[no subject]

After the terrorist attacks of Sept. 11, the FBI pivoted from a focus on locking up criminals and busting gangs and drug rings to predicting and stopping the next extremist plot at any cost, bulking up intelligence resources and linking up with foreign intelligence agencies for unprecedented information sharing. In 2002, the FBIâ??s cyber division at FBI headquarters in Washington was created to pursue investigations of â??cyber-based terrorism, espionage, computer intrusions and major cyber fraud.â??

The FBI employs a variety of different employees to defend against the cyberthreat at its headquarters, around the country and overseas. â??By default, everyone talks about agents and analysts,â?? said Ugoretz, who arrived at the bureau in 2001.

But the division also employs computer scientists, data scientists and data operation specialists, among others. At FBI field offices, each has a cyber task force, and major cities now host a few dozen cyber experts, while smaller ones may be home only to a handful.

According to multiple former FBI employees, former bureau director Robert Muellerâ?? now better known for his role as the special counsel investigating Russian interference in the 2016 presidential election â?? worked to professionalize the analyst workforce during his tenure, around the same time the bureau began implementing career tracks, one of which was cyber-focused.

Previously, an agentâ??s ticket to promotion was[disrupting a possible terrorist plot](https://theintercept.com/2016/02/18/fbi-wont-explain-its-bizarre-new-way-of-measuring-its-success-fighting-terror/), by making an arrest, seizing assets or blocking someone from committing an ideologically motivated crime. But at the end of Muellerâ??s tenure as FBI director, agents started getting pulled off of counterterrorism squads to work on cyber investigations, and the cyber division was [reorganized](https://oig.justice.gov/reports/2015/a1529.pdf) to focus exclusively on intrusions, i.e., hacks or unauthorized computer access as opposed to crimes that had only a digital component. â??Around 2013, the writing was on the wall that cyber was becoming a higher priority than it had ever been before,â?? said Jim Harris, a former FBI agent who worked on cyber cases and later co-founded a startup.

At the same time, the bureau was applying lessons from fighting terrorism to the digital realm. â??The FBI shifted its cyber intrusion emphasis from reacting to cyber-attacks to predicting and preventing them,â?? [according to](https://oig.justice.gov/reports/2015/a1529.pdf) a 2015 DOJ Inspector General report.

The emphasis on prediction and prevention resulted in other changes. For example, child pornography, a digitally enabled crime that occupied a large amount of cyber agentsâ?? time, was shifted to the criminal division, freeing up other agents to do more intelligence-related work. This shift toward broader national security may have come from a bureauwide effort â??because thatâ??s where the money is,â?? said one former FBI agent who requested anonymity to speak candidly. The FBI â??constantly ceded ground to other agencies as a result of this.â??

Ugoretz argues the â??shiftâ?? toward cybercrime has been gradual, and that the bureauâ??s primary targets have not changed. â??I donâ??t know if I can speak of a specific transition,â?? she told Yahoo News. â??This has been a gradual evolution. The bureau has always adapted to new technologies; I see cyber in much the same way.â??

By around 2010, cyber investigations were already bleeding into all of the FBIâ??s major operational divisions, from counterintelligence to counterterrorism, according to Harris.

In one case, the [bureau arrested](https://www.theatlantic.com/technology/archive/2014/05/hacker-sabu-freed-from-prison/371649/) Hector Xavier Monsegur, known online as Sabu, for hacking private U.S. businesses and government agencies, then used him as an informant to indict other hackers. The bureau [spent years](https://www.politico.com/magazine/story/2018/11/21/junaid-hussain-most-dangerous-terrorist-cyber-hacking-222643) hunting down terrorists disseminating propaganda and committing crimes online. In more recent years, the bureau has been at the forefront of the biggest cyber cases in modern history, including Russian interference in the 2016 U.S. presidential election and Chinese state-directed hacking.

In a recent case from January of this year, a U.S. company and its 600 or so employees suffered a ransomware attack that â??completely crippled their operations,â?? threatening to shut down the business entirely, said Ugoretz. However, the cyber division had experience with the perpetrator, and intelligence that enabled them to help unlock the companyâ??s files and restore operations in three days.

[Hector Xavier Monsegur]
Hector Xavier Monsegur leaves court in New York City on May 27, 2014. (Photo: Seth Wenig/AP)

While the bureauâ??s major arrests in cyber cases often make headlines, the numbers are too small to make a significant dent in cyber crime, according to analysis from national security think tank Thirdway, which[determined](https://www.thirdway.org/memo/readers-guide-to-understanding-the-us-cyber-enforcement-architecture-and-budget) that the FBI is arresting the perpetrators in less than 1 percent of malicious cyberattacks.

