Most UK Police Forces don’t investigate Cyber Crime

Uploaded on 2014-05-06 in FREE TO VIEW, GOVERNMENT-Law Enforcement

Ninety Percent of the UK’s Police have no Tactical or Strategic plans for monitoring, training PCs and reducing cyber crime.

And the idea that overall crime is reducing depends on which statistics are applied and by which Authority they are promoted.

A new report by HMIC (Her Majesty’s Inspectorate of Constabulary) has found that the majority of Britain’s police forces are unprepared for cybercrime, with only three forces out of 43 nationwide having developed a comprehensive cyber strategy in their Strategic Threat and Risk Assessments (STRAs) and with only twelve more forces having considered their approach to cyber at all.

This means that over two thirds of the county’s police do not have any plans for dealing with cyber crime. Also another point noted in the Report states that only half the UK forces have considered terrorism as part of their strategic planning assessments, which of course means terrorism or all types, including cyber, will mainly go on unmonitored and unopposed.

HMIC identifies that much more needs to be done by forces to secure the levels of preparedness that are necessary for them to collectively respond to the all of the national threats, as required by the Strategic Policing Requirement (SPR); and recommends that chief constables need to immediately establish a collective leadership approach, in order to secure the required levels of national preparedness.

Point 2.26 of the Report states ‘Senior leaders across police forces were unsure of what constituted a large-scale cyber incident. We found that, where they existed, STRAs and plans were focused only on investigating cybercrime; they were silent about preventing it and protecting people from the harm it causes.’

Large-scale cyber incident

2.42.  Research shows that cybercrime is significantly under-reported, and of those crimes reported to Action Fraud16, only 20 percent are passed to police forces. This means that police forces do not have sufficient information to identify and understand the threats, risks and harm associated with cybercrime.

5.68.  There was a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces. There was very little understanding of the part forces should have in working together with regional and national organisations to respond to the threat.

http://www.hmic.gov.uk/news/news-feed/strategic-policing-requirement-report-published/
http://www.hmic.gov.uk/inspections/strategic-policing-requirement/

England and Wales are lacking a cyber strategy to deal with electronic attacks and cyber crimes. Only Derbyshire, Lincolnshire and the West Midlands have cyber plans and ninety eight percent of all English and Welsh staff has no cyber training.

This is despite the requirements for plans and training being laid out by the Home Office in July 2012 in its Strategic Policing Requirement.

Two years ago this Report began with the Home Secretary’s stating,

Organised criminals do not stop their activity where one police force ends and another begins; countering terrorism requires a seamless and integrated approach right from local communities through to foreign countries; public disorder can require police officers from across the country to work together to restore order; the police lead the response to major civil emergencies; and the police must play their part in countering the new and growing threat that exists not on our streets but in cyberspace.
These threats have national dimensions but they all cause harm locally as well. That means they must be tackled not only by local policing, strongly grounded in communities, but also by police forces and other agencies working collaboratively across force and institutional boundaries. For too long Government focused on micro- managing local policing, while not paying enough attention to its proper role of supporting the response to national threats. The election of police and crime commissioners allows Government to get out of the way of local policing, putting accountability, rightly, in the hands of local people. At the same time, this Strategic Policing Requirement demonstrates our commitment to getting a better grip on the national threats we face.

Theresa May Home Secretary – July 2012.

The Report goes on to state in 6.1 – ‘In response to the threats from terrorism, cyber and organised crime, chief constables must have regard to the requirement for resources to be connected together locally, between forces, and nationally (including with national agencies) in order to deliver an integrated and comprehensive response. This should include the ability to communicate securely, access intelligence mechanisms relevant to the threat and link effectively with national co-ordinating mechanisms.’

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/

Another Recent Report states -

Poorly integrated IT systems – Forces use various IT systems for recording incidents and crimes. Our work so far has established that there are 14 different incident-recording IT systems in use by the 43 police forces of England and Wales and 18 different crime-recording systems. In addition, specialist departments, including those investigating serious sexual offences and dealing with the protection of vulnerable people, often have separate IT systems which are primarily used for case management and information-sharing.

Inadequate crime-recording on IT systems directly affects a force’s knowledge about crime. Without an accurate picture, there can be no proper analysis or a full understanding of the threat, risk and possible harm to the public. This knowledge is needed to decide where and how best to deploy police resources. The ability to audit systems properly is impeded by the number of incompatible IT systems in use and also because some of these systems have not been designed with an effective audit capability.

http://thinbluelineuk.blogspot.co.uk/2014/05/interim-hmic-report-on-crime-data.html

According to a Report on Crime in England and Wales, Year Ending December 2013 crime has reduced but this is a Survey and has a partial PR purpose

Latest figures from the Crime Survey for England and Wales (CSEW) estimate there were 7.5 million crimes against households and resident adults in the previous twelve months, based on interviews with a nationally representative sample in the year ending December 2013. This was down 15% compared with the previous year’s survey, and is the lowest estimate since the survey began in 1981.

The reduction of crime measured by the CSEW was driven by decreases in a range of offence groups, including: other household theft (down 25%); violence (down 22%); and vandalism (down 15%).

http://www.ons.gov.uk/ons/dcp171778_360216.pdf

However another Report by HMIC Her Majesty's Inspectorate of Constabulary on thirteen police forces states that A fifth of crimes in England and Wales could be going on and were unrecorded by police.

http://www.bbc.co.uk/news/uk-27226110

In summary, there seems to be a serious issue with co-ordination and management of the 43 different police forces in England and Wales although our research certainly suggests that the UK is not alone with this problem.

Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.

Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India, Raghavan said that more people would become victims of cyber crime than of conventional crime.

On an average only two per cent of our population is affected by conventional crime like robbery and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.

http://www.newindianexpress.com/cities/chennai/Cyber-Crime-Displacing

In the US the FBI has a cyber strategy that is attempting to co-ordinate the US response. Recently on April 16th Richard P. Quinn the National Security Assistant Special Agent in Charge, Philadelphia Field Office for the Federal Bureau of Investigation gave a statement before the House Homeland Security Committee, Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies in DC.

‘Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority. Within the FBI, we are prioritizing high-level intrusions—the biggest and most dangerous botnets, state-sponsored hackers, and global cyber syndicates. We want to predict and prevent attacks, rather than simply react after the fact.

‘FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources and wiretaps, surveillance, and forensics—to fight cyber crime. We are working side-by-side with our federal, state, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF). Through our 24-hour cyber command center, CyWatch, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber intrusion.’

Conclusions

In electronically linked global networks of states and nations a lot of crime has moved from the local to include inter-border and cross national dimensions and there is now a serious requirement for an integrated, centrally managed strategy and tactical practice for large areas of the police activity.

Recently five police forces in the UK’s Southwest have started a partnership with Bournemouth University with the aim to develop a cyber strategy. If this is successful it could be used as part of a larger plan to engage the whole of the UK police.

Certainly the economics and changes to the crime perspective require a far more integrated approach not unlike the centralised policing used in Scotland. In the rest of the larger UK a more centralised monitoring, control and integration is required than is being used at present. Integration of the 43 forces would improve the management and counter the individual focus of each force. This would improve crime reduction, tackle new un-recorded cyber crime and improve to systems and basic purchases required by such a large organisation as the police. These improvements and savings could then be used to advance local, inter-county and cross-boarder crime monitoring, intervention and reduction.

If you would like more information please contact Cyber Security Intellignece for a Research Report. Email: Info@cybersecurity-intelligence.com

« 10 Cyber Security Predictions for 2015
MH370: new drift improves search in Australia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.