Most UK Police Forces don’t investigate Cyber Crime

Uploaded on 2014-05-06 in FREE TO VIEW, GOVERNMENT-Law Enforcement

Ninety Percent of the UK’s Police have no Tactical or Strategic plans for monitoring, training PCs and reducing cyber crime.

And the idea that overall crime is reducing depends on which statistics are applied and by which Authority they are promoted.

A new report by HMIC (Her Majesty’s Inspectorate of Constabulary) has found that the majority of Britain’s police forces are unprepared for cybercrime, with only three forces out of 43 nationwide having developed a comprehensive cyber strategy in their Strategic Threat and Risk Assessments (STRAs) and with only twelve more forces having considered their approach to cyber at all.

This means that over two thirds of the county’s police do not have any plans for dealing with cyber crime. Also another point noted in the Report states that only half the UK forces have considered terrorism as part of their strategic planning assessments, which of course means terrorism or all types, including cyber, will mainly go on unmonitored and unopposed.

HMIC identifies that much more needs to be done by forces to secure the levels of preparedness that are necessary for them to collectively respond to the all of the national threats, as required by the Strategic Policing Requirement (SPR); and recommends that chief constables need to immediately establish a collective leadership approach, in order to secure the required levels of national preparedness.

Point 2.26 of the Report states ‘Senior leaders across police forces were unsure of what constituted a large-scale cyber incident. We found that, where they existed, STRAs and plans were focused only on investigating cybercrime; they were silent about preventing it and protecting people from the harm it causes.’

Large-scale cyber incident

2.42.  Research shows that cybercrime is significantly under-reported, and of those crimes reported to Action Fraud16, only 20 percent are passed to police forces. This means that police forces do not have sufficient information to identify and understand the threats, risks and harm associated with cybercrime.

5.68.  There was a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces. There was very little understanding of the part forces should have in working together with regional and national organisations to respond to the threat.

http://www.hmic.gov.uk/news/news-feed/strategic-policing-requirement-report-published/
http://www.hmic.gov.uk/inspections/strategic-policing-requirement/

England and Wales are lacking a cyber strategy to deal with electronic attacks and cyber crimes. Only Derbyshire, Lincolnshire and the West Midlands have cyber plans and ninety eight percent of all English and Welsh staff has no cyber training.

This is despite the requirements for plans and training being laid out by the Home Office in July 2012 in its Strategic Policing Requirement.

Two years ago this Report began with the Home Secretary’s stating,

Organised criminals do not stop their activity where one police force ends and another begins; countering terrorism requires a seamless and integrated approach right from local communities through to foreign countries; public disorder can require police officers from across the country to work together to restore order; the police lead the response to major civil emergencies; and the police must play their part in countering the new and growing threat that exists not on our streets but in cyberspace.
These threats have national dimensions but they all cause harm locally as well. That means they must be tackled not only by local policing, strongly grounded in communities, but also by police forces and other agencies working collaboratively across force and institutional boundaries. For too long Government focused on micro- managing local policing, while not paying enough attention to its proper role of supporting the response to national threats. The election of police and crime commissioners allows Government to get out of the way of local policing, putting accountability, rightly, in the hands of local people. At the same time, this Strategic Policing Requirement demonstrates our commitment to getting a better grip on the national threats we face.

Theresa May Home Secretary – July 2012.

The Report goes on to state in 6.1 – ‘In response to the threats from terrorism, cyber and organised crime, chief constables must have regard to the requirement for resources to be connected together locally, between forces, and nationally (including with national agencies) in order to deliver an integrated and comprehensive response. This should include the ability to communicate securely, access intelligence mechanisms relevant to the threat and link effectively with national co-ordinating mechanisms.’

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/

Another Recent Report states -

Poorly integrated IT systems – Forces use various IT systems for recording incidents and crimes. Our work so far has established that there are 14 different incident-recording IT systems in use by the 43 police forces of England and Wales and 18 different crime-recording systems. In addition, specialist departments, including those investigating serious sexual offences and dealing with the protection of vulnerable people, often have separate IT systems which are primarily used for case management and information-sharing.