Part of the problem is that cyber crimes are committed by a variety of people and organizations, ranging from nation states and criminals to terrorists and organized criminal gangs, according to Jim Baker, the former FBI general counsel now working on cybersecurity and workforce issues at R Street, a think tank. Because of the overlapping responsibilities involved in dealing with those different types of threats, â??the cyber division has a bit of an identity crisis,â?? said Baker, who noted he is a supporter of the division despite its issues.

The problem that Baker refers to can be seen in both the lower and higher levels of the FBI. Over the last two years, the press has tracked several high-profile departures from the FBIâ??s senior cyber leadership. In July of last summer, the Wall Street Journal [revealed](https://www.wsj.com/articles/three-top-fbi-cybersecurity-officials-to-retire-1532036330) three top FBI cyber officials were leaving within the same month, and [Politico detailed](https://www.politico.com/story/2018/08/03/fbi-cyber-security-talent-drain-hacking-threat-russia-elections-760740) the loss of about 20 â??cybersecurity leadersâ?? â?? a fraught time for the FBI with a near constant barrage of criticism from the president.

At the top levels, the investigation into Hillary Clintonâ??s email server and routine attacks from President Trump have taken a toll, according to several former FBI officials. But the cyber brain drain is affected by many factors, and as the FBI transitioned from a building run by agents with guns to an agency full of technical experts, retention of those with cyber skills has become a major problem.

Both senior officials and more junior FBI employees are eyeing the door or have already left for a number of reasons, according to former FBI employees who spoke with Yahoo News. One of the major issues they cited has been the relationship between the field offices and headquarters, and the lack of clarity on how cyber skills would be incorporated into cases.

The question for Comey, who was weighing the plan to eliminate the cyber division, was whether having a part of the bureau dedicated to a specific criminal vector, like the internet, made sense. After all, the bureau never created an automobile division, despite the revolutionary shift in crime cars brought about. â??Criminals were suddenly moving at breathtaking speeds at distances we couldnâ??t imagine,â?? he said. â??The challenge for the FBI was, you couldnâ??t have an automobile division. â?¦Everybody had to learn to drive.â??

Experts argue that Comeyâ??s comments make sense, and that the bureau needs to require a certain level of digital literacy and cyber know-how across the board to confront the issue.

â??Criminal reliance on technology is so great that cyber competence is an essential, not specialized, part of law enforcement,â?? said Mieke Eoyang, vice president of the national security program of think tank ThirdWay, who is currently researching FBI and workforce issues. â??Unfortunately, we donâ??t see law enforcement developing a strategic, coherent approach to integrating cyber into their skill set.â??

Ugoretz challenged the notion that the bureau is pivoting toward â??cyberâ?? crime the same way it reorganized to focus on terrorism. â??The way cyber is talked about, itâ??s as if itâ??s something wholly unique, not something thatâ??s connected to everything we do,â?? she said. â??I think thatâ??s not correct.â??

â??I know thereâ??s been some analogies made to the post 9/11 shift in resources ... [but] itâ??s about making sure everyone, no matter what theyâ??re working, has the perspective of whatever targets theyâ??re working, whether itâ??s a criminal, nation state, hacktivist, how theyâ??re using cyber-means to meet their objectives,â?? she said.

The essential challenge is how to make the entire bureau digitally competent. That includes providing basic digital training in how to apply for subpoenas to get information about a post on an online forum or on a social media website, remarked one former FBI cyber manager. However, the true technical work involved in intrusions is so â??in the weedsâ?? that many are not interested or not capable of developing those skills, the former manager said.

Multiple former FBI employees told Yahoo that part of the problem is that the bureau has been dominated by agents, while other employees with the specialized technical skills â?? sometimes dubbed â??tech ninja wizardsâ?? â?? have little opportunity for advancement, according to one former FBI employee.

Employees also found the bureaucracy and paperwork associated with the FBI can be â??crushing,â?? said one former FBI cyber employee. This is particularly true for anyone used to working in Silicon Valley. â??You may have this grand vision of entering into a career of awesome cyber investigations and come to the realization that half your time will be paperwork.â??

That paperwork, argued Ugoretz, is there for a reason. â??Our primary mission thatâ??s in really giant letters in the lobby is about preserving the Constitution and protecting the American people, and we canâ??t forget that part.â??

