Most UK Police Forces don’t investigate Cyber Crime

Uploaded on 2014-05-06 in FREE TO VIEW, GOVERNMENT-Law Enforcement

Ninety Percent of the UK’s Police have no Tactical or Strategic plans for monitoring, training PCs and reducing cyber crime.

And the idea that overall crime is reducing depends on which statistics are applied and by which Authority they are promoted.

A new report by HMIC (Her Majesty’s Inspectorate of Constabulary) has found that the majority of Britain’s police forces are unprepared for cybercrime, with only three forces out of 43 nationwide having developed a comprehensive cyber strategy in their Strategic Threat and Risk Assessments (STRAs) and with only twelve more forces having considered their approach to cyber at all.

This means that over two thirds of the county’s police do not have any plans for dealing with cyber crime. Also another point noted in the Report states that only half the UK forces have considered terrorism as part of their strategic planning assessments, which of course means terrorism or all types, including cyber, will mainly go on unmonitored and unopposed.

HMIC identifies that much more needs to be done by forces to secure the levels of preparedness that are necessary for them to collectively respond to the all of the national threats, as required by the Strategic Policing Requirement (SPR); and recommends that chief constables need to immediately establish a collective leadership approach, in order to secure the required levels of national preparedness.

Point 2.26 of the Report states ‘Senior leaders across police forces were unsure of what constituted a large-scale cyber incident. We found that, where they existed, STRAs and plans were focused only on investigating cybercrime; they were silent about preventing it and protecting people from the harm it causes.’

Large-scale cyber incident

2.42.  Research shows that cybercrime is significantly under-reported, and of those crimes reported to Action Fraud16, only 20 percent are passed to police forces. This means that police forces do not have sufficient information to identify and understand the threats, risks and harm associated with cybercrime.

5.68.  There was a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces. There was very little understanding of the part forces should have in working together with regional and national organisations to respond to the threat.

http://www.hmic.gov.uk/news/news-feed/strategic-policing-requirement-report-published/
http://www.hmic.gov.uk/inspections/strategic-policing-requirement/

England and Wales are lacking a cyber strategy to deal with electronic attacks and cyber crimes. Only Derbyshire, Lincolnshire and the West Midlands have cyber plans and ninety eight percent of all English and Welsh staff has no cyber training.

This is despite the requirements for plans and training being laid out by the Home Office in July 2012 in its Strategic Policing Requirement.

Two years ago this Report began with the Home Secretary’s stating,

Organised criminals do not stop their activity where one police force ends and another begins; countering terrorism requires a seamless and integrated approach right from local communities through to foreign countries; public disorder can require police officers from across the country to work together to restore order; the police lead the response to major civil emergencies; and the police must play their part in countering the new and growing threat that exists not on our streets but in cyberspace.
These threats have national dimensions but they all cause harm locally as well. That means they must be tackled not only by local policing, strongly grounded in communities, but also by police forces and other agencies working collaboratively across force and institutional boundaries. For too long Government focused on micro- managing local policing, while not paying enough attention to its proper role of supporting the response to national threats. The election of police and crime commissioners allows Government to get out of the way of local policing, putting accountability, rightly, in the hands of local people. At the same time, this Strategic Policing Requirement demonstrates our commitment to getting a better grip on the national threats we face.

Theresa May Home Secretary – July 2012.

The Report goes on to state in 6.1 – ‘In response to the threats from terrorism, cyber and organised crime, chief constables must have regard to the requirement for resources to be connected together locally, between forces, and nationally (including with national agencies) in order to deliver an integrated and comprehensive response. This should include the ability to communicate securely, access intelligence mechanisms relevant to the threat and link effectively with national co-ordinating mechanisms.’

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/

Another Recent Report states -

Poorly integrated IT systems – Forces use various IT systems for recording incidents and crimes. Our work so far has established that there are 14 different incident-recording IT systems in use by the 43 police forces of England and Wales and 18 different crime-recording systems. In addition, specialist departments, including those investigating serious sexual offences and dealing with the protection of vulnerable people, often have separate IT systems which are primarily used for case management and information-sharing.

