The inter-agency task force the FBI set up in 2008 to share information about domestic cyber threat investigations is holding information back from partner agencies, finds the Justice Department inspector general.

In a somewhat redacted audit dated "April 2011" and released publically April 27, the DOJ IG says the FBI-led National Cyber Investigative Joint Task Force was meant to provide a venue and a means for sharing information among participants, which include military and intelligence community agencies. The original concept was for participants to have a safe harbor for data sharing made on condition that further distribution outside the purview of the NCIJTF would require the permission of the agency from where the information originated.

But, agencies including the FBI have instead first attempted to determine the "relevance and importance" of their information to another agency's operations before sharing it. Also, the NCIJTF memorandum of understanding is more restrictive than the original concept, since it gives agencies the right to control what information they share with the task force. Some agency representatives are often asked to leave "threat focus" meetings if they don't have a known need to know the information being discussed.

One Air Force Office of Special Investigations representative to the NCIJTF told auditors that the degree of information sharing the FBI will extend often depends to whom he makes the request. A Navy Criminal Investigative Service official also told auditors that a May 2009 request for information on a hacker went ignored, although FBI officials later told auditors that they did in fact share the information, albeit 5 months after the request was made.

It's a state of affairs, the report notes, that the 9/11 Commission criticized as a failure among federal agencies and which in the wake of the commission's report was meant to shift to a need-to-share model of transmitting information.

The report also finds that FBI staff did not always disseminate to FBI field offices information acquired through the NCIJTF germane to cases being investigated by the field offices. The FBI has co-located its cyber division's national security section program with the NCIJTF and often the same person is assigned to both organizations. FBI program managers told auditors they are "overwhelmed" with work and aren't always able to return phone calls from field offices.

As for the field offices themselves, the report says that FBI cyber crime agents are being transferred from one office to another per FBI rotation policy, but that they haven't always kept their cyber duties as they rotated. The Government Accountability Office detailed the same problem in a June 2007 report (.pdf). Experienced cyber crime agents often are replaced with investigators who have little or no experience or background in cyber crime. Of the 10 field offices auditors examined, agents in four of them said they have been assigned cyber cases that exceeded their technical capabilities.

For more:
- download the report, Audit Report 11-22 (.pdf)

Related Articles:
FBI: No Internet-connected system is impervious to cybercrime 
DHS fusion center info sharing lacks plan, says GAO 
FBI pondering legislation to strengthen wiretapping ability