Is Cyber Crime Really the FBI's No. 3 Priority?
The Federal Bureau of Investigation says that its No. 3 priority is protecting the United States "against cyber-based attacks and high-technology crimes." Given the increasing pervasiveness and costs associated with such crime, FBI Director Robert Mueller should be commended for giving anti-cyber crime investigations such high status, second only to terrorism and espionage/counter intelligence investigations.
But according to an analysis by Security Fix, cyber crime remains a distant third priority for the federal law enforcement agency, at least in terms of resources applied to the problem.
That assessment is based on information from the Justice Department itself, based on a reading of a 203-page document justifying its fiscal year 2008 budget request to Congress.
The cyber portion of the 2008 request includes a request for $258.5 million in funding for some 659 field agents, a 1.5 percent increase over 2007 levels. That's 659 out of a total of 11,868 FBI agents nationwide, which would mean the FBI is on track to dedicate roughly 5.5 percent of its agents to cyber crime investigations. But as we'll see later, the true number may actually be lower.
To be clear, the FBI's cyber program encompasses everything from battling traditional cyber crime -- the kind of illegal activity you might associate with someone hacking into your PC or stealing your identity -- to illicit online activities that could potentially support terrorist activity.
Here's how the Bureau describes its cyber efforts (the text is from the DOJ '08 budget justification): "The FBI's Cyber Program consolidates Headquarters and field resources dedicated to combating cyber-crime under a single entity. This allows the Cyber Program to coordinate, supervise, and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government-sponsored intelligence operations, or criminal activity. Included under the purview of the Cyber Program are counterterrorism, counterintelligence and criminal computer intrusion investigations; intellectual property rights-related investigations involving theft of trade secrets and signals; copyright infringement investigations involving computer software; credit/debit card fraud where there is substantial Internet and online involvement; online fraud and related identity theft Investigations; and the Innocent Images National Initiative."
While the "Innocent Images National Initiative" is listed last in the excerpt above, it's by no means least among the FBI's cyber priorities. The initiative -- designed to catch sickos who enjoy looking at and facilitating child pornography -- claims the attention of roughly a third of the agency's cyber agents, according to the document.
I'm certainly not trying to take anything away from that important program, or suggest that fewer agents be dedicated to it. The drive to lock up child predators is one of few law enforcement imperatives that transcends national boundaries or politics. Experts say it is rare to find a form of crime which elicits such visceral and rapid reaction and cooperation from law enforcement officials around the world.
The main reason I single it out is that it clouds the agency's record on addressing the kinds of crimes that most people probably think about when they hear the words "cyber crime." According to the FBI, the Innocent Images program accounted for a major share of the FBI cyber crime convictions and "pre-trial diversions" in fiscal year 2006. For example, Innocent Images netted 1,018 convictions and plea agreements in 2006, whereas the Justice Department won 118 convictions or pleas for computer intrusion cases last year.
If we look at the number of agents the FBI has tasked to investigating illegal online activities of the sort that involve computer intrusions or the trade and/or sale of stolen business and consumer data (crimes increasingly committed by organized crime syndicates based overseas), then it appears that the FBI has requested a total of 427 agents to fight the cyber crime problem next year. So, assuming Congress grants its budget request, the FBI is on track to have about 3.6 percent of all of its active agents dedicated to its stated No. 3 priority.
Of course, the FBI is not the only agency fighting cyber crime. The U.S. Secret Service and the U.S. Postal Inspection Service both play critical roles. Also, none of this analysis should take anything away from the work being done by several industry-government partnerships, such as the National Cyber-Forensics & Training Alliance (NCFTA) in Pittsburgh and the Internet Crime Complaint Center (IC3) in West Virginia. Nor should it diminish the work the FBI does in tandem with various task forces that rely heavily upon state and local law enforcement officers to investigate identity theft cases that often have roots in cyber crime.
But this data does seem to raise the following question: If the FBI's third most-important priority claims just over 3.5 percent of its active agents, how many agents and FBI resources are dedicated to the remaining Top Ten priorities? The FBI says those priorities are, in the following order:
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational and national criminal organizations and enterprises.
7. Combat major white-collar crime.
8. Combat significant violent crime.
9. Support federal, state, county, municipal, and international partners.
10. Upgrade technology to successfully perform the FBI's mission.
Again, a major reason I want to call attention to these figures it to spark a debate over whether the FBI is dedicating enough resources to fighting cyber crime.
For his part, Paul Kurtz, a former White House cyber security adviser for the Bush administration, said absolutely not.
"I think that we need to dramatically increase the number of agents and analysts supporting the government's overall cyber investigative efforts," Kurtz said. "The FBI -- for what resources it has -- is not doing a bad job. But when we have as many problems going on as we have today, with China and Russia and organized crime and white-collar criminals getting involved in computer crimes, we don't have nearly enough agent workforce to take on this problem. And until we see a major increase, we're going to remain behind on fighting this problem."
But Jim Lewis, a senior fellow at the Center for Strategic & International Studies and director of its Technology and Public Policy Program, said you can throw all the FBI agents in the world at the cyber program without much improvement in the current situation if the U.S. cannot build stronger ties with foreign law enforcement agencies.
"When there are political or legal situations in other countries that keep you from using your resources efficiently, then adding more resources doesn't help you very much," Lewis said. "The FBI shouldn't be trying to do everything, but should focus mainly on the largest cyber criminal operations. The problem is that the level of cooperation we get from many countries is kind of dubious, and criminals will gravitate to places where they have the best chance of not getting caught."
What do you think, dear readers? Weigh in with your thoughts in the comments section below.
Tomorrow, Security Fix will examine some indicators of just how much cyber crime is costing American consumers and corporations each year.
September 24, 2007; 3:14 PM ET
Categories: Fraud , From the Bunker , U.S. Government
Save & Share: Previous: Your Money or Your E-mail
Next: Service Pack 3 Available for Office 2003 Users
The comments to this entry are closed.