Policing the digital frontier

Len Hynds
Head, National Hi-Tech Crime Unit


The expression ìHi-Tech Crimeî is a classic oxymoron. We are talking about cutting edge technology when we talk of matters ìhi-techî - conjuring positive, forward thinking, images. And then we link this term with ìcrimeî

Little wonder then that my colleagues in mainstream policing assign it specialist status. And hardly surprising I suppose that IT security is rarely seen as a board level portfolio for the business community.

If we are to combat it, we must recognise hi-tech crime for what it really is ñ it is every type of crime but with a component placing it in the digital environment.

It is able to operate instantaneously, remotely, and with disregard for sovereignty and geography. It also becomes easier for criminals to target multiple-victims, hide assets, and cover the evidential trail.

Increasing Threat

Understanding the problem without overstating it has been the dilemma that many have attempted to tackle in recent years. The empirical data with which to plot trends in hi-tech crime is limited.

But surveys conducted recently, universally agree on two things. Firstly, hi-tech crime is increasing; and secondly, organised crime is now infiltrating the digital frontier.

The Internet provides organised crime groups driven by profit with lucrative opportunities in a relatively low risk theatre of operations. And, with the uptake of the ubiquitous point and click interface, an increase in computer literacy, and a proliferation of websites carrying information on hacking techniques, the assessment is clear. The threat is increasing.


Partnership

The fight against cyber crime has to be a team game. There is nothing of greater importance than the effort to forge effective partnership between law enforcement and industry.

Since its inception the NHTCU has been promoting policies which are focused upon collaboration and cooperation ñ partnership designed to benefit business, the consumer and the public at large.

The relationship that is built between law enforcement and industry must have mutual benefit. So if business does pass intelligence to the NHTCU what can it expect in return?

Well we undertake to analyse, aggregate and compare all information supplied across the various business sectors and other intelligence sources.

Trends will be plotted and considered in light of environmental scanning and we will proactively deliver a threat assessment that will add real value to industry; and the real value is of course that this assessment provides risk managers with a different dimension ñ an entirely independent and alternative window on the world.

In a similar vein we must proactively share and promote good practice advice. The cyber market place continues to evolve at a formidable pace and law enforcement must play a part, by providing a key conduit by which the learning can be shared.

In a nutshell I am saying that it is crucial that we understand the nature of hi-tech crime in all its guises. And I am saying that this is not only crucial but it is also achievable. A 360 degree view of the threat is within the grasp of all of us ñ but only if we commit to working together.

Building Solutions

The range of collaborative measure developed must of course stretch beyond ìquantifyingî the problem ñ we must also work together when building solutions.

If organised crime employs a simple ìrisk verses reward equationî it will surely be drawn towards the assets of industry which are suspended in cyber space. For they can take advantage of the anonymity and security that the technology offers; and most importantly they will exploit industryís well-publicised desire to deal with security breaches ìin houseî.

Of course many in business do adopt an approach to security and cyber crime which is now inclusive of law enforcement; and it is heartening to see so many CEOs committing to ìjoined up security policyî. But the remainder who adhere to an insular style are extremely vulnerable in my view.


High Risk Strategy

When business attempts to tackle hi-tech crime alone it embarks upon a short-term and high-risk strategy, for both the company and industry in general; and whatís more it is founded on out dated stereotypes, which bear no resemblance to the reality of policing in the 21st. century.

In just 20 months we have developed and delivered a new brand for law enforcement ñ a service that is tuned in to business, receptive to the needs of industry and committed to a common aim in its desire to build a lawful market place in cyber space.

Law enforcement has a duty to prevent and to reduce crime as well as detect it when it has occurred. Naturally the full spectrum of tactical options available to combat hi-tech crime is only discovered through cooperation with industry on a case-by-case basis.

A safe platform for early confidential discussions between law enforcement and industry is pivotal to the success of any joint strategy.

The formula for me is crystal clear. If we work together we will succeed by creating the optimum environment in which to conduct e-business; if we work in isolation we will fail and leave the way open for organised crime to inhabit cyber space.

IT or Corporate Concern?

It seems that for some, IT security continues to be seen as an IT issue and not a ìmission criticalî corporate concern.

For some it represents a time-consuming and unproductive overhead.

And for others it simply seems too difficult. Having invested in impressive security systems one is immediately faced with the challenge of maintenance and review.

And when this happens, CEOs often entrust the companyís most valuable assets to staff who are neither paid, nor equipped, to protect them.

My message is a simple one. Hi-tech crime is real crime. It represents an immediate and significant threat. But it is not all doom and gloom. The solution is just as real ñ the solution is working together.

Ken Hynds Head, National Hi-Tech Crime Unit is leading the ìPOLICING THE DIGITAL FRONTIERî keynote at Infosecurity Europe 2003, www.infosec.co.uk

The National Hi-Tech Crime Unit are giving a keynote on Policing The Digital Frontier at Infosecurity Europe, Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April ñ 1st May 2003.