An FBI official takes issue with a report from the Justice Department's inspector general that found that about a third of FBI agents lack the skills in networking and counterintelligence to investigate national security intrusions.
Steven Chabinsky, deputy assistant director of the FBI's cyber division, told InformationWeek that the study represents old data (from 2008) based on a small number of agents in field offices, a point that troubled me. He's quoted, saying:
We have a very limited sample size of data that's years old, that's going down to the individual level of five agents, that ignores the fact that these agents were in training, and that these agents work in an environment that's conducive to success.
He pointed to the bureau's cyber security training program that mixes real-world experience with classroom learning. He adds:
Some of these situations you'll never be able to learn in a classroom, because some of our adversaries are using zero-day exploits which by definition you've never seen before.
New agents also are part of an experienced team with members with highly specialized knowledge who can quickly deploy to assist with investigations onsite. Rather than focusing on interviews with agents, he advocates focusing on the FBI's results.
The FBI's cyber unit and the FBI-led, multi-agency task force known as the National Cyber Investigative Joint Task Force have been praised by the Office of the Directorate of National Intelligence, which oversees the task force and evaluates the task force's performance quarterly.
The article also quotes Alan Paller, director of research for information security training company SANS, praising the task force, but he also says the agency has too few people for the number of cases to be investigated.
This IT World article points to other problems brought out in the report: Cyber security is not the FBI's only focus. It says the agency spends twice as much effort investigating child porn than it does trying to track down foreign attackers.