Kevin Coleman

Lack of cyber pros puts US in dangerous position

In testimony this year before the Senate Judiciary Committee’s Crime and Terrorism Subcommittee, Gordon Snow, assistant director of the FBI’s Cyber Division, said the number and sophistication of cyberattacks have increased dramatically during the past five years and are expected to continue to grow.

Although that paints a pretty bleak picture, what he said next caught the attention of cybersecurity professionals around the world.


MORE FROM THE DIGITAL CONFLICT BLOG

Private sector needs way to submit cyber threat tips

Kevin Coleman's Digital Conflict blog


“The threat has reached the point that given enough time, motivation and funding, a determined adversary will likely be able to penetrate any system that is accessible directly from the Internet,” he said.

If you think that is bad, hold on — there is more, and it gets worse. He went on to say, “The FBI has identified the most significant cyber threats to our nation as those with high intent and high capability to inflict damage or death in the U.S.; to illicitly acquire assets; or to illegally obtain sensitive or classified U.S. military, intelligence or economic information.”

He went on to warn that the threat posed by cyber criminals and the potential economic losses were only part of this huge risk. He included in his threat description the FBI’s serious concerns about attacks on our critical infrastructure, the theft of intellectual property and disruption of supply chains.

Snow is not one to make rash statements, and he chooses his words carefully. So when I read this testimony, I felt for the first time that most people are underestimating this threat.

Given the importance of the FBI’s role in cybersecurity, I became even more concerned after reading a report by the Justice Department inspector general. This report came out shortly after Snow’s testimony, and in the report, Justice issued an unflattering report about the FBI’s ability to properly investigate cyber intrusions that rose to the level of national security threats.

Based on the audit results, the report states that only 64 percent of the FBI agents assigned to national security-related cyber investigations had the expertise needed to investigate these types of cases. The Justice IG report goes on to explain that because national security intrusions are highly technical, they require special skill sets and missed the requirement for continuing education because of the rapid change of this threat environment.

The audit also found that in four of the 10 FBI field offices visited, agents said during interviews that they had been assigned cyber cases that exceeded their technical capabilities. It is worth noting that the report states that in fiscal 2009, FBI cyber agents spent 19 percent of their time on national security intrusion investigations.

The one area presenting the most challenge for the FBI is the old issue of information sharing among members of the National Cyber Investigative Joint Task Force. Anyone with a security clearance who has handled classified intelligence knows of this problem. It has been around for a long time and there is no solution. This is not just an FBI issue. It is an issue across the entire cyber intelligence and protection communities. One participant in the study noted information sharing depends on the individuals involved — no truer statement was ever spoken.

Some will read the audit results and say what a bad job the FBI is doing. The fact is there is a severe shortage of adequately trained and experienced cyber professionals. That should not surprise anyone. A number of studies, articles and blogs have all reported on this during the past few years. It appears that this critical resource shortage will not go away anytime soon. The FBI and the National Cyber Investigative Joint Task Force have an extremely difficult job and shoulder the huge responsibility of investigating threats against our critical infrastructure. They cannot be held responsible for the significant shortage of cyber professionals.

About the Author

Kevin Coleman is a senior fellow with the Technolytics Institute, former chief strategist at Netscape, and an adviser on cyber warfare and security. He is also the author of "Cyber Commander's Handbook." He can be reached by e-mail at: kgcoleman@technolytics.com.

Reader Comments

Fri, Jul 1, 2011

It would be interesting if, through using a company traded on the US stock exchange to raise the money to fund the training and equipment costs, a foreign government was able to quickly establish and leverage specific ability through cloud computing. Such companies could raise billions of dollars through the sell of the stock. Just a thought...

Thu, Jun 30, 2011

Good observation by the FBI ... a tad bit late. Meanwhile they continue to hire unexperienced/unqualified ex 05's and 06's to fill their hiring quotems through OPM instead of recruiting smart educated people that can do this type of work in their sleep.

Wed, Jun 29, 2011 Jeremy San Diego

Maybe we should quit cutting education and begin raising a computer security-savvy generation vice a generation who just plays video games...It's a joke that the first course some will ever take is when they are about to graduate college or at the beginning of grad school for a Computer Science degree leaving even the most astute programmers w/o the tools to face security issues. My grad school is a prime example.

Tue, Jun 28, 2011 k

Mission accomplished! BushCo left APT defenses unprioritized, unfunded and our military industrial base with their pants down - it was his undocumented CyberKatrina. :) Nice to see you guys in the Fbi catching up, but let's be honest, is there much left to steal?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above