ExpectMore.gov


Detailed Information on the
Cybercrime Assessment

Program Code 10000166
Program Title Cybercrime
Department Name Department of Justice
Agency/Bureau Name Federal Bureau of Investigation
Program Type(s) Direct Federal Program
Assessment Year 2008
Assessment Rating Adequate
Assessment Section Scores
Section Score
Program Purpose & Design 100%
Strategic Planning 62%
Program Management 72%
Program Results/Accountability 46%
Program Funding Level
(in millions)
FY2007 $293
FY2008 $305
FY2009 $360

Ongoing Program Improvement Plans

Year Began Improvement Plan Status Comments

Completed Program Improvement Plans

Year Began Improvement Plan Status Comments

Program Performance Measures

Term Type  
Long-term Outcome

Measure: Cumulative number of children depicted in child pornography rescued by the FBI


Explanation:A child "rescued" by the FBI would, in this context, be a child identified as a victim of a crime involving child pornography. A child would be considered rescued if, after identification, the FBI (either on its own or with the assistance of other law enforcement organizations) brought the child to safety away from the control or influence of the person exploiting them. Data are collected in coordination with the National Center for Missing and Exploited Children (NCMEC).

Year Target Actual
2007 Baseline 73
2012 793
Annual Outcome

Measure: Number of children depicted in child pornography rescued by the FBI


Explanation:A child "rescued" by the FBI would, in this context, be a child identified as a victim of a crime involving child pornography. A child would be considered rescued if, after identification, the FBI (either on its own or with the assistance of other law enforcement organizations) brought the child to safety away from the control or influence of the person exploiting them. Data are collected in coordination with the National Center for Missing and Exploited Children (NCMEC).

Year Target Actual
2006 Baseline (part year) 37
2007 Baseline (full year) 73
2008 120
2009 150
2010 150
2011 150
2012 150
Long-term Outcome

Measure: Cumulative number of child pornography websites or web hosts shut down


Explanation:In contrast to the actions of individuals, websites/web hosts represent efforts equivalent to organized criminal enterprises. Attacking these threats will realize the most benefits for vulnerable children. Starting in FY 2008, this measure will be replaced by the measure "Number of children depicted in child pornography rescued by the FBI."

Year Target Actual
2002 100 18
2007 4,800 7,528
Annual Outcome

Measure: Number of child pornography websites or web hosts shut down


Explanation:In contrast to the actions of individuals, websites/web hosts represent efforts equivalent to organized criminal enterprises. Attacking these threats will realize the most benefits for vulnerable children. Starting in FY 2008, this measure will be replaced by the measure "Number of children depicted in child pornography rescued by the FBI."

Year Target Actual
2002 100 18
2003 150 201
2004 250 2,638
2005 2,300 2,088
2006 1,000 906
2007 1,000 1,677
Long-term Efficiency

Measure: Cost Savings from online Cyber Training


Explanation:The FBI's Cyber Program is progressing towards providing training for conducting cyber investigations via online training courses. The student population for the majority of these classes is quite broad, including FBI Special Agents, support employees and state and local law enforcement or intelligence partners. These classes are primarily introductory-level training classes that provide students with basic cyber concepts and investigative strategies. Introductory-level classes do not involve significant hands-on interaction with hardware, software or networking devices. For Special Agents on the Cyber Career Path, they are core classes which are required before continuing on to take more technically advanced courses. Knowledge of cyber basics, and the mission and priorities of the Cyber Division throughout the FBI is desirable and aids the program. In addition to offering online training via the FBI Virtual Academy (the FBI's closed system intranet training system), training is also offered over the Internet, via a CENTRA Server. These online training options allow the FBI to offer courses to employees in remote locales, to state & local investigators with little to no cost, and to FBI employees who would not ordinarily have been selected for attendance at classroom-based training due to prohibitive travel costs or a low selection priority for available seats.

Year Target Actual
2007 Baseline $330,621
2008 Baseline TBD
2009 567,189 TBD
2010 595,548 TBD
2011 625,326 TBD
2012 656,592 TBD
Long-term Output

Measure: Cumulative number of priority computer intrusion investigations successfully completed


Explanation:This measure counts the amount of times where the FBI has achieved a successful result in a case primarily involving a computer intrusion, in violation of 18 U.S.C. ??1030. This relates to computer intrusions that occur under the following circumstances, using the following methods or having the following impacts: Attack Impact: Destruction of Information, Alteration of Information, Theft of Information, Denial of Service Special Circumstances: Computer affecting the administration of justice or national security, Threat to public health or safety, Caused physical injury, Impaired or modified medical treatment Method: Unauthorized access, Exceeding unauthorized access, Malicious code, Denial of service, Botnets, Phishing, Illegal wiretap, Social engineering, Physical access, Network recon, Other Currently, FBI Cyber Division reports automated conviction data for these accomplishments, which will be the basis of the baseline data for this measure. As the FBI implements reporting of these accomplishments through use of the FD-801 form, other criteria for determining the successful closing of a case based on a ??1030 violation will be defined.

