Former FBI Director Talks Cybersecurity

From hammering out new cybersecurity responsibilities to successfully transitioning thousands of case files over to a digital system, it was the delegation of responsibility -- not the technology itself -- that posed a major challenge to former FBI Director Robert Mueller, he said in a recent keynote.

During a government IT conference in Washington, Mueller discussed organizational missteps and lessons learned during his time as head of the FBI between 2001 and 2013.  

When he joined the FBI, for instance, the bureau was starting a multimillion-dollar effort to upgrade its computing system -- replacing hardware, software and networks -- and also to build a completely virtual case file system. Over the next few years, he met with six separate teams working on various aspects of the upgrade and was assured the virtual case system could go live by 2004, he said.

Mueller was skeptical the teams could meet the proposed timeline for deploying the technology, he said, but “I delegated, because I didn’t want to get involved in it, [and] don’t have any background in it,” Mueller said.

Instead, he deferred to technologists, who became increasingly desperate as the scheduled launch date approached, he said.

In the end, he faced two choices: Throw millions of dollars at the project in a last-ditch attempt to meet the deadline or start over from scratch. 

"Neither of the choices are one that Congress is really supportive of,” he said.

The agency eventually pulled the plug on the program in 2005 after spending $170 million. The FBI debuted a new multimillion-dollar digital case-file project, called Sentinel, in 2012.

Mueller admitted it was his responsibility, as director of the FBI, to ask for clarification on these kinds of broad technology projects.  

“You have a responsibility as the head of the organization to know and understand what was going on," he said. "And I didn’t do what I should have done in terms of asking those questions and assuring those answers.”

Another challenge, he said, was defining interagency responsibilities -- in the event of a threat, who is in charge of what. After the 9/11 attacks, he said, the bureau began restructuring to address counterterrorism efforts, and started hiring more staff with cyber expertise, but also met with other federal groups to determine what their staff would do.

“Congress is not always deft in terms of allocating clear responsibility for certain areas,” Mueller said.

During his term, Mueller met with the former head of the National Security Security, Gen. Keith Alexander, and then-Secretary of the Department of Homeland Security Janet Napolitano to “iron out lanes in the road."

Together, they decided DHS would be responsible for protecting the infrastructure, and setting standards for technology, ensuring those standards were met, and later for resolving issues that may come after an attack has occurred, he said.

The FBI was to oversee domestic intelligence gathering, as well as using the criminal justice system to address attacks, among other realms. NSA was responsible for overseas intelligence-gathering and military actions. 

But the organization chart they drew up didn’t always hold in practice, he said.  

“You can sit down and you can allocate," he said. "The three at the top may think one way. As you go down the ladder, there [are] other ways of viewing it -- but that’s life in Washington.”