FBI Takes Too Long To Alert Victims

The FBI takes too long to notify groups when they’ve succumbed to cyberattacks, and the alerts those victims receive are often sparse on useful information, according to an internal watchdog.

 The Justice Department Inspector General found the bureau’s reliance on manual data entry leads to errors that could prevent cyberattack victims from ever learning about intrusions.

When a group’s networks come under attack, the FBI is responsible for investigating the incident and alerting victims about the breach. In many cases, victims don’t know they were attacked until they’re contacted by FBI agents. 

But multiple flaws in the bureau’s internal procedures and IT limit the timeliness and practicality of these notifications, auditors said in a redacted report published Monday 1st April.

Agents often drag their feet in notifying groups they’ve been breached, auditors found, which can leave their networks vulnerable for longer than necessary. In one instance, the IG said, agents took nine months to notify a company it had been breached.

“Timely notification is critical because victims rely heavily on the information provided by the FBI to remediate the threat with as little damage to their infrastructure as possible,” auditors wrote. “Because victims often keep information, such as network logs, for a limited time, the information provided to the victim needs to be recent.”

Additionally, the notifications victims receive are sometimes too vague to show them where exactly they need to bolster their defenses, according to auditors. The specificity of alerts varies based on the agent who writes it, they said, and insufficient information leaves the victim “unable to mitigate the threat” and “diminishes the FBI's credibility as a partner.”

Half of the 14 victims, auditors interviewed for the report, said notifications came in too late or lacked enough detail for “any meaningful remediation to be made.”

The IG recommended the bureau set timeliness standards and include information like IP addresses, attack timeframes and other potential identifiers.

Agents track cyber incidents and notifications by manually entering information into the Cyber Guardian IT system, which has been used to manage more than 20,000 notifications since 2014. But this process often results in typos and incorrect classifications, which could prevent the bureau from contacting cyberattack victims, the IG said.

Cyber Guardian’s architecture also prevents the Homeland Security Department, which collaborates with the FBI on cyber investigations, from inputting information into the system, according to the report.

The FBI plans to replace Cyber Guardian with a new system called CyNERGY at some point this year. While auditors said the new system would fix some of the issues they highlighted, it still leans too heavily on manual data entry and remains inaccessible to Homeland Security.

NextGov

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim:

 

« Cyber Knowledge The Easy Way
Britain's National Cyber Security Strategy Beyond 2021 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Auria

Auria

Auria advances complex space, missile, and cyber operations with visionary solutions and software.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.

Planisys

Planisys

Planisys is a cybersecurity leader specializing in cutting-edge DNS security and email security solutions.

LiveAction

LiveAction

LiveAction’s Network Intelligence platform transforms complex data into actionable insights, providing organizations with a comprehensive view of their network.