In recent years, the U.S. Secret Service’s responsibilities have increasingly bled into the cybersecurity arena. But according to a new bipartisan House Oversight and Government Reform report, the focus may be misplaced.
The agency is now responsible for maintaining the Electronic Crimes Task Forces, which hunts for international cyber criminals, and running the National Computer Forensics Institute, which provides cybercrime training for law enforcement professionals.
In fact, the Secret Service is now one of the Department of Homeland Security’s components with the largest cyber workloads. In 2014, 10 percent of Secret Service employees’ hours were devoted to cybercrime investigations, according to the report. For comparison, about 32 percent of their time was spent on physical protection.
But amid the recent series of physical White House security breaches, it might be time for the Secret Service to focus more on physical crime and hand off its cybercrime responsibilities to other federal agencies, lawmakers argue.
“Given that a significant portion of [the Secret Service's] mission is investigating cybercrime and the agency is suffering from severe staffing shortages, there is a perfect opportunity to more efficiently consolidate cyber responsibilities while simultaneously alleviating a major strain on resources" within the agency, the report stated.
A variety of other federal agencies already have cybersecurity responsibilities that overlap with the Secret Service. The report suggests reducing the duplication by transferring portions of the Secret Service’s cyber responsibilities to the FBI.
“I’d like us to combine our task force," said FBI Director James Comey, during an October House Judiciary hearing referenced in the report. "It doesn’t make any sense for them (Secret Service) to have electronic crimes task force, and [for] me to have a cyber task force; there ought to be one.”
According to the report, a chart on the Justice Department’s website explains where the public should go to report certain types of crimes. The cybercrime section not only has multiple, conflicting reporting options, but the Secret Service links take the user to a defunct website.
In addition, the Secret Service has not complied with a variety of “baseline” requirements pertaining to DHS information security programs or the Federal Information Security Act requirements, according to the report.
There are also clear cyber training gaps with some Secret Service employees, especially those who are not specifically technical operators, the report stated.
The report authors recommend the Obama administration conduct an interagency review to determine the Secret Service’s nonessential missions, and submit those findings to Congress within a year.