Inadequate crime-recording on IT systems directly affects a force’s knowledge about crime. Without an accurate picture, there can be no proper analysis or a full understanding of the threat, risk and possible harm to the public. This knowledge is needed to decide where and how best to deploy police resources. The ability to audit systems properly is impeded by the number of incompatible IT systems in use and also because some of these systems have not been designed with an effective audit capability.

http://thinbluelineuk.blogspot.co.uk/2014/05/interim-hmic-report-on-crime-data.html

According to a Report on Crime in England and Wales, Year Ending December 2013 crime has reduced but this is a Survey and has a partial PR purpose

Latest figures from the Crime Survey for England and Wales (CSEW) estimate there were 7.5 million crimes against households and resident adults in the previous twelve months, based on interviews with a nationally representative sample in the year ending December 2013. This was down 15% compared with the previous year’s survey, and is the lowest estimate since the survey began in 1981.

The reduction of crime measured by the CSEW was driven by decreases in a range of offence groups, including: other household theft (down 25%); violence (down 22%); and vandalism (down 15%).

http://www.ons.gov.uk/ons/dcp171778_360216.pdf

However another Report by HMIC Her Majesty's Inspectorate of Constabulary on thirteen police forces states that A fifth of crimes in England and Wales could be going on and were unrecorded by police.

http://www.bbc.co.uk/news/uk-27226110

In summary, there seems to be a serious issue with co-ordination and management of the 43 different police forces in England and Wales although our research certainly suggests that the UK is not alone with this problem.

Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.

Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India, Raghavan said that more people would become victims of cyber crime than of conventional crime.

On an average only two per cent of our population is affected by conventional crime like robbery and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.

http://www.newindianexpress.com/cities/chennai/Cyber-Crime-Displacing

In the US the FBI has a cyber strategy that is attempting to co-ordinate the US response. Recently on April 16th Richard P. Quinn the National Security Assistant Special Agent in Charge, Philadelphia Field Office for the Federal Bureau of Investigation gave a statement before the House Homeland Security Committee, Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies in DC.

‘Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority. Within the FBI, we are prioritizing high-level intrusions—the biggest and most dangerous botnets, state-sponsored hackers, and global cyber syndicates. We want to predict and prevent attacks, rather than simply react after the fact.

‘FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources and wiretaps, surveillance, and forensics—to fight cyber crime. We are working side-by-side with our federal, state, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF). Through our 24-hour cyber command center, CyWatch, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber intrusion.’

Conclusions

In electronically linked global networks of states and nations a lot of crime has moved from the local to include inter-border and cross national dimensions and there is now a serious requirement for an integrated, centrally managed strategy and tactical practice for large areas of the police activity.

Recently five police forces in the UK’s Southwest have started a partnership with Bournemouth University with the aim to develop a cyber strategy. If this is successful it could be used as part of a larger plan to engage the whole of the UK police.

Certainly the economics and changes to the crime perspective require a far more integrated approach not unlike the centralised policing used in Scotland. In the rest of the larger UK a more centralised monitoring, control and integration is required than is being used at present. Integration of the 43 forces would improve the management and counter the individual focus of each force. This would improve crime reduction, tackle new un-recorded cyber crime and improve to systems and basic purchases required by such a large organisation as the police. These improvements and savings could then be used to advance local, inter-county and cross-boarder crime monitoring, intervention and reduction.

If you would like more information please contact Cyber Security Intellignece for a Research Report. Email: Info@cybersecurity-intelligence.com

« 10 Cyber Security Predictions for 2015
MH370: new drift improves search in Australia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Abacode

Abacode

Abacode is a Managed Security Services Provider (MSSP). We help businesses consolidate all of their Regulatory Compliance & Cybersecurity needs, under one roof.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.