FBI Takes Too Long To Alert Victims

Uploaded on 2019-04-09 in GOVERNMENT-Law Enforcement, FREE TO VIEW

The FBI takes too long to notify groups when they’ve succumbed to cyberattacks, and the alerts those victims receive are often sparse on useful information, according to an internal watchdog.

 The Justice Department Inspector General found the bureau’s reliance on manual data entry leads to errors that could prevent cyberattack victims from ever learning about intrusions.

When a group’s networks come under attack, the FBI is responsible for investigating the incident and alerting victims about the breach. In many cases, victims don’t know they were attacked until they’re contacted by FBI agents. 

But multiple flaws in the bureau’s internal procedures and IT limit the timeliness and practicality of these notifications, auditors said in a redacted report published Monday 1st April.

Agents often drag their feet in notifying groups they’ve been breached, auditors found, which can leave their networks vulnerable for longer than necessary. In one instance, the IG said, agents took nine months to notify a company it had been breached.

“Timely notification is critical because victims rely heavily on the information provided by the FBI to remediate the threat with as little damage to their infrastructure as possible,” auditors wrote. “Because victims often keep information, such as network logs, for a limited time, the information provided to the victim needs to be recent.”

Additionally, the notifications victims receive are sometimes too vague to show them where exactly they need to bolster their defenses, according to auditors. The specificity of alerts varies based on the agent who writes it, they said, and insufficient information leaves the victim “unable to mitigate the threat” and “diminishes the FBI's credibility as a partner.”

Half of the 14 victims, auditors interviewed for the report, said notifications came in too late or lacked enough detail for “any meaningful remediation to be made.”

The IG recommended the bureau set timeliness standards and include information like IP addresses, attack timeframes and other potential identifiers.

Agents track cyber incidents and notifications by manually entering information into the Cyber Guardian IT system, which has been used to manage more than 20,000 notifications since 2014. But this process often results in typos and incorrect classifications, which could prevent the bureau from contacting cyberattack victims, the IG said.

Cyber Guardian’s architecture also prevents the Homeland Security Department, which collaborates with the FBI on cyber investigations, from inputting information into the system, according to the report.

The FBI plans to replace Cyber Guardian with a new system called CyNERGY at some point this year. While auditors said the new system would fix some of the issues they highlighted, it still leans too heavily on manual data entry and remains inaccessible to Homeland Security.

NextGov

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim:

 

« Cyber Knowledge The Easy Way
Britain's National Cyber Security Strategy Beyond 2021 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.