Global Cybercrime: Federal Agency Efforts to Address International Partners' Capacity to Combat Crime
Fast Facts
Cybercrimes—such as online identity theft, credit card fraud, and ransomware attacks—are multiplying in frequency and scale around the globe.
The Departments of State, Justice, and Homeland Security are working with foreign nations to help combat these technology-driven crimes. Collaboration activities include information sharing with foreign partners on current threats and providing cyber training to foreign law enforcement.
But as the lead agency responsible for foreign assistance, State hasn't fully evaluated whether these activities have been effective in helping foreign nations combat cybercrime. We recommended that it do so.
Highlights
What GAO Found
The Departments of State, Justice (DOJ), and Homeland Security (DHS) officials, and experts from international entities identified six mutual challenges in building global capacity to combat cybercrime. These included a lack of dedicated resources, difficulties in retaining highly trained staff, and inconsistent definitions of “cybercrime.” The expert panel also identified challenges in working with the U.S. government, including obstacles in obtaining information, lack of collaboration, and lack of dedicated funding streams.
State, DOJ, and DHS have conducted a variety of activities to build foreign nations' capacity to combat cybercrime. These activities include engaging in information sharing with foreign partners and providing cyber training to foreign law enforcement officers. Agencies' activities can be grouped into four categories.
Four Categories of Activities to Build Capacity to Combat Cybercrime
These agencies have documented accomplishments for many activities, such as nations joining international treaties aimed at combatting cybercrime. Further, State's plans include an evaluation of a regional forensics training center. This planned evaluation would meet the department's requirements. However, State has not conducted a comprehensive evaluation of the agencies' collective efforts. State is in the best position to conduct such an evaluation since it is authorized to provide foreign assistance funding to help build key allies' and partners' capacity to combat cybercrime. Until State conducts this comprehensive evaluation, the overall impact and results of federal assistance to global partners will likely remain unknown.
Why GAO Did This Study
The U.S. and its global partners are experiencing the effects of a massive cybercrime wave, which is growing in frequency and scale. In 2021, the Federal Bureau of Investigation received a record number of cybercrime complaints, over 840,000, with potential losses exceeding $6.9 billion. Further, in 2022, the intelligence community noted an increase in ransomware attacks by transnational criminals, which threaten to cause disruptions of critical services worldwide.
GAO was asked to review federal efforts to build the capacity of allies and partner nations to combat cybercrime. This report's specific objectives were to (1) describe challenges in building global capacity to combat cybercrime, and (2) determine actions selected federal agencies are taking to build foreign nations' capacity to combat cybercrime and the extent to which they are evaluating the effectiveness of their efforts.
GAO interviewed agency officials and convened a panel of experts representing entities focused on capacity building to combat global cybercrime. GAO also analyzed documentation from State, DOJ, and DHS, which provide the majority of U.S. capacity building assistance.
Recommendations
GAO is making one recommendation to State to conduct a comprehensive evaluation of capacity building efforts to counter cybercrime. State concurred with the recommendation.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of State | The Secretary of State should instruct the Assistant Secretary of State for International Narcotics and Law Enforcement Affairs to conduct a comprehensive evaluation of capacity building efforts to counter cybercrime. (Recommendation 1) |
State concurred with our recommendation. In August 2023, State provided an overview of a planned evaluation of the agencies' capacity building efforts to counter cybercrime. Specifically, a social scientist from INL's Office of Knowledge Management is to work with the program team in the Office of Global Policy and Programs (GPP) to evaluate the extent to which GPP's cybercrime capacity building programming has achieved its stated goals and to make recommendations as needed. In June 2025, INL finalized its report which examined the extent to which projects in the Transnational Cybercrime and Intellectual Property program that were active during fiscal years 2019 through 2023, implemented by GPP, achieved stated goals and advanced U.S. strategic policy priorities. The report demonstrated that the program made significant progress on three of its four goals on which it was focused through 2023, including its goals on partner country adoption of legislative frameworks (i.e., substantive laws and procedural powers on cybercrime and electronic evidence) and participation in U.S.-supported multilateral cybercrime treaties and information sharing networks. The evaluation documented several notable enforcement outcomes, such as an increase in cybercrime arrests, seizures, and disruptions and an increase in prosecutions and convictions of cyber-enabled crime, that the program achieved in a select number of priority countries and focused on ways it could improve with respect to its enforcement goal. As a result of the department's efforts, State will be better positioned to ensure that activities and specific accomplishments are contributing to long-term success in improving foreign nations' ability to more effectively combat cybercrime.
|