically, GAO recommended that the Secret Service and FBI modify 
their staff rotational policies to retain employees with key expertise 
in investigating and prosecuting cybercrimes.

Law enforcement organizations often have difficulty obtaining and 
retaining investigators, prosecutors and examiners with the specialized 
skills needed to address cybercrime, GAO auditors wrote. This is due in 
part to the staff rotation policies in place at certain law enforcement 
agencies.

The FBI and the Secret Service have begun to address the issue. In 
written comments to GAO, George Rogers, assistant director of the Secret 
Services Office of Inspection, said about 770 of the organizations 
agents will have completed the Electronic Crimes Special Agency Program 
by Sept. 30.

Shawn Henry, deputy assistant director of the FBIs Cyber Division, said 
in written comments that the bureau is establishing new policies to 
ensure that more agents receive cybercrime training and field 
experience. Additionally, the FBI established a career path for agents 
who want to specialize in combating cybercrime.

GAO also said the FBI, Secret Service and other law enforcement agencies 
have a hard time competing with the private sector for workers with 
these skills. Furthermore, the reports states that law enforcement 
agencies must continuously upgrade technical equipment and software 
tools. Such equipment and tools are expensive, and agencies need for 
them does not always fall in the typical federal replacement cycle.

Law enforcement professionals also have trouble keeping up with new 
techniques and technologies, such as dealing with botnets and extracting 
forensic data from newer devices.

Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security 
Committee, reacted to the GAO report by pointing out DHS cybersecurity 
woes.

In order to provide leadership to the private sector, the Department of 
Homeland Security must demonstrate control of its networks, Thompson 
said in a statement. Unfortunately, previous GAO engagement and our own 
investigations into the department have shown that information security 
has become an oxymoron. This is simply unacceptable.

GAO said implementing strong cybersecurity and raising awareness about 
appropriate practices are major challenges for the government. Auditors 
said agencies do not adequately protect their information systems 
because administrators often do not enable security features on hardware 
and software.

Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Committees 
Emerging Threats, Cybersecurity, and Science and Technology 
Subcommittee, said the panel would identify incentives for the private 
sector to improve and invest in cybersecurity.

Other major challenges include the lack of cybercrime reporting and the 
fact that such crimes occur in a borderless environment that involves 
multiple jurisdictions. GAO also pointed out that cyberthreats come from 
terrorist groups, organized crime and nations such as China.

There remains a lack of understanding about the precise magnitude of 
cybercrime and its impact because cybercrime is not always detected or 
reported, auditors wrote.

[1] http://www.gao.gov/new.items/d07705.pdf


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jul 23 2007 - 22:34:03 PDT