Why police need the skills to counter cybercrime

With cybercrime a growing problem, large-scale investment in developing police skills and attracting cyber-aware officers is vital

Dealing with cybercrime is a rapidly growing demand on police time as officers’ cyber-skills come under increasing pressure.

Statistics for the City of London reveal that between April and September last year 13,357 cybercrimes were reported, with victims losing £34.6 million. And the number of incidents is on the rise.

Cybercrime is a growing trend with total losses increasing by 24 per cent,” says commander Karen Baxter of City of London Police. “In particular, criminals are targeting social media users and online account holders in a bid to make money and steal personal details. This leaves victims out of pocket and at risk of identity theft.”

Online crime ranges from relatively small-scale incidents right up to, for example, the 2017 WannaCry ransomware campaign that crippled the NHS and many other organisations worldwide.

At the top level of severity, serious organised crime is handled by the National Crime Agency, often in collaboration with regional or metropolitan forces. Cybercrime is wide-ranging and includes fraud, indecent images and cyber-enabled cases where a computer or other device has been used by criminals.

And as the number of cybercrimes continues to rise inexorably, so too do the police skills needed to deal with them. The government is taking the risk seriously, designating cybercrime as a tier-1 national security threat and investing almost £2 billion in a National Cyber Security Strategy designed to counter it.

Creating cybercrime units

Most recently, following a 2017 pledge, cybercrime units have been established across England and Wales, with another £1 million provided in funding this April, bringing the total to £7 million for the year.

“Every police force now has a cybercrime unit, which will investigate and pursue offenders, help businesses and victims protect themselves from attack, and work with partners to prevent vulnerable individuals from being drawn into committing cybercrime,” says National Police Chiefs’ Council (NPCC) lead for cybercrime, Derbyshire chief constable Peter Goodman.

“These units will improve our response to cybercrime working closely with national and regional units. This is a great start and lays down a solid foundation for each force to build on.”

Investing in police skills

However, expanding cybercrime resources like this means a big increase in the number of trained staff required. And while forces are busily hiring, most of the new expertise is set to come through large-scale training programmes.

Late last year, the police partnered with the Cisco Networking Academy to launch a nationwide initiative to provide access to cybersecurity training for 120,000 officers, both in person and online.

“By joining the programme, forces can access training designed to raise awareness and increase their understanding of cybercrime and cyberthreats, while also gaining insights into the procedures used to defend networks,” explains Andy Beet, futures lead at the NPCC Data Communications Group.

“It’s important for all police officers to understand cybersecurity as fully as possible. By doing so they can develop their knowledge in this increasingly important area, improving security in both their professional and personal lives.”

The courses include an introduction to cybersecurity and cybersecurity essentials, which digs a little deeper into the types of cybercrime officers are likely to encounter.

“By making sure all police officers understand cybersecurity and computing as fully as possible, UK police forces will be better able to tackle the increasingly digitally enabled threats to the public at large,” says Nuno Guarda, head of corporate affairs, Cisco UK and Ireland.

“By increasing their skillset in this area, police officers are better equipped to help and advise the public to use digital technologies safely and be aware of the common ways they can fall victim to fraud and other malicious activity.”

Teaching police the ins and outs of cybersecurity

Meanwhile, Firebrand Training has boosted police skills by delivering specialist cybersecurity training to more than 80 per cent of forces across the country.

Foundation courses cover the basics of computing, networking and how data is stored, and then train officers in first response, preservation of volatile data and safe imaging techniques.

Investigator courses delve more deeply into physical and logical networking, covering wireless networks, Linux operating systems, logs, and collecting material from domestic, shared accommodation and the workplace.

“Officers are given a crime to solve which evolves over four days of the course and incorporates four separate physical ‘crime scenes’ which they need to visit,” says Phil Chapman, Firebrand’s senior cybersecurity instructor for law enforcement.

“The officers are trained in asking the right questions, performing the best actions, including interpreting logs, data and information in a variety of forms. Based on their findings, a charging decision is required on the key ‘suspect’ at the end of the week.”

Other courses cover information security management principles, how to use internet resources and tools to acquire information about a suspect, as well as a short overview course for senior officers.

Police skills still not where they need to be

However, despite these efforts, police forces are still struggling to maintain the level of cybersecurity skills required, particularly when it comes to more advanced areas.

Earlier this year, at the CyberUK security conference, detective superintendent Nicola Burnett of Police Scotland’s specialist crime division warned that the force was finding it hard to compete with the likes of Google, IBM and Royal Bank of Scotland when it comes to attracting computer security graduates.

Again, training is seen as the answer, with the College of Policing, local force training units and commercial providers now offering specialist courses in areas such as mobile forensics, data forensics and RAM (random access memory) analysis.

“We believe all police should have training to provide the essentials,” says Cisco’s Mr Guarda. “But obviously the competencies needed by specialist teams will have to go beyond this to tackle the challenges they face in their more specialised roles.”