Most UK Police Forces don’t investigate Cyber Crime

Uploaded on 2014-05-06 in FREE TO VIEW, GOVERNMENT-Law Enforcement

Ninety Percent of the UK’s Police have no Tactical or Strategic plans for monitoring, training PCs and reducing cyber crime.

And the idea that overall crime is reducing depends on which statistics are applied and by which Authority they are promoted.

A new report by HMIC (Her Majesty’s Inspectorate of Constabulary) has found that the majority of Britain’s police forces are unprepared for cybercrime, with only three forces out of 43 nationwide having developed a comprehensive cyber strategy in their Strategic Threat and Risk Assessments (STRAs) and with only twelve more forces having considered their approach to cyber at all.

This means that over two thirds of the county’s police do not have any plans for dealing with cyber crime. Also another point noted in the Report states that only half the UK forces have considered terrorism as part of their strategic planning assessments, which of course means terrorism or all types, including cyber, will mainly go on unmonitored and unopposed.

HMIC identifies that much more needs to be done by forces to secure the levels of preparedness that are necessary for them to collectively respond to the all of the national threats, as required by the Strategic Policing Requirement (SPR); and recommends that chief constables need to immediately establish a collective leadership approach, in order to secure the required levels of national preparedness.

Point 2.26 of the Report states ‘Senior leaders across police forces were unsure of what constituted a large-scale cyber incident. We found that, where they existed, STRAs and plans were focused only on investigating cybercrime; they were silent about preventing it and protecting people from the harm it causes.’

Large-scale cyber incident

2.42.  Research shows that cybercrime is significantly under-reported, and of those crimes reported to Action Fraud16, only 20 percent are passed to police forces. This means that police forces do not have sufficient information to identify and understand the threats, risks and harm associated with cybercrime.

5.68.  There was a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces. There was very little understanding of the part forces should have in working together with regional and national organisations to respond to the threat.

http://www.hmic.gov.uk/news/news-feed/strategic-policing-requirement-report-published/
http://www.hmic.gov.uk/inspections/strategic-policing-requirement/

England and Wales are lacking a cyber strategy to deal with electronic attacks and cyber crimes. Only Derbyshire, Lincolnshire and the West Midlands have cyber plans and ninety eight percent of all English and Welsh staff has no cyber training.

This is despite the requirements for plans and training being laid out by the Home Office in July 2012 in its Strategic Policing Requirement.

Two years ago this Report began with the Home Secretary’s stating,

Organised criminals do not stop their activity where one police force ends and another begins; countering terrorism requires a seamless and integrated approach right from local communities through to foreign countries; public disorder can require police officers from across the country to work together to restore order; the police lead the response to major civil emergencies; and the police must play their part in countering the new and growing threat that exists not on our streets but in cyberspace.
These threats have national dimensions but they all cause harm locally as well. That means they must be tackled not only by local policing, strongly grounded in communities, but also by police forces and other agencies working collaboratively across force and institutional boundaries. For too long Government focused on micro- managing local policing, while not paying enough attention to its proper role of supporting the response to national threats. The election of police and crime commissioners allows Government to get out of the way of local policing, putting accountability, rightly, in the hands of local people. At the same time, this Strategic Policing Requirement demonstrates our commitment to getting a better grip on the national threats we face.

Theresa May Home Secretary – July 2012.

The Report goes on to state in 6.1 – ‘In response to the threats from terrorism, cyber and organised crime, chief constables must have regard to the requirement for resources to be connected together locally, between forces, and nationally (including with national agencies) in order to deliver an integrated and comprehensive response. This should include the ability to communicate securely, access intelligence mechanisms relevant to the threat and link effectively with national co-ordinating mechanisms.’

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/

Another Recent Report states -

Poorly integrated IT systems – Forces use various IT systems for recording incidents and crimes. Our work so far has established that there are 14 different incident-recording IT systems in use by the 43 police forces of England and Wales and 18 different crime-recording systems. In addition, specialist departments, including those investigating serious sexual offences and dealing with the protection of vulnerable people, often have separate IT systems which are primarily used for case management and information-sharing.

Inadequate crime-recording on IT systems directly affects a force’s knowledge about crime. Without an accurate picture, there can be no proper analysis or a full understanding of the threat, risk and possible harm to the public. This knowledge is needed to decide where and how best to deploy police resources. The ability to audit systems properly is impeded by the number of incompatible IT systems in use and also because some of these systems have not been designed with an effective audit capability.

http://thinbluelineuk.blogspot.co.uk/2014/05/interim-hmic-report-on-crime-data.html

According to a Report on Crime in England and Wales, Year Ending December 2013 crime has reduced but this is a Survey and has a partial PR purpose

Latest figures from the Crime Survey for England and Wales (CSEW) estimate there were 7.5 million crimes against households and resident adults in the previous twelve months, based on interviews with a nationally representative sample in the year ending December 2013. This was down 15% compared with the previous year’s survey, and is the lowest estimate since the survey began in 1981.

The reduction of crime measured by the CSEW was driven by decreases in a range of offence groups, including: other household theft (down 25%); violence (down 22%); and vandalism (down 15%).

http://www.ons.gov.uk/ons/dcp171778_360216.pdf

However another Report by HMIC Her Majesty's Inspectorate of Constabulary on thirteen police forces states that A fifth of crimes in England and Wales could be going on and were unrecorded by police.

http://www.bbc.co.uk/news/uk-27226110

In summary, there seems to be a serious issue with co-ordination and management of the 43 different police forces in England and Wales although our research certainly suggests that the UK is not alone with this problem.

Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.

Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India, Raghavan said that more people would become victims of cyber crime than of conventional crime.

On an average only two per cent of our population is affected by conventional crime like robbery and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.

http://www.newindianexpress.com/cities/chennai/Cyber-Crime-Displacing

In the US the FBI has a cyber strategy that is attempting to co-ordinate the US response. Recently on April 16th Richard P. Quinn the National Security Assistant Special Agent in Charge, Philadelphia Field Office for the Federal Bureau of Investigation gave a statement before the House Homeland Security Committee, Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies in DC.

‘Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority. Within the FBI, we are prioritizing high-level intrusions—the biggest and most dangerous botnets, state-sponsored hackers, and global cyber syndicates. We want to predict and prevent attacks, rather than simply react after the fact.

‘FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources and wiretaps, surveillance, and forensics—to fight cyber crime. We are working side-by-side with our federal, state, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF). Through our 24-hour cyber command center, CyWatch, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber intrusion.’

Conclusions

In electronically linked global networks of states and nations a lot of crime has moved from the local to include inter-border and cross national dimensions and there is now a serious requirement for an integrated, centrally managed strategy and tactical practice for large areas of the police activity.

Recently five police forces in the UK’s Southwest have started a partnership with Bournemouth University with the aim to develop a cyber strategy. If this is successful it could be used as part of a larger plan to engage the whole of the UK police.

Certainly the economics and changes to the crime perspective require a far more integrated approach not unlike the centralised policing used in Scotland. In the rest of the larger UK a more centralised monitoring, control and integration is required than is being used at present. Integration of the 43 forces would improve the management and counter the individual focus of each force. This would improve crime reduction, tackle new un-recorded cyber crime and improve to systems and basic purchases required by such a large organisation as the police. These improvements and savings could then be used to advance local, inter-county and cross-boarder crime monitoring, intervention and reduction.

If you would like more information please contact Cyber Security Intellignece for a Research Report. Email: Info@cybersecurity-intelligence.com

« 10 Cyber Security Predictions for 2015
MH370: new drift improves search in Australia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.