FBI Takes Too Long To Alert Victims

Uploaded on 2019-04-09 in GOVERNMENT-Law Enforcement, FREE TO VIEW

The FBI takes too long to notify groups when they’ve succumbed to cyberattacks, and the alerts those victims receive are often sparse on useful information, according to an internal watchdog.

 The Justice Department Inspector General found the bureau’s reliance on manual data entry leads to errors that could prevent cyberattack victims from ever learning about intrusions.

When a group’s networks come under attack, the FBI is responsible for investigating the incident and alerting victims about the breach. In many cases, victims don’t know they were attacked until they’re contacted by FBI agents. 

But multiple flaws in the bureau’s internal procedures and IT limit the timeliness and practicality of these notifications, auditors said in a redacted report published Monday 1st April.

Agents often drag their feet in notifying groups they’ve been breached, auditors found, which can leave their networks vulnerable for longer than necessary. In one instance, the IG said, agents took nine months to notify a company it had been breached.

“Timely notification is critical because victims rely heavily on the information provided by the FBI to remediate the threat with as little damage to their infrastructure as possible,” auditors wrote. “Because victims often keep information, such as network logs, for a limited time, the information provided to the victim needs to be recent.”

Additionally, the notifications victims receive are sometimes too vague to show them where exactly they need to bolster their defenses, according to auditors. The specificity of alerts varies based on the agent who writes it, they said, and insufficient information leaves the victim “unable to mitigate the threat” and “diminishes the FBI's credibility as a partner.”

Half of the 14 victims, auditors interviewed for the report, said notifications came in too late or lacked enough detail for “any meaningful remediation to be made.”

The IG recommended the bureau set timeliness standards and include information like IP addresses, attack timeframes and other potential identifiers.

Agents track cyber incidents and notifications by manually entering information into the Cyber Guardian IT system, which has been used to manage more than 20,000 notifications since 2014. But this process often results in typos and incorrect classifications, which could prevent the bureau from contacting cyberattack victims, the IG said.

Cyber Guardian’s architecture also prevents the Homeland Security Department, which collaborates with the FBI on cyber investigations, from inputting information into the system, according to the report.

The FBI plans to replace Cyber Guardian with a new system called CyNERGY at some point this year. While auditors said the new system would fix some of the issues they highlighted, it still leans too heavily on manual data entry and remains inaccessible to Homeland Security.

NextGov

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim:

 

« Cyber Knowledge The Easy Way
Britain's National Cyber Security Strategy Beyond 2021 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Twilio

Twilio

Twilio are the customer layer for the internet, powering the most engaging interactions companies build for their customers. We provide simple tools that solve hard problems.

REAL Security

REAL Security

REAL Security is a market leader across the Adriatic region in value-added distribution in the field of IT Security & virtualisation.