Inadequate crime-recording on IT systems directly affects a force’s knowledge about crime. Without an accurate picture, there can be no proper analysis or a full understanding of the threat, risk and possible harm to the public. This knowledge is needed to decide where and how best to deploy police resources. The ability to audit systems properly is impeded by the number of incompatible IT systems in use and also because some of these systems have not been designed with an effective audit capability.

http://thinbluelineuk.blogspot.co.uk/2014/05/interim-hmic-report-on-crime-data.html

According to a Report on Crime in England and Wales, Year Ending December 2013 crime has reduced but this is a Survey and has a partial PR purpose

Latest figures from the Crime Survey for England and Wales (CSEW) estimate there were 7.5 million crimes against households and resident adults in the previous twelve months, based on interviews with a nationally representative sample in the year ending December 2013. This was down 15% compared with the previous year’s survey, and is the lowest estimate since the survey began in 1981.

The reduction of crime measured by the CSEW was driven by decreases in a range of offence groups, including: other household theft (down 25%); violence (down 22%); and vandalism (down 15%).

http://www.ons.gov.uk/ons/dcp171778_360216.pdf

However another Report by HMIC Her Majesty's Inspectorate of Constabulary on thirteen police forces states that A fifth of crimes in England and Wales could be going on and were unrecorded by police.

http://www.bbc.co.uk/news/uk-27226110

In summary, there seems to be a serious issue with co-ordination and management of the 43 different police forces in England and Wales although our research certainly suggests that the UK is not alone with this problem.

Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.

Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India, Raghavan said that more people would become victims of cyber crime than of conventional crime.

On an average only two per cent of our population is affected by conventional crime like robbery and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.

http://www.newindianexpress.com/cities/chennai/Cyber-Crime-Displacing

In the US the FBI has a cyber strategy that is attempting to co-ordinate the US response. Recently on April 16th Richard P. Quinn the National Security Assistant Special Agent in Charge, Philadelphia Field Office for the Federal Bureau of Investigation gave a statement before the House Homeland Security Committee, Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies in DC.

‘Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority. Within the FBI, we are prioritizing high-level intrusions—the biggest and most dangerous botnets, state-sponsored hackers, and global cyber syndicates. We want to predict and prevent attacks, rather than simply react after the fact.

‘FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources and wiretaps, surveillance, and forensics—to fight cyber crime. We are working side-by-side with our federal, state, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF). Through our 24-hour cyber command center, CyWatch, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber intrusion.’

Conclusions

In electronically linked global networks of states and nations a lot of crime has moved from the local to include inter-border and cross national dimensions and there is now a serious requirement for an integrated, centrally managed strategy and tactical practice for large areas of the police activity.

Recently five police forces in the UK’s Southwest have started a partnership with Bournemouth University with the aim to develop a cyber strategy. If this is successful it could be used as part of a larger plan to engage the whole of the UK police.

Certainly the economics and changes to the crime perspective require a far more integrated approach not unlike the centralised policing used in Scotland. In the rest of the larger UK a more centralised monitoring, control and integration is required than is being used at present. Integration of the 43 forces would improve the management and counter the individual focus of each force. This would improve crime reduction, tackle new un-recorded cyber crime and improve to systems and basic purchases required by such a large organisation as the police. These improvements and savings could then be used to advance local, inter-county and cross-boarder crime monitoring, intervention and reduction.

If you would like more information please contact Cyber Security Intellignece for a Research Report. Email: Info@cybersecurity-intelligence.com

« 10 Cyber Security Predictions for 2015
MH370: new drift improves search in Australia »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.

Telcion Communications Group

Telcion Communications Group

Telcion Communications Group provides communication and IT solutions to businesses and organizations throughout California and neighbouring states.