The FBI is failing to share threat intelligence with the private sector in a timely and effective manner, and continues to struggle to attract enough skilled computer scientists to its ranks, according to a new audit.
The US Office of the Inspector General (OIG) set out to review the Bureau’s Next Generation Cyber Initiative, launched in 2012 in response to the growing threat to US interests from online actors.
It focuses on four key areas: strengthening info-sharing hub the National Cyber Investigative Joint Task Force (NCIJTF); improving the FBI’s “cyber workforce”; expanding Cyber Task Forces in each field office; and improving information sharing with the private sector.
The audit claimed the FBI has made progress by rolling out Cyber Task Forces to all 56 field offices; establishing an internal training program for staff; and improving info sharing among the NCIJTF’s government agency members.
However, it continues to struggle in several key areas – especially recruitment, the OGI revealed.
The Feds have “encountered challenges” attracting participants to those Cyber Task Forces, and it hasn’t been able to find 52 of the 134 computer scientists it was authorized to hire. That means five of those 56 field offices have no qualified computer scientists to assist in investigations.
“Recruitment and retention of qualified candidates remain a challenge for the FBI, as private sector entities are often able to offer higher salaries and typically have a less extensive background investigation process,” the OGI claimed.
On top of that, the NCIJTF doesn’t have a process to measure the timeliness of information sharing between members, it added.
But the biggest concern was the continued challenges facing the Bureau on information sharing with the private sector.
“We found that when the private sector shares information with the FBI, it is perceived by the private sector as akin to sending information into a black hole because they often do not know what becomes of it,” the audit noted.
“We also found that the private sector is reluctant to share information with the government based on concerns regarding balancing national security and individual privacy interests.”
These concerns have been exacerbated by the “distrust of the government” created by NSA whistleblower Edward Snowden’s intelligence leaks.
"As the national body responsible for marshaling the US's cyber intrusion threat, this is a serious concern for the FBI,” Bloxx CEO, Charles Sweeney told Infosecurity by email.
“It needs to look at the mandate of its Next Generation Cyber Initiative and ask itself some serious questions about how it attracts and retains talent. With cyber a hot VC investment area, it has to lure candidates away from exciting start-ups, so it needs to ensure it gets competitive – and fast."