Metropolitan Police Commissioner Sir Bernard Hogan Howe admits that the UK police are still “skimming the surface” when it comes to tackling cyber-crime, a view that is shared by security experts.
In an interview hosted by Sky News earlier this week, and with questions coming in from children’s newspaper First News, Hogan Howe detailed how the police have recruited hundreds of extra officers to fight online crime such as child abuse images, despite the organisation facing continued budget cuts.
“I think we’re only skimming the surface,” he said of the Met Police’s efforts with cyber-crime so far. “A lot of it is about stealing money and scamming, sometimes it’s about stealing an idea from a business.”
He said that the Met had created a squad of about 300 officers to deal with cyber-crime cases, adding that it would look to add another 200 in the next year.
And citing the number of indecent images of children online, he admitted that police resources were continually being stretched.
“When there are hundreds of thousands of horrible images of children online and we’re trying to track down all these people, it has proved a logistical problem.
“It’s incredibly important but there are other important things too; terrorism and murder investigations, the pubs will turn out tonight and there will be fights; there will be armed robberies and anti-social behaviour.
“There is less money spent on policing so there have to be hard decisions made by society and the police. It’s a massive challenge but we make reasonable decisions based upon what the threat is”.
He later responded to a question on police monitoring phone calls and emails, as detailed by Big Brother Watch, that this monitoring only legally takes place if “people are either suspected of getting involved in serious crime, or someone’s life is at risk”.
Daniel Cuthbert, chief operating officer (COO) at white hat hacking outfit Sensepost, said that the shortage of skilled staff isn’t surprising, but urged police to shorten the gap by paying better wages and reducing the amount of red tape.
On the lack of resources, he said: “I think that’s a given, there have been budget cuts. But I wouldn’t agree [with the view] that they are behind the curve ball. I wouldn’t say the UK is behind at all, it is probably on par with other Five Eyes countries.”
“I think shortening the skills gap is the first thing to do, and as crime moves online you’re always going to be playing catch-up game. Cutting through the red tape will also help. There is way too much red tape.”
He added that the recent change to the Computer Misuse Act 1990 was a “good step” as it gives police more powers but said it was the “same old problem” with low public salaries.
“The problem with public sector is they just don’t pay,” he said, citing starting salaries equivalent of a junior penetration tester. “They need to wake up and realise that not many people can do this and then start paying the salaries.”
Independent cyber-security consultant, and formerly of Scotland Yard’s Computer Crime Unit, Adrian Culley told SCMagazineUK.com that a ‘digital society requires digital policing’.
“It is as fundamental now for all police officers to be trained in cyber-crime, as it was in previously for them to be able to read and write. Every police service in the world is currently addressing this challenge.”
In comments sent to the press earlier this week, Veracode solutions architect John Smith added: “It is encouraging to hear the Police recognise the massive scope of cyber-crime and the significant feat that the police face in dealing with it…However, whilst there is much more investment to be made, across the UK, police forces are already making impressive strides in training officers to deal with next generation of cyber-crime.”
Veracode previously revealed, under the Freedom of Information Act, that 3,888 officers across 19 police forces had taken part in specific cyber-security training this year, up nearly 100 times from five years ago.
Jennifer Parry, CEO of Digital-Trust and an expert in cyber-stalking, said cyber-crime difficulties are not new but are not going to go away, especially with College of Policing’s Alex Marshall warning that half of all crime now has an online element.
She warned however that cyber cases are still dealt with poorly by police, with no risk assessments, shunned by senior managers and many not having the skills or resources required.
As one example, she said that while the National Crime Agency (NCA) would focus on terrorism, organised crime and high-level fraud, other forces would simply ignore lower level cases if it didn’t meet a police threshold.
“Lower level fraud won’t make it onto the police radar – it’s just written off,” she told SC. She added that frontline officers were not dealing with cases well at all: “Most of the time the victim goes to the police and they will be fobbed off, if they report any digital abuse.”
“The volume of online crime is so high, but [police] don’t have very good tools to do a risk assessment.” Police, added Parry, also don’t have the confidence to deal with cases, fearful of what they might find and senior managers are dismissive.
“The higher senior management, the more digital abuse is dismissed because they’re so far removed from it, they don’t use social media themselves.”
“I think we need police officers to have better tools ” They need to peruse smartphones and conduct quick risk assessments (like US probation officers do in just 30 minutes, said Parry).
Harry Fletcher, criminal justice director at Digital-Trust, agreed, adding: “A real problem for police and prosecutors is the absence of any risk management tool.” Fletcher continued that police were desperately seeking assistance with investigations and were having trouble obtaining evidence, with budget cuts, a lack of officer confidence and training other key issues.
Parry did add that there have been some changes for the better, with police increasingly using mobile devices to report on-the-go, using vest cameras (especially useful for reporting domestic violence statements apparently) and advertising for cyber-security advisers.
She said that the Computer Misuse Act 1990 would need changing, with the legislation ruling it illegal to spy on people having sex, but not illegal to spy on people in their everyday lives.
Fletcher said on meeting with policing heads: “The general conclusion is the police have a hell of a lot of work to do to catch up with criminals,” he said, adding that police were failing to understand the risks in the online world, and also had a shortage of skills and resources.
Source: SC Magazine