Rethinking How FBI Trains Cyber Agents

IG: 36% of Cyber Agents Admit They Lack Proper Skills
Rethinking How FBI Trains Cyber Agents
The FBI should rethink its step-by-step approach in training agents on how to investigate national security intrusion cases to ensure its field offices have qualified investigators.

That's one recommendation from a just-released Department of Justice inspector general audit, which revealed that 36 percent of FBI field agents assigned to national security-related cyber investigations - and interviewed by inspector general staffers - say they lack the networking and counterintelligence expertise to investigate such intrusions. For the audit, IG investigators interviewed 36 agents in 10 field offices, and five of them admitted they lacked the qualifications to probe national security intrusions effectively.

The IG surmised that the way the FBI trains and rotates field agents could impede an agent's ability to acquire the training and on-the-job experience needed to investigate national security intrusion cases effectively.

Each of the 56 FBI field offices in the United States has at least one cyber squad consisting of special agents, intelligence analysts and, in some cases, linguists and computer scientists. Larger offices have multiple cyber squads, with each investigating different types of cases: such as national security intrusions, criminal intrusion, online child pornography, intellectual property rights and Internet fraud. In small offices, a single squad could investigate all types of cyber cases.

Generally, the bureau rotates agents through field offices every three years. The smaller offices tend to be staffed by less experienced agents who don't have the cyber skills of their longer-termed colleagues, putting those offices at a disadvantage in national security intrusion cases. "These offices may not be able to provide new agents with a mentor qualified in the investigation of national security intrusions," the IG said. "Therefore, these new agents may not have the opportunity to complete the on-the-job training elements of the cyber development plan."

A field office supervisor told auditors that it took one agent 2½ years to get "up to speed" in national security intrusions investigating. "Now that the agent is proficient, he has developed sources in the community, allowing the field office to proactively notify targets of potential intrusions in their networks," the IG said. "However, this agent was scheduled to rotate out of the [field office] within three months of our visit."

One agent with IT experience and a degree in computer science told investigators his background didn't prepare him for national security intrusion cases. He was unable to "hit the ground running," as he put it, when he took over from another agent. His experience dealt with building computers, not working on intrusion cases. And, he contended it took longer than the three-year rotation to develop productive relationships and contacts within the cyber community.

This presents a problem, the agent told the IG: Frequent rotation of agents diminishes the FBI's credibility within the cyber community when positions are backfilled with inexperienced personnel.

One solution proposed to resolve this problem is not having cyber squads in all offices. Some agents advocate a regional approach to investigate national security intrusions, contending that the investigations are so specialized that it's unlikely that the FBI will be able to create cyber squads proficient at investigating these cases at every field office. The IG concurred with the suggestion that the FBI create regional hubs, allowing the bureau to bring together its best and brightest cyber agents into a small number of national security intrusion squads, making their skills available to local offices.

Another solution: allow agents following the bureau's cyber career path to take the recommended 12 core courses out of sequence, a suggestion FBI leaders say they have done at times. The FBI expects an agent on the cyber career path to complete the core courses in five to seven years. But some of the key courses for national security cyber intrusion aren't offered until the latter stages of the cyber development plan.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.