With all of the stories in the news these days about Stuxnet, the ZeuS botnet, spam, identity theft, cyberwar, the US Cyber Command, and hackers, it's easy to believe that cybercrime and computer security is a high priority for the US government.
However, a new analysis from Gary Warner with the CyberCrime & Doing Time blog claims that although cyber crime should be a high priority for US law enforcement, it's not. He points out that despite the fact that cyber crimes are escalating dramatically, the FBI's budget is only increasing by 4%, creating only 347 new agent positions over the 2010 fiscal year. There's only a 5.5% increase for the US Attorney's offices, which would of course be responsible for prosecuting the criminals that the FBI catches.
Officially, cyber crime is the FBI's third priority, behind terrorism and counterintelligence. However, Mr. Warner points out that 51% of the FBI's budget is for counterterrorism. Coming in at a distant second is major thefts/violent crime at 14.8% and third is "combat public and corporate corruption, fraud, economic crime, and cybercrime". Obviously, the FBI's budgetary priorities don't match their stated goals.
The 2011 FY budget (October 2010-September 2011) shows some steps in the right direction. They requested an increase of 163 positions for Computer Intrusions (63 agents and 46 analysts) and only 90 new positions for National Security Threats. This isn't to say that national security issues are unimportant ... far from it! It's that cybercrime isn't given a big enough balance of the FBI's attention, and this will work towards correcting that imbalance. After all, the FBI claims that in Fiscal Year 2008 (2009 was not complete when the report came out), out of 3,974 computer intrusion cases received, there were only 31 "priority" investigations successfully "satisfied" (the FBI's term, I don't know how they define them), resulting in 126 convictions/pre-trial diversion. Granted, some of these cases will be unable to result in convictions because many hackers reside outside the country, but this week's arrests of computer fraudsters in the US, Russia, the UK and Ukraine show that with good international cooperation these thieves can be brought to justice.
Although these arrests are excellent progress, it's sobering to note that the 2010 Verizon/Secret Service Data Breach Investigations report shows that in 2009, the Secret Service added another 84 cases from 2009, for a total of 4,058 computer intrusion cases that got the attention of federal law enforcement (although it's possible that some of the FBI's cases are also in the Secret Service's report, I'm being optimistic). Also in 2009, the Internet Crime Complaint Center reported that Obviously, we have no way of knowing how many breaches there were total, as many are never reported or even discovered. Also, the FBI statistic refers to only computer intrusions and the Secret Service statistic refers only to data breaches, so they're not equivalent figures. Still, it seems clear that the FBI is under-equipped to deal with the vast amount of cybercrime out there today.
The FBI's cyber division and other federal cyber law enforcement agencies do excellent work fighting cybercrime, but without better support and budgets, they can't really cut down the amount of theft going on out there. Far more people are victims of cyber crime than terrorism, yet terrorism always gets the media and political attention and the budgets that go along with it. I feel we need to better support the FBI's cyber division to fight back against these hackers. What do you say, readers? What's your opinion on the topic?
Full disclosure: I have applied for the FBI and would like to work in their cyber division.