by Shaun Waterman
Washington, April 21, 2008
Last summer the FBI quietly established a special working group with U.S. intelligence and other agencies to identify and respond to cyber threats against the United States.The group, called the National Cyber Investigative Joint Task Force, now has “several dozen” personnel working together at an undisclosed location in the Washington area, according to the man in charge, Shawn Henry, the bureau’s deputy assistant director in charge of its cyber division.
In an interview with United Press International, Henry was tight-lipped about the task force’s makeup, saying only that it involved “several intelligence, law-enforcement and other agencies from across the U.S. government.”
Documents released earlier this month by the Department of Homeland Security said that the task force was being expanded “to include representation from the U.S. Secret Service and several other federal agencies.”
The Secret Service says on its Web site that, as part of its mission against counterfeiting, it investigates “computer-based attacks on our nation’s financial, banking, and telecommunications infrastructure.”
In a previously unnoticed aside during congressional testimony last year, FBI Director Robert Mueller said the task force was a partnership with other agencies to deal with cyber threats from foreign intelligence.
The bureau’s justification for next year’s budget, in which it has requested an additional 70 agents and more than 100 support personnel for its cyber division, says the task force “seeks to address cyber intrusions presenting a national security threat.”
The budget justification says the task force will “develop a global view of information warfare activity; �� identify intelligence gaps; �� create a strategic framework to develop operations; �� de-conflict investigations and operations (and) �� generate timely intelligence.”
It says the task force is divided into an analytic group that “seeks to synthesize a common operating picture of hostile intrusion related activity to aid investigations, reviews all-source data, and produces quarterly reports” and an information operations group.
The information operations group “provides a forum for de-conflicting and collaborating on investigations and provides centralized coordination of operational initiatives.”
The idea, Henry said, is for the partner agencies to “share information and make sure we’re not overlapping in our response.”
“If you serve a physical search warrant, and other agencies are involved, you can see them at the door,” he said, adding that in virtual investigations it was harder to know who else might be on the trail.
“We’re sharing investigative and threat information,” he said, “looking at the attacks (each agency is) seeing and the methodologies being used.”
From the FBI’s point of view, he added, the task force “allows us to get visibility for our field offices across the country” into how threats are developing and what investigations are going on.
The cyber task force looks at “all cyber threats,” Henry said, but is currently focused on “organizations that are targeting U.S. infrastructure.”
He declined to comment further, but in recent congressional testimony Director of National Intelligence Michael McConnell named Russia and China as among the most important cyber adversaries for the United States.
Henry said it was important to be “adversary neutral” in combating cyber threats.
“A network can be attacked by a terrorist group, a foreign power, or a hacker kid from Oklahoma City. �� Networks need to be protected from all threats because once (sensitive) data has been stolen, it can be transferred anywhere,” he said.
In his recent testimony McConnell said the U.S. government is “not prepared to deal with” the cyber threats it faces. And Homeland Security Secretary Michael Chertoff told a bloggers’ roundtable last month that cybersecurity was “the one area in which I feel we’ve been behind where I would like to be.”
Asked whether the U.S. government is now getting a handle on the problem, Henry replied: “Our response has to constantly change and grow because the threat is constantly changing and growing.”
He said that one of the most worrying aspects of cyber threats was the extent to which “the offense outstrips the defense.”
“The pace of technological change �� the increasing connectivity (of networks) creates more opportunity for exploitation” of vulnerabilities, he explained.
“The general public is not aware (enough) of the threats,” he said. “People need to be sensitized to potential vulnerabilities �� (They) need to be aware that their information is at risk if they don’t take precautions.”
In its 2009 budget request the FBI is also asking for $5 million to expand the task force infrastructure through a services contract to provide IT services property and facility maintenance and management, and a 24/7 security force for the group’s facility, where “task force elements have full visibility and connectivity into all member agency operations.”