The FBI needs to identify and categorize cyber threats more quickly than it currently does in an effort to stay out in front of current and emerging cyber threats.That was the general observation of a report out this week from the Department of Justice’s Office of the Inspector General which found that while the FBI has an annual process, known as Threat Review and Prioritization (TRP), to identify the most severe and substantial threats and direct resources to them, the process employs subjective terminology that is open to interpretation, and as such does not prioritize cyber threats in an objective, data-driven, reproducible, and auditable manner.
Also, because TRP is conducted annually, it may not be agile enough to identify emerging cyber threats in a timely manner, the OIG stated.
The OIG said that the FBI Cyber Division has a relatively new tool that it says could greatly help the FBI in its cyber threat evaluations. Developed in June 2014, Threat Examination and Scoping (TExAS) software uses a weighted algorithm to prioritize cyber threats based on specific data, rather than on subjective determinations as used in the TRP process, the OIG stated. The data visualization tool also allows decision makers to prioritize or otherwise allocate resources toward new intrusions sets or towards ones where better intelligence is needed.
The OIG said that TExAS is more objective than TRP and, if properly implemented, can prioritize threats more frequently and more efficiently than TRP.
A Cyber Division official told the OIG that it intends to have Sentinel, the FBI’s case management system, automatically update TExAS with available data once a day In FY 2017 and to have the applicable field offices manually enter the data that Sentinel cannot transfer every 30 days.