State Should Evaluate Global Anti-Cybercrime Efforts, GAO Says

Andriy Onufriyenko/Getty Images

A watchdog report said the State Department should take the lead in determining the effectiveness of federal agencies’ partnerships with international allies to combat digital crimes.

The State Department should conduct a “comprehensive evaluation” of federal agencies’ efforts to assist partner nations with combating cybercrimes, according to a report from the Government Accountability Office released on March 1.

GAO’s review—which was requested by lawmakers on the Senate Foreign Relations Committee and the House Foreign Affairs Committee—examined “federal efforts to build the capacity of allies and partner nations to combat cybercrime,” including some of the challenges with capacity-building initiatives and what federal agencies are doing to assist international partners in building out their own cyberdefense and investigative capabilities. 

The report found that the departments of State, Justice and Homeland Security “have been assigned lead roles” in working with partner nations to combat cybercrimes, including through a host of cooperative, legal, strategic and training initiatives. While GAO noted that these agencies “have documented accomplishments for many activities, such as nations joining international treaties aimed at combating cybercrime,” it found that they have “not comprehensively evaluated [their] collective efforts.”

GAO said that State is in the best position to conduct this evaluation, since the agency “is authorized to provide foreign assistance funding to help build key allies’ and partners’ capacity to combat cybercrime.” The evaluation, the report added, should focus on “how these activities have contributed to overall capacity building.” 

“Without such evaluations, State cannot ensure that agencies’ individual activities or case-specific accomplishments are contributing to long-term success in improving foreign nations’ ability to more effectively combat cybercrime,” GAO said.

Beyond the need for a comprehensive evaluation to review agencies’ efforts, the report also identified “mutual challenges in building global capacity to combat cybercrimes.” These included concerns about “the lack of available resources and difficulty in retaining trained individuals,” as well as “the rapidly evolving technological landscape and inconsistent definitions of 'cybercrime.’”

“Both agency officials and international experts noted that the lack of an agreed upon definition for what constitutes cybercrime, within governments and globally, presents a barrier to tracking data on the current scope and prevalence of cybercrime,” the report said.

Experts and officials also expressed concerns about the U.S. government’s ability to effectively support international partners with their anti-cybercrime efforts, with the report noting that “State officials commented that the federal government’s own capacity, such as availability of experts, to deliver assistance to foreign partners and international law enforcement, is a challenge.”

Some of the challenges international allies noted in working with the U.S. government included “difficulty obtaining information, lack of communication, limitations regarding the use of funds and difficulty disseminating classified intelligence.”

GAO noted, in part, that some DHS officials interviewed for the report “agreed that most international law enforcement entities are unaware of how to request funding information,” and added that “these international law enforcement entities rely on State’s field point of contact to navigate the various layers of formal requests.”

In its one recommendation, GAO said that State should “conduct a comprehensive evaluation of capacity building efforts to counter cybercrime.” State concurred with GAO’s recommendation.