Year Target Actual
2007 Baseline 27
2012 192
Annual Output

Measure: Number of priority computer intrusion investigations successfully completed


Explanation:This measure counts the amount of times where the FBI has achieved a successful result in a case primarily involving a computer intrusion, in violation of 18 U.S.C. ??1030. This relates to computer intrusions that occur under the following circumstances, using the following methods or having the following impacts: Attack Impact: Destruction of Information, Alteration of Information, Theft of Information, Denial of Service Special Circumstances: Computer affecting the administration of justice or national security, Threat to public health or safety, Caused physical injury, Impaired or modified medical treatment Method: Unauthorized access, Exceeding unauthorized access, Malicious code, Denial of service, Botnets, Phishing, Illegal wiretap, Social engineering, Physical access, Network recon, Other Currently, FBI Cyber Division reports automated conviction data for these accomplishments, which will be the basis of the baseline data for this measure. As the FBI implements reporting of these accomplishments through use of the FD-801 form, other criteria for determining the successful closing of a case based on a ??1030 violation will be defined.

Year Target Actual
2005 Baseline 34
2006 Baseline 24
2007 Baseline 27
2008 29
2009 31
2010 33
2011 35
2012 37
Long-term Output

Measure: Cumulative number of high impact Internet fraud targets neutralized


Explanation:High impact targets are defined under the following criteria: - total loss amount > $100,000 - international nexus - white-collar crime related fraud, such as: economic crime, financial institution fraud, money laundering scheme, and pharmaceutical fraud - "phishing" attack/identity theft - high volume of victims

Year Target Actual
2006 6 9
2012 84
Annual Output

Measure: Number of high impact Internet fraud targets neutralized


Explanation:High impact targets are defined under the following criteria: - total loss amount > $100,000 - international nexus - white-collar crime related fraud, such as: economic crime, financial institution fraud, money laundering scheme, and pharmaceutical fraud - "phishing" attack/identity theft - high volume of victims

Year Target Actual
2006 6 9
2007 10 11
2008 11
2009 12
2010 14
2011 15
2012 16

Questions/Answers (Detailed Assessment)

Section 1 - Program Purpose & Design
Number Question Answer Score
1.1

Is the program purpose clear?

Explanation: The FBI Cyber Division coordinates, supervises, and facilitates the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government-sponsored intelligence operations, or criminal activity. The FBI's general investigative authority for cyber-crime is contained in 18 U.S.C. §1030; White House National Strategy to Secure Cyber Space, February, 2003; and PDD/NSC-39, 6/21/95, and related Interagency Guidelines, 10/9/2000. In addition, program strategies are detailed in the FBI's Cyber National Strategy, 2006 and the FBI's Strategic Management System (SMS) Strategy Map and Five-Year Strategic Plan.

Evidence: 2006 Cyber Division National Strategy [Classified] 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] FBI National Cyber Initiative Implementation Plan [Classified]

YES 20%
1.2

Does the program address a specific and existing problem, interest, or need?

Explanation: The FBI Cyber Division addresses specific federal violations that involve computer systems as significant tools or targets. These specific crimes include illegal computer intrusions, theft of intellectual property, online sexual exploitation of children, and various forms of Internet fraud. As use of the Internet expands, so will these crime problems. The FBI, as part of its strategic planning process, continually assesses the threat of Cyber Crime to ensure that its investigative activities have the right scope and methods to address the problem. The FBI also receives reports of cyber threats from the U.S. intelligence community, FBI Legal Attaches, and local, state, federal, and foreign law enforcement counterparts; these reports support specific investigations and investigative priorities. Several sources are used to monitor and evaluate the nature and level of Cyber Crime, including: the FBI Cyber Threat Assessment; information and threat trends seen in FBI field offices, internal ongoing intelligence assessments, the CERT Coordination Center, which is a Federally-funded research and development center operated by Carnegie Mellon University and provides technical information on cyber vulnerabilities which may be exploited; Business Software Alliance referral of cases on the theft of Intellectual Property Rights; the National Center for Missing and Exploited Children, which provides statistics and data about complaints; and the Internet Crime Report from the FBI's Internet Crime Complaint Center.

