NPCC brings the Christmas present of partnership to UK Cyber Policing

Research commissioned by the Internet Association indicates that the proportion of the world population meeting their extended families this Christmas in person will more than half this Christmas. The proportion planning to meet them on line will more than double. Meanwhile we have a spate of press releases on Christmas scams, e.g. fake gift vouchers from Amazon and others.

The pandemic of cybercrime (abuse, extortion and fraud) that has accompanied the Covid lockdown has meant that publicity and awareness programmes were threatening to lead to loss of confidence and paranoia rather than improved security.

It is therefore good to be able to blog positively on the way UK law enforcement is beginning to get its act together.

The good news is that the National Police Chief’s Council has been able to bypass inter-agency politics and quietly bring together the response of UK law enforcement.

The combination of the Cyber Resilience Centres, Police Cyber Alarm and The Cyber Helpline  provides a major advance towards joining up the UK approach to policing the on-line world, bypassing the differences in objectives and priorities which doomed previous attempts to do so across the tribal boundaries of Whitehall (Home Office, DCMS, BEIS, FCO, MoD etc.) and their regulatory acolytes and funding drainpipes.

There is much still to do, including to put flesh on the new partnerships and to adequately resource them, but we now have a world class approach to co-operation, including with the other components of the National Cybercrime Programme, the National Cyber Crime Unit of the National Crime Agency, the National Cyber Security Centre and their shared intelligence and response facilities.

Now we need support from government and industry to enable them to expand and better resource the frameworks that have been created. The Parliamentary Chair of the Cyber Security Group of the Digital Policy Alliance has e-mailed all MPs suggesting they ask their local Police and Crime Commissioner and Chief Constable about progress and plans in their area, and then help recruit local business in support of those plans.

The rest of this blog is an expansion of that briefing to make the case for additional support from those technology and service providers and major users who are serious about helping protect their customers and those in their supply chains.  There is also a need to join up the various cybersecurity skills partnerships, local and national, seeking to harness the native talent that is currently neglected and at risk of turning to the dark side. Waiting for the new Cyber Security Council to become operational, and lift its sights from the aspirations of the “profession” to the wider needs of society, could cost your organisations and their customers dear.

The scale, nature and cost of the rapidly deteriorating situation

Before Covid the volume of cyber-crime exceeded the capacity of law enforcement to respond effectively. The gap was widening with budgets based on previous levels of reported crime. The cost of cyber insecurity was continuing to rise and a new approach was already needed.

Cyber criminals have since taken full advantage of the increase in online business communication and trading during the pandemic (much of it likely to be permanent), including through phishing  and  online & phone scams.  In many organisations, especially among small and medium sized businesses, cyber security has not kept pace with the increased risk.

The Office for National Statistics reports an annual increase to June 2020 of 44% in fraud against business, 34% in the hacking of social media and email and 22% in computer viruses and malware.  The latest National Cyber Security Centre guidance for SMEs says they have a 1 in 2 chance of experiencing a cyber breach at an average cost of  £11,000.  This represents a significant risk to survival, let alone profitability for many, as well as serious threat to their partners in supply chains.

The fear of cyber crime reduces trust and productivity at a time when society is critically dependent on online services and home-based working.  Vulnerabilities have grown with increased attack surfaces as large numbers of remote workers have connect insecure domestic laptop and PCs to networks intended for small numbers of corporately issued and secured mobiles and/or those arranged in a rush, with security added afterwards. We now have an added pandemic of employment and identity fraud as millions of those who have lost their jobs or feel threatened give their personal details to supposedly reputable recruiters and/or those claiming to be part of their own organisations support and welfare teams.

Effective police action is impeded by the lack of a clear threat picture.  GCHQ observes what is incoming from overseas but is not permitted by law to monitor within the UK.  Bridging the information gap requires the active cooperation of the business community to report incidents, share threat information and contribute to improving the security environment within which they operate. This approach is well established in sectors such as defence, aerospace, finance, or pharmaceuticals where companies are co-operating globally. But that leaves out most of the regions of the UK and most of British Business.

Hence the value of Cyber Alarm and the Resilience Centres to help those in the rest of the UK economy, local and regional, respond to the challenges  of cyber security in a digital age.

