WASHINGTON—Representatives Eliot L. Engel (D-NY) and Michael McCaul (R-TX), Chairman and Ranking Member of the House Foreign Affairs Committee, this week called for an assessment of the United States’ efforts to work with allies and partners to combat international cybercrime. In a letter to Government Accountability Office Comptroller Dodaro, the members detailed the importance of international cooperation to effectively address cybercrime and asked for a thorough review of current efforts to highlight areas for improvement.

“We strongly support efforts to boost the capacity of foreign law enforcement agencies to bring malicious cyber actors to justice and respectfully request you evaluate the scope and impact of such efforts to help us determine how to ensure they are most effective,” the members wrote.

Full text of the letter can be found here and below:

Dear Comptroller Dodaro:

We write to request that the Government Accountability Office (GAO) conduct a review on the strategy and effectiveness of United States Government efforts to build the capacity of allies and partner nations to combat cybercrime.

The United States and countries around the globe are facing a massive cybercrime wave that continues to grow in size and scope. Cybercrime, that is crimes that use or target computer networks, is affecting America’s people, businesses, organizations and government institutions with devastating national and economic security impacts. Beginning under President Obama and continuing under President Trump, we have seen significant indictments of major cybercriminals and, in some cases, the successful arrest and extradition of these criminals to the United States.

America is not alone. A single cybercrime incident can impact countless victims in many different countries independent of the location of the perpetrators. For this reason, global law enforcement cooperation in cyber investigations is a critical component of U.S. efforts to bring cybercriminals to justice. As a 2007 GAO report on challenges to public and private entities in addressing cyber threats highlighted, there are numerous “transnational jurisdiction, investigation, and prosecution issues” involved in addressing cybercrime cooperatively with other countries.

To help boost international cooperation, the U.S. Government has invested resources into programs aimed at enhancing the capacity and capability of foreign criminal justice entities, particularly investigators, computer forensic experts, and prosecutors, to investigate and prosecute cybercrime and develop regional and global networks to assist in these efforts. Capacity building initiatives funded by State and Foreign Operations Appropriations include but are not limited to:

·         Programs and technical assistance coordinated and implemented by the State Department’s Bureau of International Narcotics and Law Enforcement; 

·         Programmatic initiatives supported by the Bureau of Counterterrorism and Countering Violent Extremism, which has worked to strengthen global efforts to gather, analyze, preserve, and share digital evidence; 

·         Programmatic support provided through the State Department’s Office of the Coordinator for Cyber Issues (S/CCI)

·         The Transnational and High Tech Crime Global Law Enforcement Network (GLEN) of International Computer Hacking and Intellectual Property Coordinators (ICHIPS), which supports the placement of Department of Justice attorneys at U.S. Missions around the globe to enhance partner nations’ capacity on cybercrime;  

·         Programs implemented by the Department of Justice’s International Criminal Investigative Training Assistance Program (ICITAP) and Overseas Prosecutorial Development Assistance and Training (OPDAT); and 

·         Assistance provided through multilateral entities for global capacity building on cybercrime at the United Nations, INTERPOL, the Group of Seven, the Organisation for Economic Co-operation and Development, and other institutions and to regional bodies such as the Organization for Security and Co-operation in Europe and the Council of Europe.

Despite the critical importance of these efforts, the government entities involved in supporting and/or implementing this capacity building have not clearly articulated an inter-agency strategy with firm objectives as to what these efforts are aiming to achieve and what metrics are being utilized, if any, to monitor and evaluate their effectiveness. In order to assess the scope and adequacy of programming supported by U.S. foreign assistance, we request the GAO:

1.       Determine the amount of foreign assistance being provided to programs aimed at building the capacity of global criminal justice actors to fight cybercrime, including those programs implemented by the Department of Justice and any other U.S. government entities, and the countries and international organizations that are the largest recipients of such assistance. This determination should include an assessment of funding levels for these programs over the last five years and highlight significant areas of change. 

2.       Evaluate the decision-making processes involved in how the key federal bureaus and offices with significant programmatic initiatives supported and/or implemented by those entities to build the capacity of global criminal justice actors to fight cybercrime determine what countries and organizations to provide funding to and what objectives, if any, have been established to help make these determinations; 

3.       Assess the effectiveness of the metrics being used, if any, to evaluate such programming and the challenges to more effective programming that will significantly reduce global cybercrime and help boost law enforcement cooperation in cyber investigations. 

The reduction of cybercrime that continues to target Americans will not be possible without the cooperation of foreign law enforcement agencies, many of which benefit from our country’s legal and technical assistance. Accordingly, the capacity building support provided by the U.S. Government to foreign governments’ criminal justice systems is vital to making progress in identifying, stopping, and bringing to justice cybercriminals and other malicious cyber actors. We strongly support efforts to boost the capacity of foreign law enforcement agencies to bring malicious cyber actors to justice and respectfully request you evaluate the scope and impact of such efforts to help us determine how to ensure it is most effective.