Evidence: Internet Crime Report from the FBI's Internet Crime Complaint Center (www.IC3.gov) 2006 Cyber Division National Strategy [Classified] 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] FBI National Cyber Initiative Implementation Plan [Classified]

YES 20%
1.3

Is the program designed so that it is not redundant or duplicative of any other Federal, state, local or private effort?

Explanation: The FBI's responsibility for Cyber Crime is unique and distinct among federal agencies. Its mandate is broader than that of other agencies, covering a wide array of cyber violations. In particular, no other federal agency investigates federal violations in which the Internet, computer systems, or networks are exploited by terrorist organizations or foreign government sponsored intelligence operations. There are some areas of concurrent jurisdiction with other agencies. The White House National Strategy to Secure Cyber Space delineates the roles of the various agencies in cyber security and cyber investigations. In such cases, the FBI ensures that its efforts complement, not duplicate, the efforts of other agencies, using Memorandum of Understanding (MOUs), task forces, joint investigations, and inter-agency working groups. The FBI regularly conducts coordinated operations with the Department of Defense (DoD), U.S. Secret Service and other Department of Homeland Security components, Central Intelligence Agency (CIA), U.S. Postal Service, Federal Trade Commission, Social Security Administration, and Internal Revenue Service, as well as state and local law enforcement agencies involved in cyber matters. The FBI partners with the intelligence community to include the National Security Agency (NSA), CIA, and DoD components to address national security-related cyber threats. The FBI also collaborates with the Department of Homeland Security, U.S. Secret Service, the U.S. Postal Service, the Social Security Administration, and the Internal Revenue Service to address specific criminal computer-related threats and crimes. Such collaborations include Electronic Crimes Task Forces (Computer Intrusions, Internet Fraud, Intellectual Property Rights, Identity Theft) and Innocent Images Task Forces (sexual exploitation of children). These task forces also involve state and local law enforcement entities. In addition, the FBI partners with the Intellectual Property Rights Center, and the private sector National White Collar Crime Center and the National Cyber Forensics and Training Alliance on Internet crime and complaints.

Evidence: 2006 Cyber Division National Strategy [Classified] 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] FBI National Cyber Initiative Implementation Plan [Classified]

YES 20%
1.4

Is the program design free of major flaws that would limit the program's effectiveness or efficiency?

Explanation: The FBI took steps to improve the efficiency and effectiveness of the Cyber Program by consolidating resources under one Division to ensure they are coordinated and leveraged for maximum benefit. There is no evidence that a different program design would better address federal violations that involve the use of computers or the Internet. The FBI Cyber Division National Strategy, 2006, provides a strategic and coordinated approach to the problem. The strategy emphasizes leveraging the resources of international, federal, state and local partners for maximum results. The FBI's recent SMS Five-Year Strategic Plan also documents areas where Cyber Division is aware of areas where the Cyber Program has room for improvement. As part of its SMS analysis, the FBI also tracks strategic shifts in the direction of the Cyber Program policies.

Evidence: 2006 Cyber Division National Strategy [Classified] 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] FBI National Cyber Initiative Implementation Plan [Classified]

YES 20%
1.5

Is the program design effectively targeted so that resources will address the program's purpose directly and will reach intended beneficiaries?

Explanation: The FBI focuses its resources based upon its national priorities. The Cyber Program is considered within the Third Priority on the Director's list of Ten Priorities for the FBI, "Protect the U.S. against cyber-based attacks and high-technology crimes." The intended beneficiaries of this prioritization are the public and private sector components of the nation's critical infrastructure, the information infrastructure, the economic infrastructure, as well as the American public and our international partners. Every investigation is evaluated based on its impact in these areas and resources are prioritized appropriately to meet these needs. There are no unintended subsidies resulting from this program.

Evidence: List of FBI Director's Ten Priorities. FBI Compass Report showing Time Utilization and Record Keeping (TURK) data for Cyber investigations.

YES 20%
Section 1 - Program Purpose & Design Score 100%
Section 2 - Strategic Planning
Number Question Answer Score
2.1

Does the program have a limited number of specific long-term performance measures that focus on outcomes and meaningfully reflect the purpose of the program?