Some employees with technical skills felt their talents were being underutilized due to bureaucratic ranking systems. â??The bureau sucks at retaining people,â?? said one former FBI agent. â??They actively drive talent away because they do not let the people they hired for their skills use the skills they were hired for in the first place.â??

One of the biggest concerns for the bureau is competition from the private sector. Over recent years, the other intelligence agencies, particularly the NSA, suffered an exodus of talent amid disruptive reorganizations, clashes between military leadership and a civilian workforce, and lucrative salaries on the outside. The bureau is now facing a similar fate, though several former FBI employees interviewed by Yahoo said the bureaucratic roadblocks make it more difficult for the FBI to reward talented young cyber employees based on their rank, whereas NSA is better positioned to do that.

â??Itâ??s a highly competitive marketplace for talent,â?? said Gallagher, the former FBI special agent who now works at Kroll. â??Thereâ??s literally over a million vacant cybersecurity jobs around the country.â??

Even the FBI efforts to train employees, as opposed to recruiting cyber experts, can backfire. According to four of the former FBI employees interviewed by Yahoo, the FBIâ??s cyber training is extremely valuable â?? so valuable that it often allows them to find lucrative jobs in the private sector. It was after the training phase that people started leaving.

â??The FBI is kind of a victim of its own success,â?? said one retired FBI agent. â??Some people who landed in the cyber track felt like they were trapped,â?? the official explained, unable to return to criminal cases and play the field.

Former FBI cyber employees who spoke to Yahoo, as well as others whose departures were publicly announced, left the bureau for jobs in banks, consulting jobs, threat intelligence firms and even the NFL.

One of the reasons the FBI employees in New York leave is they canâ??t afford to live there on a government salary, a problem that extends to other tech hubs like San Francisco, Boston and Washington. High-ranking FBI employees can make in the six figures, but multiple former FBI employees, both agents and other employees, told Yahoo News their salaries often doubled or rose substantially when making the jump to the private sector. Seeking promotion within cyber roles at the bureau is also difficult, according to one former FBI cyber supervisor. â??If you want to stay in cyber, promotion is unbelievably hard,â?? he said.

Even beyond the FBIâ??s own internal problems, it also faces challenges from inside government. As is often the case within the vast federal bureaucracy, cyber is subject to turf battles among agencies. The U.S. Secret Service is moving into cyber investigations, and routinely brings financial cases forward, and the Department of Homeland Security, created in 2002 following the 9/11 attack, has expanded into defending the nationâ??s networks and critical infrastructure from cyberattacks. In November 2018, the Trump administration mandated the creation of the Cybersecurity and Infrastructure Security Agency within the DHS.

Both the DHS and the FBI work with the private sector, and handle sensitive information on breaches, but the FBI and the Department of Justice serve as the lead for responding to a cyberattack, collecting evidence and tracking down those responsible, while DHS is in charge of â??assetâ?? response, offering technical assistance to prevent further damage.

Those lines arenâ??t always clear cut, however. â??Theyâ??re constantly stepping on each otherâ??s toes,â?? said one former FBI cyber employee, though cooperation has improved over time, others said.

While bureaucratic infighting and difficulties keeping talent are not necessarily new issues to the federal government, they are likely to be critical as the FBI prepares for the 2020 election. And behind the scenes, the FBIâ??s leadership appears to now be recognizing problems with retaining its cyber workforce, and within the last several months, the bureau began conducting a survey on retention of cyber employees, according to one source who received a copy of the questionnaire.

According to the FBI, the voluntary attrition rate for special agents in 2018 was .5 percent, while 2 to 3 percent chose to leave the cyber division.

â??This isnâ??t just an FBI issue,â?? said Ugoretz, said of retention issues. â??Thereâ??s certainly great demand in the government, private sector, academia, everywhere for people with cyber skill.â??

Even despite complaints and concerns, nearly every former FBI employee who spoke to Yahoo News said they have thought about going back to government, nearly all citing the bureauâ??s national security mission as a primary factor.

But experts argue fixing the FBIâ??s problems, and retaining employees, will require major changes directed from the top, as well as support from Congress and the White House. Baker, the retired FBI general counsel, said thatâ??s what Mueller did following 9/11, and something of that magnitude will be required now.

â??The FBI is well aware of the seriousness of the cyberthreat and that it must organize itself to deal effectively with that threat. Doing so will require leadership and effective management,â?? said Baker.

â??Some china is going to have to be broken,â?? he concluded.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32598 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20190516/00124d99/attachment.txt>