Cybercrimes—such as online identity theft, credit card fraud, and ransomware attacks—are multiplying in frequency and scale around the globe.
The Departments of State, Justice, and Homeland Security are working with foreign nations to help combat these technology-driven crimes. Collaboration activities include information sharing with foreign partners on current threats and providing cyber training to foreign law enforcement.
But as the lead agency responsible for foreign assistance, State hasn't fully evaluated whether these activities have been effective in helping foreign nations combat cybercrime. We recommended that it do so.
What GAO Found
The Departments of State, Justice (DOJ), and Homeland Security (DHS) officials, and experts from international entities identified six mutual challenges in building global capacity to combat cybercrime. These included a lack of dedicated resources, difficulties in retaining highly trained staff, and inconsistent definitions of “cybercrime.” The expert panel also identified challenges in working with the U.S. government, including obstacles in obtaining information, lack of collaboration, and lack of dedicated funding streams.
State, DOJ, and DHS have conducted a variety of activities to build foreign nations' capacity to combat cybercrime. These activities include engaging in information sharing with foreign partners and providing cyber training to foreign law enforcement officers. Agencies' activities can be grouped into four categories.
Four Categories of Activities to Build Capacity to Combat Cybercrime
These agencies have documented accomplishments for many activities, such as nations joining international treaties aimed at combatting cybercrime. Further, State's plans include an evaluation of a regional forensics training center. This planned evaluation would meet the department's requirements. However, State has not conducted a comprehensive evaluation of the agencies' collective efforts. State is in the best position to conduct such an evaluation since it is authorized to provide foreign assistance funding to help build key allies' and partners' capacity to combat cybercrime. Until State conducts this comprehensive evaluation, the overall impact and results of federal assistance to global partners will likely remain unknown.
Why GAO Did This Study
The U.S. and its global partners are experiencing the effects of a massive cybercrime wave, which is growing in frequency and scale. In 2021, the Federal Bureau of Investigation received a record number of cybercrime complaints, over 840,000, with potential losses exceeding $6.9 billion. Further, in 2022, the intelligence community noted an increase in ransomware attacks by transnational criminals, which threaten to cause disruptions of critical services worldwide.
GAO was asked to review federal efforts to build the capacity of allies and partner nations to combat cybercrime. This report's specific objectives were to (1) describe challenges in building global capacity to combat cybercrime, and (2) determine actions selected federal agencies are taking to build foreign nations' capacity to combat cybercrime and the extent to which they are evaluating the effectiveness of their efforts.
GAO interviewed agency officials and convened a panel of experts representing entities focused on capacity building to combat global cybercrime. GAO also analyzed documentation from State, DOJ, and DHS, which provide the majority of U.S. capacity building assistance.
GAO is making one recommendation to State to conduct a comprehensive evaluation of capacity building efforts to counter cybercrime. State concurred with the recommendation.