Explanation: The FBI currently tracks long-term data on at least two relevant performance measures for the Cyber Program, related to Internet Fraud and Child Pornography websites, for reporting external to the organization. These measures are currently incorporated into the Department of Justice (DOJ) Performance and Accountability Report. The Internet Fraud measure tracks the neutralization of high-impact targets. In the past, the Child Pornography measure has tracked the webhosts and websites shut down with the involvement of the FBI. The FBI is in the process of replacing the Child Pornography measure with a measure that directly relates to the outcome of rescuing children from child pornographers. In addition, the FBI is now including in its external reports a performance measure that concentrates on criminal computer intrusion investigations conducted pursuant to 18 U.S.C. §1030. Although two of the measures relate to outputs of criminal investigations, nonetheless the FBI feels that it best views the terms of performance in these areas by its ability to concentrate efforts on high-priority targets, and the volume of those targets that are prevented from causing further harm to society. The FBI uses output measures for this program instead of outcome measures due to the inherent difficulty in finding valid, measurable outcome data that validly reflects the effects of federal law enforcement interventions on the overall crime problem.

Evidence: Description of Performance Measure "Number of high-impact internet fraud targets neutralized" Description of Performance Measure "Number of children depicted in child pornography rescued by the FBI" Description of Performance Measure "Number of priority criminal computer intrusions successfully completed" FBI FY 2009 Authorization and Budget Request to Congress FY 2007 Department of Justice Performance and Accountability Report FY 2007 FBI Financial Statements - Management's Discussion and Analysis portion

YES 12%
2.2

Does the program have ambitious targets and timeframes for its long-term measures?

Explanation: The three performance measures cited in Question 2.1 measures are supported by specific, actionable, and measurable long-term, cumulative targets based on the sum of annual targets for each measure. However, at their current levels, the targets do not promote continuous program improvement.

Evidence: Description of Performance Measure "Number of high-impact internet fraud targets neutralized" Description of Performance Measure "Number of children depicted in child pornography rescued by the FBI" Description of Performance Measure "Number of priority criminal computer intrusions successfully completed" FBI FY 2009 Authorization and Budget Request to Congress

NO 0%
2.3

Does the program have a limited number of specific annual performance measures that can demonstrate progress toward achieving the program's long-term goals?

Explanation: The annual performance measures correspond directly to the long-term outcome and output measures described in Question 2.1. The FBI tracks its annual progress in each of these areas, and adjusts its targets based upon the resources that it is able to devote to each of the relevant program areas. The FBI uses output measures for this program instead of outcome measures due to the inherent difficulty in finding valid, measurable outcome data that validly reflects the effects of federal law enforcement interventions on the overall crime problem.

Evidence: Description of Performance Measure "Number of high-impact internet fraud targets neutralized" Description of Performance Measure "Number of children depicted in child pornography rescued by the FBI" Description of Performance Measure "Number of priority criminal computer intrusions successfully completed" FBI FY 2009 Authorization and Budget Request to Congress

YES 12%
2.4

Does the program have baselines and ambitious targets for its annual measures?

Explanation: The three performance measures cited in Question 2.1 measures are supported by specific, actionable, and measurable annual targets for each measure.

Evidence: Description of Performance Measure "Number of high-impact internet fraud targets neutralized" Description of Performance Measure "Number of children depicted in child pornography rescued by the FBI" Description of Performance Measure "Number of priority criminal computer intrusions successfully completed" FBI FY 2009 Authorization and Budget Request to Congress

YES 12%
2.5

Do all partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) commit to and work toward the annual and/or long-term goals of the program?

Explanation: Cyber task forces and other governmental joint efforts are created and designed to support the long-term goals of the Cyber Program. Contractors operate under Statements of Work and required deliverables that also support the goals and objectives of the Cyber Program.

Evidence: There are a number of long-term working relationships in place, including a formal relationship with the MITRE Corporation for enhanced case analysis and technical support as well as other agreements, both overt and covert, with service providers and vendors who provide direct, targeted support to the Cyber Program. In addition, FBI field offices locally establish MOUs and task forces with other law enforcement agencies. The FBI financially supports certain projects such as the Internet Crime Complaint Center. Annual objectives and results are reviewed with partners. Financial assistance to joint efforts is continued only if the objectives of the work groups are consistent with FBI program goals. These arrangements provide investigative reports and data that contribute to the performance measures.

YES 12%
2.6

Are independent evaluations of sufficient scope and quality conducted on a regular basis or as needed to support program improvements and evaluate effectiveness and relevance to the problem, interest, or need?

Explanation: In February FY 2004, FBI Inspection Division (INSD) conducted a program evaluation of the FBI Cyber Division, in a process that was constructed in coordination with DOJ and the Office of Management and Budget (OMB) to satisfy PART requirements for quality, scope, independence, and periodic evaluation. In the years following, INSD established a schedule for evaluation of other FBI programs, and conducted five other evaluations through the end of FY 2007. During FY 2008, INSD commenced with a substantial reconstruction of all inspections and evaluations involving field divisions, FBI Headquarters (HQ) divisions, and comprehensive FBI programs. As a result, a new inspection process shall be implemented during FY 2008. As currently proposed, this new inspection process will consist of annual reviews of the FBI. These reviews will mainly be conducted on a programmatic basis, and will include all FBI components (i.e., field and HQ) in its scope. However, INSD will still conduct inspections of entire field divisions if conditions call for such reviews. The specific programs and field offices under review in a given year will be determined through a combination of random selection and risk assessment factors determined through objective means. At a minimum, each FBI program will undergo an INSD review every 5 years. Although FBI field and program managers will be queried for input, INSD will conduct these inspections, and arrive at all of its conclusions, in its capacity as an independent entity that reports directly to the Associate Deputy Director of the FBI. Although significant effort has been spent to revamp the evaluation process, the FBI must demonstrate that the new process produces quality, independent reviews.

Evidence: February 2004 Pre-Inspection Evaluation of the FBI's Cyber Division FBI Organization Chart as of September 27, 2006 Draft Executive Summary of FBI Inspection Reconstruction Proposal Sample Draft Inspection Risk Assessment Matrix (IRAM) Sample Semi-Annual Program Review Sample SAC Performance Appraisal Report (PAR) Sample Leadership Climate Survey

NO 0%
2.7

Are Budget requests explicitly tied to accomplishment of the annual and long-term performance goals, and are the resource needs presented in a complete and transparent manner in the program's budget?

Explanation: The FBI's budget requests, including requests related to the Cyber Program, are designed according to the FBI's budget structure, which is composed of four decision units (Counterterrorism/Counterintelligence, Criminal Enterprises/Federal Crimes, Intelligence, & Criminal Justice Services). Measures are categorized by their decision unit, and have their targets adjusted based upon resources devoted to the program, which are in turn adjusted for proposed budget enhancements. The linkage between enhancements and changes in performance are more clearly defined when budget requests are applied directly to investigative resources for FBI operational programs. If budget requests are not successful, projected targets are accordingly adjusted closer to baseline performance. Unfortunately, the nature of the FBI's budget requests often concern funding for infrastructure or support functions that do not easily lend themselves to the sort of outcome measures that the FBI tracks for indications of its performance. This issue is considered to be a common problem for federal law enforcement agencies. Nonetheless, the FBI ties its operational program measures as closely to its annual budget requests as possible, defining those measures that are related both to priority organizational outcomes and to requested budget enhancements.

Evidence: FBI's FY 2009 Authorization and Budget Request to Congress

NO 0%
2.8

Has the program taken meaningful steps to correct its strategic planning deficiencies?

Explanation: The Cyber Program regularly conducts an annual review of program plans and goals. During this process, planning deficiencies are identified and corrected. Through FY 2006, the FBI has documented its strategic review through the Cyber Division National Strategy. In FY 2007, the FBI established the SMS process. During this process, the Cyber Program reviewed its entire strategic framework, both in terms of operations and support functions, and documented this framework in a new strategy map. The Cyber Program has also identified a series of strategic "shifts," areas where the program wants to change from its current state to a more effective operational state. In general, the FBI has made management interventions within recent years, both on its own and as a component of DOJ. The pay-for-performance program has established a mechanism for holding executive management accountable for implementing program goals on a semi-annual basis, including executives in FBI field offices and Cyber Division. In addition, the FBI has made improvements in addressing previously existing material weaknesses identified during financial audits.

Evidence: 2006 Cyber Division National Strategy [Classified] 2007 Cyber Five-Year Strategic Plan (SMS) [Classified]

YES 12%
Section 2 - Strategic Planning Score 62%
Section 3 - Program Management
Number Question Answer Score
3.1

Does the agency regularly collect timely and credible performance information, including information from key program partners, and use it to manage the program and improve performance?

Explanation: The Cyber Program has been collecting performance information related to long-range goals in coordination with DOJ and OMB since its initial PART review in 2002. However, the program also collects workload, output, and other forms of performance information and using this internal data for management purposes. The performance measures will be included as part of the program's SMS methodology as part of its effort to ensure adequate program performance and management. For several years, accomplishment data (e.g., arrests, indictments, convictions) has been entered into the FBI's Integrated Statistical Reporting and Analysis Application (ISRAA) database. This information is compiled in quarterly reports that allow a side-by-side comparison of long-term and annual performance measures for each FBI field office. Additional performance information is gathered through threat assessments and crime surveys, and by on-site inspections and reviews of investigative operations. Data collected is shared with interested partners. The FBI also provides data to DOJ in the form of Quarterly Status Reports (QSRs), and quarterly reports on select National Intelligence Program (NIP) measures to the Office of the Director of National Intelligence (ODNI). Cyber Program Managers regularly review: the percentage of time spent on cyber priority investigations; statistics on cyber-related indictments, arrests, convictions, recoveries, and fines; surveys regarding resource needs and crime trends; the Time Utilization reports on utilization of personnel resources; and data on the number of cases opened/closed. Also reviewed are: statistics and data on complaints compiled by the National Center for Missing and Exploited Children; data from CERT on cyber vulnerabilities; the Internet Crime Complaint Center annual report on crime by state, victim demographics, and other statistical data; and crime trend data. The FBI uses a variety of quantitative and non-quantitative criteria to review the performance information. Program priorities and resource allocations are adjusted based on the assessments. Management initiatives and issues are identified and acted upon. For example, Cyber Program Managers review field office agent resource allocations based on the number of agents working within the subprograms and the accomplishments achieved by these resources. As such, some reallocation of resources occurs annually based on these reviews. Currently, the FBI does not have a mechanism for collecting performance data from key program partners, including state and local governments and non-profit organizations. This lack of data collection makes it difficult to assess partner performance and the overall impact of the program.

Evidence: ?? FBI Compass Report on Cyber Programs [Classified] ?? FBI Quarterly Status Report to DOJ ?? FBI Quarterly Report on NIP measures to ODNI [Classified]

NO 0%
3.2

Are Federal managers and program partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) held accountable for cost, schedule and performance results?

Explanation: On June 30, 2004, the Attorney General transmitted DOJ's Senior Executive Service (SES) Performance-based Pay System to the Office of Personnel Management and OMB, including a generic work plan for all DOJ SES members, with an accompanying performance "contract" that is explicitly linked to the DOJ's, the President's, and/or the Attorney General's strategic goals. Consistent with the DOJ guidance, FBI Field Offices and Cyber Program Executives are held accountable for performance results in accordance with the Pay for Performance System. Senior Executives are held accountable for developing and implementing a workforce strategy and management directives that contribute measurable results to the Cyber Crime mission and improve financial performance. Each manager is held accountable for results within his/her program. Program results are discussed in annual performance reviews. In addition, the FBI INSD conducted management audits of the Cyber Division each three years. Audits are also conducted every three years of each Field Office; however, these audits cover all field activities, and therefore provide fewer details about individual programs. As discussed in 2.6, the INSD is currently revamping it inspection and evaluation process. Managers now have cascading goals containing measurable performance goals.

Evidence: ?? Semi-Annual Performance Appraisals [Classified] ?? President's Management Agenda Scorecard (the Department of Justice as a whole has been rated "green" for Strategic Management of Human Capital). ?? Cascading goals for Cyber Division program managers [Classified]

YES 14%
3.3

Are funds (Federal and partners') obligated in a timely manner, spent for the intended purpose and accurately reported?

Explanation: Most expenditures for the program are for personnel compensation and benefits. All personnel expenditures are tracked centrally by the FBI's Finance Division, using a computer model that tracks current payroll information and projects expenditures for the remainder of the year. Variables, such as the number of new hires and employee separations, are factored into the calculations. The FBI also monitors non-personnel spending of its programs through the development and monitoring of spending plans. Quarterly, each program prepares a status report on available funding and detailed plans for spending any remaining funding. The Finance Division has developed and implemented a process to review these plans to ensure appropriate use of the funds and proper financial reporting. This process ensures that all rewards are reported in a timely manner and are directed to the appropriate program purpose. In addition, the Finance Division, using the aforementioned process, provides feedback to the Division on budget planning and execution practices, procurement management, physical inventory statistics, and prompt payment of invoices. An accounting system is in place to ensure that funds are obligated in a timely manner and support only those items identified in the Plan.

Evidence: ?? Cyber Program Spending Plans & Financial Status Reports ?? FBI Financial Statements

YES 14%
3.4

Does the program have procedures (e.g. competitive sourcing/cost comparisons, IT improvements, appropriate incentives) to measure and achieve efficiencies and cost effectiveness in program execution?

Explanation: The Cyber Division was created in part to promote cost efficiency. Prior to its creation, cyber-related crimes were addressed in an ad-hoc manner that often resulted in duplication of efforts and inefficient use of resources. With the formation of the Cyber Program, a central point for addressing cyber violations was established. In addition, technology investments which represent a significant portion of the Cyber Program budget -- are subject to a variety of outside reviews. Technology investments by the Cyber Program are subject to the FBI IT Investment Management process; the DOJ IT review process; and the OMB capital investment review. In addition, the Cyber Program follows all FAR regulations, as well as good industry practices, with regard to competitive bidding for all IT equipment. Additionally, the Cyber Program follows government-wide policy and procedures for evaluating capital investments, including information technology projects. This process ensures that scarce resources are directed to efforts that support improved efficiencies and cost-effectiveness. The FBI is also dedicated to the competitive sourcing aspect of the President's Management Agenda. In FY 2004, the FBI completed an A-76 competition of its automotive maintenance services, which supports all investigative activities, including the Cyber Program. The FBI won the competition with a Most Efficient Organization (MEO) proposal. In FY 2006, the FBI completed a streamlined competition of the custodial services provided to FBI HQ, and won the competition with its MEO proposal. One of the ways that the Cyber Program tracks efficiency is the savings gained from offering Cyber Program training courses online. These online training options allow the FBI to offer courses to employees in remote locales, to state & local investigators with little to no cost, and to FBI employees who would not ordinarily have been selected for attendance at classroom-based training due to prohibitive travel costs or a low selection priority for available seats.

Evidence: ?? Documentation of FBI A-76 competitions ending in FY 2004 and FY 2006.

YES 14%
3.5

Does the program collaborate and coordinate effectively with related programs?

Explanation: The FBI is the lead agency responsible for leading national efforts in investigations of Cyber Crime. NSPD-54, signed by President Bush on January 8, 2008, mandated that the FBI expand operation of its National Cyber Investigative Joint Task Force (NCIJTF) as a multi-agency effort. The Cyber Program maintains contact and cooperates with other federal agencies. Each section also coordinates with foreign and domestic partners within working groups and special projects. Meaningful actions, resource allocation, referral systems, and joint performance goals are integral components of MOUs with other law enforcement entities. For example, the FBI currently has more than 66 Cyber Task Forces and through this process has obtained MOUs with more than 66 state and local agencies that participate on these task forces. Currently, the FBI participates in Cyber Task Forces in field offices across the United States. The FBI has also managed the nation's Intellectual Property Rights Center with the U.S. Customs Service (now part of DHS) since 1999. The FBI also jointly supports the Internet Crime Complaint Center with the National White Collar Crime Center. The FBI's Innocent Images National Initiative program works closely with the National Center for Missing and Exploited Children, a non-profit organization devoted to the protection of children. In addition, FBI Legal Attach?? Offices coordinate with foreign law enforcement services and the Cyber Division in the investigation of cyber matters.

Evidence: ?? 2006 Cyber Division National Strategy [Classified] ?? 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] ?? FBI National Cyber Initiative Implementation Plan [Classified]

YES 14%
3.6

Does the program use strong financial management practices?

Explanation: The most recent audit concluded that the FBI's financial management systems did not substantially comply with federal financial management system requirements and use of the United States Standard General Ledger at the transaction level as required by the Federal Financial Management Improvement Act of 1996 (FFMIA). As a result, the units involved in preparing the financial statements and other financial reports have been required to maintain numerous manual and automated processes in order to compensate for the controls and reporting abilities that are lacking in the FBI's financial management systems. This noncompliance with FFMIA has been reported since FY 1997.

Evidence: ?? FBI FY 2007 Financial Statements ?? Cyber Division Spend Plans

NO 0%
3.7

Has the program taken meaningful steps to address its management deficiencies?

Explanation: A formal inspection of the Cyber Division was conducted in 2007. The INSD, which reports to the FBI's Deputy Associate Director, is responsible for independent oversight and evaluation of all FBI investigative and administrative operations. These evaluations offer rigorous and objective analyses of the effectiveness of FBI programs. There is an established FBI process for resolving weaknesses and tracking corrective actions for issues identified in formal evaluations. The inspection process provides a comprehensive analysis and evaluation of key management and financial issues. Once deficiencies are identified, program managers are provided with corrective actions to be taken and status reports are submitted which track the progress of the identified weaknesses. At the current time, the FBI is in the process of reconstructing its inspection process to enhance its ability to conduct enterprise-wide program reviews (see Question 2.6). In FY 2006, the FBI migrated its payroll system to the National Finance Center (NFC) in preparation for the eventual implementation of the DOJ's Unified Financial Management System (UFMS). The FBI's participation with DOJ's UFMS and eventual migration to this system are the chief efforts made by the FBI's Finance Division to eliminate any deficiencies that may be discovered in the course of its the annual audits of its financial statements. The FBI also undergoes quarterly and annual reviews of its financial statements by independent auditors as part of an overall effort to eliminate any weaknesses or conditions that can be mitigated prior to the FBI's migration to UFMS. The Cyber Division's participation in DOJ's Pay for Performance system and the FBI's increased attention to improvement of its financial controls mark areas where the program continues to address necessary changes in its management.