UK law enforcement is re-organising locally and regionally to improve its capability to reduce cyber risk.

The National Cybercrime Programme enables every police force in England and Wales to have a dedicated cybercrime unit in place, supported by a network of Regional Organised Crime Units. Each ROCU now links to a Cyber Resilience Centres to help protect communities and promote economic growth and overall safety. As yet they are at different stages of development and have different levels of support but each enables the relevant police forces to work in partnership with local business and academia to provide cyber security guidance and support.  SMEs and others can use their local centre to access otherwise unaffordable support from supervised cyber security students from participating universities and colleges. The centres also offers support to implement and audit against Cyber Essentials from local participants in the Iasme consortium .

The Cyber Resilience Centres are not-for-profit partnerships between the private sector, academia and police. This allows them to reinvest income from advice and services to further develop operations. The Scottish Business Resilience Centre, established some years ago building on the consortium of Universities which support Scottish police with training and forensics services, is the model. That for  Manchester opened in 2019, with support from major cybersecurity players like CGI, Northropp Grumman, NCC Group and Seimens, plus a consortium of Universities. That for the North East was established with support from Accenture and local Universities. The East Midlands has also been operational for over a year. Those for West Midlands the South East and South West have just come on stream.  Those for Wales and the east of England are in the process of formation.

London is handled differently with UK Finance funding operations like the DCPCU .

Police Cyber Alarm is a free tool which connects to police monitoring services to give a real-time view of potentially malicious activity as it happens. It might be seen as the digital equivalent of the burglar alarm connected to the police station but it operates at an earlier stage, while the burglars are still reconnoitring. Participants receive monthly reports, including vulnerability assessments alerting them to areas they need to address. The next step will be to alert them when they may have been breached or there is activity on which they need to act urgently, using collective indicators of compromise and patterns of reconnaissance and attack behaviour.

The service is designed for small and medium sized enterprises but could be used by larger firms and the public sector, such as schools. It shares personnel, analyses and tools with the bulk reporting processes that are also being piloted with large organisations in defence, aerospace, pharmaceutical, financial services, telecoms and some other sectors.

Local support is via the Cyber Resilience Centres and the map on the website shows where the Police Cyber alarm service is live and where it will be released soon.

Victim support is the black hole

The key to improving intelligence collection, reporting, investigation and victim support at affordable cost is automation. I have been involved with several attempts to look at providing victim support to SMEs and individuals. None has had a credible funding model cost model, except where funded as part of cyber insurance package.

The Cyber Helpline which has just received (modest) Lottery funding, uses a network of volunteer security professionals to help those whose enquiries have been filtered via a 24/7 chatbot that appears to be 80% accurate in identifying the problems faced by individuals and sole-traders. Their 60 or so volunteers can currently handle 4 – 500 cases a month.

The chatbot has the potential to also help much of the SME market.

Demand in this area is, of course, massive.

Those interested in promoting the service to their customers should first help with funding and also with recruiting (including vetting) many more volunteers to enable the service to be expanded and linked locally to the Cyber Resilience Centres. I intend to commend support for this service to the professional bodies and trade associations involved with creating the Cyber Security Council.

Joining up the various skills programmes across the boundaries of disciple, geography and organisation

I have sat in on many discussions on how to address cybersecurity skills over the past twenty years as the needs have evolved. The one constant is that the skills in current demand have changed faster than the ability of “experts” to define the body of knowledge and/or practical experience required on the part of potential recruits.

The way forward requires a matrix of local, national and international partnerships to provide access to evolving, experiential, blended learning and supervised work experience of the kind piloted in the Plymouth cyberskills incubator and now ready for national roll out.

I will blog in the New Year on progress with attempts to align the various national and international skills and careers programmes (AWS, BCS, COMPTIA, CREST, ISC2, ISACA, Microsoft, Tech Partnership etc.) with the network of Careers & Enterprise Company Hubs (which bring schools and employers together locally), JISC and the Grids for Learning, which connect Universities, Colleges and Schools,  the DCMS Digital Skills Partnerships and the Cyber Resilience Centres.