The Department of Justice (DOJ) Office of the Inspector General (OIG) announced today the release of a report examining the Federal Bureau of Investigation’s (FBI) Cyber Threat Prioritization. Protecting the United States against cyber-based attacks and high-technology crimes is the FBI’s number three priority, behind counterterrorism and counterintelligence.
The OIG found that while the FBI has an annual process, known as Threat Review and Prioritization (TRP), to identify the most severe and substantial threats and direct resources to them, the process employs subjective terminology that is open to interpretation, and as such does not prioritize cyber threats in an objective, data-driven, reproducible, and auditable manner. Also, because TRP is conducted annually, it may not be agile enough to identify emerging cyber threats in a timely manner.
We did find that the FBI’s Cyber Division has made progress in developing an objective, data- driven methodology to augment the TRP process. However, further implementation of this tool has been hampered by the lack of written policies and procedures outlining who should enter the data, and how the data should be used in the TRP process. In addition, we found that entering data into the Cyber Division’s tool was time consuming because it was not integrated with Sentinel, the FBI’s case management system. If the FBI achieves integration with Sentinel, the Cyber Division’s tool could be updated more frequently, and it would have the potential to provide a more current picture of the cyber threat landscape, including emerging cyber threats.
We also found that the FBI is not currently able to track the resources allocated to each specific cyber threat because of limitations in the FBI’s existing timekeeping system. This prevents the FBI from ensuring that it is aligning its cyber resources to its highest priority threats.
The report released today makes two recommendations to assist the FBI in cyber threat prioritization and cyber resource allocation. The FBI agreed with both recommendations.