Evidence: ?? 2006 Cyber Division National Strategy [Classified] ?? 2007 Cyber Five-Year Strategic Plan (SMS) [Classified] ?? FBI National Cyber Initiative Implementation Plan [Classified]

YES 14%
Section 3 - Program Management Score 72%
Section 4 - Program Results/Accountability
Number Question Answer Score
4.1

Has the program demonstrated adequate progress in achieving its long-term performance goals?

Explanation: The long-term/cumulative performance goals of the Cyber Program's measures have been met since they were established in 2003. Although there have been some changes to the measures adopted by the FBI for publication in this PART, and thus revisions to the targets, the long-term results have been achieved. For some measures in the current iteration of the Cybercrime PART, the FBI is adopting alternatives with only baseline data. These new measures should be a better representation of the FBI's success in achieving the operational outcomes of the Cyber Program. Data for measures that will be discontinued are supplied through FY 2007 to document the achievement of the long-term goals.

Evidence: ?? See performance measures section of this PART ?? Measures are also documented in the performance tables from FBI's FY 2009 Authorization and Budget Request to Congress

SMALL EXTENT 7%
4.2

Does the program (including program partners) achieve its annual performance goals?

Explanation: For the most part, the FBI has attained each of its annual performance goals. Some of the new measures can only provide baseline data, and did not have previously established targets. There is also one example where one annual target was not met for one measure.

Evidence: ?? See performance measures section of this PART ?? Measures are also documented in the performance tables from FBI's FY 2009 Authorization and Budget Request to Congress

SMALL EXTENT 7%
4.3

Does the program demonstrate improved efficiencies or cost effectiveness in achieving program goals each year?

Explanation: In the past few years of tracking its performance in quickly copying seized storage devices for forensic analysis, the FBI met its goal in one of the three previous years since the measure was instituted, but was very close to its goal in the other two years. The FBI has managed to demonstrate efficiencies in a recent A-76 competition as well, showing that it was able to beat competing private sector bids for performing its custodial services function at FBI Headquarters.

Evidence: See performance measures section of this PART Measures are also documented in the performance tables from FBI's FY 2009 Authorization and Budget Request to Congress 2006 A-76 Custodial Services competition results

SMALL EXTENT 7%
4.4

Does the performance of this program compare favorably to other programs, including government, private, etc., with similar purpose and goals?

Explanation: Comparisons are difficult, as the FBI's responsibility for Cyber Crime is unique and distinct among federal agencies. Its mandate is broader than that of other agencies, covering a wide array of cyber violations. In particular, no other federal agency investigates federal violations in which the Internet, computer systems, or networks are exploited by terrorist organizations or foreign government sponsored intelligence operations. However, the many cyber task forces that the FBI participates in, as well as its leadership in the NCIJTF, provide an opportunity to demonstrate the FBI's leadership and performance in fighting cyber crime. Currently, the FBI participates in Cyber Task Forces in field offices across the United States. The FBI managed the nation's Intellectual Property Rights Center with Immigration and Customs Enforcement from 1999 through 2003. The FBI also supports the Internet Crime Complaint Center jointly with the National White Collar Crime Center.

Evidence: ?? FBI National Cyber Initiative Implementation Plan [Classified]

YES 20%
4.5

Do independent evaluations of sufficient scope and quality indicate that the program is effective and achieving results?

Explanation: The February 2004 Cyber Program evaluation conducted by INSD found that "all components seem to be operating effectively and efficiently." This evaluation detailed several findings that concentrated on the program's early issues of defining its responsibilities and priorities. Although the conditions that resulted in these findings have changed substantially since FY 2004, they were relevant at the time. The evaluation cites the creation of cyber task forces as an important step in coordinating investigations. INSD's inspection of Cyber Division in March 2007 also found that all components were operating effectively and efficiently." In the Computer Intrusion Section, the highest priority in the Cyber Program, the inspection detailed a single finding that the Cyber Program, should consider mandating that cyber squads coordinate with the Counterintelligence Division on counterintelligence cyber investigations versus simply suggesting that they do so. As a typical inspection results in numerous findings and recommendations, this inspection was considered to reflect the high standards and outstanding work done by this section and the Cyber Division as a whole.

Evidence: ?? March 2007 Inspection Evaluation of the FBI's Cyber Division. [Classified] ?? February 2004 Pre-Inspection Evaluation of the FBI's Cyber Division [Classified]

SMALL EXTENT 7%
Section 4 - Program Results/Accountability Score 46%


Last updated: 09062008.2008SPR