FBI Takes Too Long To Alert Victims

The FBI takes too long to notify groups when they’ve succumbed to cyberattacks, and the alerts those victims receive are often sparse on useful information, according to an internal watchdog.

 The Justice Department Inspector General found the bureau’s reliance on manual data entry leads to errors that could prevent cyberattack victims from ever learning about intrusions.

When a group’s networks come under attack, the FBI is responsible for investigating the incident and alerting victims about the breach. In many cases, victims don’t know they were attacked until they’re contacted by FBI agents. 

But multiple flaws in the bureau’s internal procedures and IT limit the timeliness and practicality of these notifications, auditors said in a redacted report published Monday 1st April.

Agents often drag their feet in notifying groups they’ve been breached, auditors found, which can leave their networks vulnerable for longer than necessary. In one instance, the IG said, agents took nine months to notify a company it had been breached.

“Timely notification is critical because victims rely heavily on the information provided by the FBI to remediate the threat with as little damage to their infrastructure as possible,” auditors wrote. “Because victims often keep information, such as network logs, for a limited time, the information provided to the victim needs to be recent.”

Additionally, the notifications victims receive are sometimes too vague to show them where exactly they need to bolster their defenses, according to auditors. The specificity of alerts varies based on the agent who writes it, they said, and insufficient information leaves the victim “unable to mitigate the threat” and “diminishes the FBI's credibility as a partner.”

Half of the 14 victims, auditors interviewed for the report, said notifications came in too late or lacked enough detail for “any meaningful remediation to be made.”

The IG recommended the bureau set timeliness standards and include information like IP addresses, attack timeframes and other potential identifiers.

Agents track cyber incidents and notifications by manually entering information into the Cyber Guardian IT system, which has been used to manage more than 20,000 notifications since 2014. But this process often results in typos and incorrect classifications, which could prevent the bureau from contacting cyberattack victims, the IG said.

Cyber Guardian’s architecture also prevents the Homeland Security Department, which collaborates with the FBI on cyber investigations, from inputting information into the system, according to the report.

The FBI plans to replace Cyber Guardian with a new system called CyNERGY at some point this year. While auditors said the new system would fix some of the issues they highlighted, it still leans too heavily on manual data entry and remains inaccessible to Homeland Security.

NextGov

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim:

 

« Cyber Knowledge The Easy Way
Britain's National Cyber Security Strategy Beyond 2021 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia is responsible for implementing public policies in the field of cybersecurity and developing the cybersecurity strategy of the Generalitat de Catalunya.

Atlantica Digital

Atlantica Digital

Atlantica design and create highly innovative software solutions and solid, scalable and secure IT infrastructures for a constantly evolving market.