Cybercrime:

Public and Private Entities Face Challenges in Addressing Cyber Threats

GAO-07-705: Published: Jun 22, 2007. Publicly Released: Jul 23, 2007.

Additional Materials:

Contact:

David A. Powner
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Computer interconnectivity has produced enormous benefits but has also enabled criminal activity that exploits this interconnectivity for financial gain and other malicious purposes, such as Internet fraud, child exploitation, identity theft, and terrorism. Efforts to address cybercrime include activities associated with protecting networks and information, detecting criminal activity, investigating crime, and prosecuting criminals. GAO's objectives were to (1) determine the impact of cybercrime on our nation's economy and security; (2) describe key federal entities, as well as nonfederal and private sector entities, responsible for addressing cybercrime; and (3) determine challenges being faced in addressing cybercrime. To accomplish these objectives, GAO analyzed multiple reports, studies, and surveys and held interviews with public and private officials.

Cybercrime has significant economic impacts and threatens U.S. national security interests. Various studies and experts estimate the direct economic impact from cybercrime to be in the billions of dollars annually. The annual loss due to computer crime was estimated to be $67.2 billion for U.S. organizations, according to a 2005 Federal Bureau of Investigation (FBI) survey. In addition, there is continued concern about the threat that our adversaries, including nation-states and terrorists, pose to our national security. For example, intelligence officials have stated that nation-states and terrorists could conduct a coordinated cyber attack to seriously disrupt electric power distribution, air traffic control, and financial sectors. Also, according to FBI testimony, terrorist organizations have used cybercrime to raise money to fund their activities. Despite the estimated loss of money and information and known threats from adversaries, the precise impact of cybercrime is unknown because it is not always detected and reported. Numerous public and private entities have responsibilities to protect against, detect, investigate, and prosecute cybercrime. The Departments of Justice, Homeland Security, and Defense, and the Federal Trade Commission have prominent roles in addressing cybercrime within the federal government, and state and local law enforcement entities play similar roles at their levels. Private entities such as Internet service providers and software developers focus on the development and implementation of technology systems to detect and protect against cybercrime, as well as gather evidence for investigations. In addition, numerous cybercrime partnerships have been established between public sector entities, between public and private sector entities, and internationally, including information-sharing efforts. Entities face a number of key challenges in addressing cybercrime, including reporting cybercrime and ensuring that there are adequate analytical capabilities to support law enforcement. While public and private entities, partnerships, and tasks forces have initiated efforts to address these challenges, federal agencies can take additional action to help ensure adequate law enforcement capabilities.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In response to this recommendation, the assistant director of the Office of Professional Responsibility within the United States Secret Service (USSS) conducted an analysis to assess the impact of the current rotation approach on their respective law enforcement analytical and technical capabilities to investigate and prosecute cybercrime. Specifically, the Office of Professional Responsibility reviewed the staffing levels from 2006 through 2010 and compared them to the number of Electronic Crimes Special Agent Program (ECSAP) examinations performed, to determine a ratio of agents to examinations. The results of the analysis indicated that there was no downward trend and production in this area of expertise has remained relatively consistent throughout the five year period. Officials stated that the sole anomaly to this trend occurred during fiscal year 2008, and was a direct result of the delay in the rotation of agents due to USSS increased protection efforts during the Presidential Primary and National Elections. Further, since the investigative case load for the USSS is predicated on the volume and complexity of each case referred to the agency for investigation and that the ratio of agents to examinations remained relatively consistent during the five year period, USSS determined that rotating ECSAP agents does not negatively affect the agency's ability to investigate cybercrime.

    Recommendation: The Attorney General should direct the FBI Director and the Secretary of Homeland Security should direct the Director of the Secret Service to assess the impact of the current rotation approach on their respective law enforcement analytical and technical capabilities to investigate and prosecute cybercrime and to modify their approaches, as appropriate.

    Agency Affected: Department of Justice: Office of the Attorney General

  2. Status: Closed - Implemented

    Comments: In response to this recommendation, the FBI Director and the Special Agents in Charge discussed the mandated rotational policies at quarterly meetings and determined that these policies help to position the FBI to counter cyber threats to national security. Furthermore, reviews of all requests for additional or replacement special agents for the cyber-funded staffing level are handled by the Assistant Director, Cyber Division, and, as a result of the rotational transfer policy, no transfers for special agents have been required. Other non-rotational transfers are reviewed annually. These transfers are based on, among other things, critical needs, and mitigate the imbalance of the rotational policy.

    Recommendation: The Attorney General should direct the FBI Director and the Secretary of Homeland Security should direct the Director of the Secret Service to assess the impact of the current rotation approach on their respective law enforcement analytical and technical capabilities to investigate and prosecute cybercrime and to modify their approaches, as appropriate.

    Agency Affected: Department of Justice: Office of the Attorney General

 

Explore the full database of GAO's Open Recommendations »

Sep 22, 2014

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Looking for more? Browse all our products here