HMIC slates police forces for ignoring cybercrime and cyberdefence

Only three English and Welsh forces praised

Many police forces in England and Wales are behaving as if cybercrime and cyberdefence are not part of their remit, lacking detailed strategies to prevent, detect or react to it, a stinging report from inspection body Her Majesty's Inspectorate of Constabulary (HMIC) has found.

The HMIC's Strategic Policing Requirement discovered numerous failings in all bar three of 43 police forces - Derbyshire, Lincolnshire and West Midlands - which were praised for developing comprehensive plans as part of the 2012 Strategic Policing Requirement (SPR). Only fifteen forces in total had even assessed cybercrime as a threat.

Many others lacked understanding of their responsibility to cope with major cyber-incidents and the phenomenon of digital crimes against citizens, believing they would be dealt with by national and regional policing bodies.

Forces still lacked any clear picture of cybercrime with as few as one in five digital crimes even being reported to help build a larger intelligence picture, something not helped a lack of the skills needed to investigate such crimes.

Forces were employing cyber-specialists to investigate crimes but nothing like enough of them, with most forces limiting these roles to forensic investigation; in 37 forces the take-up of training to improve cybercrime investigation was only two percent, the HMIC said.

"The police must be able to operate very soon just as well in cyberspace as they do on the street," noted the report.

Meanwhile, on the topic of cyber-defence, many senior officers seemed "unsure of what constituted a large-scale cyber incident," and were silent about strategies to protect citizens from cybercrime or prevent future crimes.

"It is now essential that police officers have the capability to deal confidently with the cyber element of crimes as it is fast becoming a dominant method in the perpetration of crime. The police must be able to operate very soon just as well in cyberspace as they do on the street."

Critics suggest that change should be encouraged by specialist bodies such as the National Crime Agency (NCA).

"As a nation we are only now waking up to the pervasive nature of the cyber threat, but we will have to recognise as a nation that there is a broad-based shortage of cyber skills, not just in the police service," commented Thales UK director of cybersecurity, Peter Armstrong.

"The establishment of the NCA has overseen the establishment of the National Cyber Crime Unit (NCCU) with the remit to help martial the national response to the most serious cybercrime; it has already established an NCA Special Constables scheme targeting specialist skills like cyber, supported by a strong recruitment campaign."

Change has to happen and fast, according to Charles Sweeney, CEO of security firm Bloxx.

"There has been a lot of political rhetoric about the threat of cybercrime and its rising dominance. However, establishing central resources such as CERT-UK is undermined significantly if police forces are unable to help and assist people at a regional and local level," he said.

Arguably, the fundamental role of police forces across the UK is, first, to act as a channel for reporting cybercrime, something without which the specialist units will be fighting without adequate intelligence. Years after the issue was first raised as deserving of urgent attention, in the view of the HMIC, they are clearly still failing to perform this basic role.

A second issue is prevention, something that should happen through alerting. And yet the reality is that today no citizen would even think to ask a local police force for advice on this topic let alone tell them when they become victims.

Join the CSO newsletter!

Error: Please check your email address.

Tags Her Majesty's Inspectorate of Constabularysecurity

More about CERT AustraliaThales AustraliaWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts