With the recent hack of the Democratic National Committee (DNC) emails, it is clear that cyber threats pose a significant concern to US political organizations, but which agency out of the “alphabet soup” should be responsible for the investigation? New guidance issued by the Obama Administration puts the Federal Bureau of Investigation (FBI) as the lead agency for cyber threat response. This codifies an already important role the FBI has undertaken for quite some time. The FBI has been the lead agency on cases ranging from ransomware to dark web marketplaces. The FBI arguably has the most resources and experience in cybercrime investigations, which gives them the expertise and know-how to be the lead agency in cyber incident response.
The FBI has not been alone in its efforts to combat cyber threats. The Department of Homeland Security US-CERT and Carnegie Mellon University’s CERT have been the cornerstone of computer incident response for over a decade. The US Secret Service and IRS have also played an important role in the investigation of financial crimes committed online and the Bureau of Alcohol, Tobacco, Firearm, and Explosives (ATF) has the responsibility to combat the illegal sale of firearms online. The common tie amongst all these agencies is FBI’s long-standing partnership with them and also FBI’s partnerships with the private sector.
The Presidential Directive also gives new responsibilities to DHS and Office of the Director of National Intelligence:
- The Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center, shall be the Federal lead agency for asset response activities.
- The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, shall be the Federal lead agency for intelligence support and related activities.[i]
The Directive specifically notes FBI’s lead role due to the possibility of nation-states being involved in cyber incidents, as well as the national security implications these cyber threats pose. As the FBI wears the hat of both criminal investigators and a member of the intelligence community they are uniquely qualified for this leadership role. The importance of the directive is it gives clear guidance on the “rules of the road,” which is often an issue in federal investigations. As cyber is
an emerging realm, it is important for federal agencies to understand who will take the lead in cyber investigations. It is clear there are many capable agencies with long-standing contributions in the area of cyber threat response. The Presidential Directive allows for clearer lines of communication and the ability to efficiently assign leadership and subordinate roles. The next step is to put this directive into action and this is where the rubber will meet the road in the ever-evolving realm of cyber threats.