Review of FBI’s Next Generation Cyber Initiative Points to Continued Reliance on Contractors

The Justice Department’s (DOJ) Office of Inspector General (IG) published an audit of the Federal Bureau of Investigation’s (FBI) Next Generation Cyber Initiative (NGC) at the end of July 2015. Started in 2012, the effort is expected to support activities to address cyber vulnerabilities with a focus on intrusion (as opposed to crimes committed with a computer). Another goal of NGC is partnering with National Cyber Investigative Joint Task Force (NCIJTF), the focal point for collaboration and information sharing among 19 U.S. agencies and international representatives for cyber threat information. Other objectives include expanding the capabilities of cyber task forces the FBI’s field offices along with strengthening the FBI’s cyber workforce and support infrastructure.

The objective of the recent IG audit was to evaluate the FBI’s progress implementing the NGC strategy. The findings indicated progress, while noting ongoing challenges the effort is experiencing. The issues were heavily workforce related, particularly recruitment and retention.

Achievements:

• Cyber Task Forces have been established in 11 additional field offices since 2011. This increase means that each of the 56 FBI field offices has a Cyber Task Force.
• A cyber-specific training strategy to improve the technical skills across the workforces has been implemented. This strategy includes specific training available to individuals working cyber intrusion investigations.

Issues:

• The NCIJTF lacks a process to measure how rapidly members share relevant information with each other.
• Recruitment lags behind private sector. In particular, the FBI’s lower salaries and extensive background investigation process are viewed as challenges.
• Engaging external participants for the FBI’s Cyber Task Forces has proved difficult.
• The FBI was authorized to hire 134 computer scientists but only hired 82, contributing to the skill gap.
• While each of the 56 field offices have a Cyber Task Force, 5 of them did not have an assigned computer scientist.

One of the roadblocks referenced around the workforce deficiency is the budget environment. While cybersecurity continues to be an area that agencies are investing, sequestration and ongoing budget pressure has taken a toll on what the progress they’ve made. This applies both to technology and workforce development. The Justice Department’s budget requests have consistently prioritized cybersecurity and requested additional funding specifically for NGC over the past several years. Nonetheless, the effort is making muted progress. The inability to hire the staff to fill these positions means that the FBI will continue looking to industry for the expertise and technology advances. In that vein, the FBI has released two separate cyber related solicitations this summer. One is for threat intelligence software to support NCIJTF. The other is seeking subject matter experts capable of conducting intelligence and analysis work for a dozen organizations including the Cyber Division, which is very much in line with the group’s workforce gaps.