The Department of Justice’s Office of the Inspector General released a redacted report stating that the FBI needs to improve its process for handling cybercrime reports and notifying victims of cyber intrusions.
The IG noted that data in the FBI’s Cyber Guardian system, designed for disseminating notifications to cyber victims to help mitigate further attacks, was “incomplete and unreliable, making the FBI unable to determine whether all victims are being notified.” The report also states that not all FBI agents properly indexed victims, and there was an inconsistency in the quality of formal requests for investigative actions.
In addition, the IG discovered the Department of Homeland Security contributes to the incompleteness of data in Cyber Guardian. The FBI failed to inform victims of national security-related cyber cases of their rights, according to the report.
The IG recommends the FBI fix the inconsistencies in CyNERGY, which was under development to replace Cyber Guardian during the audit. The lack of updated guidance about handling protected critical information for Cyber Guardian users will be an issue for CyNERGY, the IG noted. Other recommendations detailed in the report include clarifying definitions of cybercrime victims, fostering interagency coordination, improving victim engagement and fixing data processing operations.