Addressing cybercrime
Opened in 2019, the Police Service of Northern Ireland’s (PSNI’s) purpose-built Cyber Crime Centre is a hub for digital evidence analysis across Northern Ireland. David Whelan talks to Detective Chief Inspector Paul Woods about the capability and work of the centre.
Although the most modern of its buildings, the PSNI’s £4.3 million Cyber Crime Centre in south Belfast is one of four PSNI sites dealing with cybercrime located throughout Northern Ireland.
All four cybercrime units are designed to have the capability to assist and support police officers throughout the region with gathering and analysing digital evidence in relation to crime, however the south Belfast centre is the base for advanced digital forensics.
Outlining the need for the centre, PSNI Detective Chief Inspector Paul Woods outlines that the purpose-built nature of the building ensures that the very specific skillsets, software, and hardware required to match the ever-evolving nature of crime are centralised.
Woods is quick to point out that the work of the cybercrime unit cannot be easily defined. Instead, he points to two distinct categories of cybercrime with which the PSNI is often faced. The first is cyber-dependent crime, defined as that which needs technology to operate. The second category is cyber-enabled crime, defined as traditional crime which can be scaled up or reach a broader target area with the assistance of digital technology.
“It is important to note that not all crime is digital, however, in the world we live in today, most crimes have a digital element,” he states.
“In terms of what we deal with in the Cyber Crime Centre, the spectrum is huge, ranging from devious software targeting vulnerable victims to footage captured on a ring doorbell, or information
provided by smart devices.”
Alongside a range of capabilities deployed within the centre, two other main functions outlined by Woods are the ‘Protect’ and ‘Prevent’ strands, headed up by dedicated officers. Work in prevention relates to the education of young people on the possible consequences of getting involved in cybercrime and the opportunities which exist in the cyber industry.
Cyber Protect, headed up by Detective Constable Sam Kinkaid, is part of the UK Cyber Protect network, and aims to improve the ability of local and small and medium-sized enterprises, charities, and voluntary organisations to improve their ability to defend against and recover from common cyberattacks.
Kinkaid explains that working in partnership with organisations across Northern Ireland, the centre promotes the advice and services offered by the National Cyber Security Centre (NCSC), the UK Government’s single point of contact for organisations, government agencies, and the public.
Cyber-enabled
Quizzed on the demand placed upon the centre, given the responsibility for processing such a range of digital evidence, ranging from the most serious crimes such as murder and child sex abuse, through to burglaries and assaults, Woods recognises an upward trajectory, however, he is quick to emphasise that digital technology serves as a valuable tool, as well as a threat.
“Digital and therefore, the Cyber Crime Centre, can potentially be involved in almost any crime investigation. The more digital life becomes, the more potential there is for police officers to further investigations.”
On mitigating the risk of delays in investigations, given the centralisation of digital evidence, Woods says that good communication is essential. “Through officers accurately telling us what they require from a device, we can ensure that not only are we efficient in our searches but also proportionate, ensuring we are not going further in information than we need to.
“Devices to the centre are prioritised in relation to the nature of the crime, so, naturally the most serious crimes will take priority, however, we also work to ensure our operational queues are kept moving.”
Woods believes that the level of investment in tackling cybercrime is recognition of a growing awareness of not only the important work of the centre, but also the constant need for evolution to match the growing investigative opportunities offered by digital technologies and the tools deployed by cyber criminals.
The Detective Chief Inspector explains that the PSNI must take both a responsive and preventative approach to cybercrime. Asked whether the evolution of digital technology has made police officers’ jobs easier, or more difficult, he says: “On one hand officers have greater access to information from a range of multiple sources, however, that information is coming in vast volumes compared to just a few years ago and it is being stored more securely and encrypted better than before.
“We constantly have to ensure that what we are doing in relation to digital technology is proportionate and legal, so we strive to only take devices and information that we know can be useful, seeking to minimise disruption but also maximise efficiency in our analysis.”
A pioneering aid in this work was the deployment by the PSNI of the UK’s first mobile forensic lab. Recognition of its value has seen it replicated by other forces and the PSNI have since deployed a second vehicle.
The mobile vans contain the technology capability of the centre and a major benefit described by Woods is the ability to rule devices out of investigations on-site, minimising disruption to accused, victims and businesses.
“The mobile forensic lab is a real success story in that our officers here in the centre collaborated with PSNI transport officers to design and deploy the capabilities that exist in our permanent lab. That innovation has now been replicated by other forces.”
Cyber-dependent
Turning the discussion towards cyber-dependent crime and the detection of cybercriminals, Woods highlights the necessity of partnerships with law enforcement across the globe. Given the agnostic nature of malicious software such as ransomware, it is acknowledged that perpetrators acting in one region can often be located far from the source of the crime. Woods explains that while this means convictions for attacks in Northern Ireland are often carried out by a foreign justice system, the lessons gathered from reciprocation across global police forces is invaluable.
On the frequency of cyberattacks occurring in Northern Ireland, Woods says that measurement is difficult given levels of under-reporting. In recent months, HSE and Royal Mail have been the victims of large and disruptive attacks by cybercriminals, and Woods says that such public declarations of attacks are a sign of how much services are affected by such attacks and how widely they are felt across society. Under-reporting can happen for a range of reasons but primarily, is due to the reputational damage that comes with an organisation being infiltrated. The Detective Chief Inspector stresses the importance of organisations reporting attacks to the police.
“Given the nature of the crime we may not always be able to put someone in custody for a cyberattack but what we can do is analyse the methodology and extract valuable information to prevent other of further attacks of this nature.
“It is also worth stressing that the bar for some of the most damaging cybercrimes, such as ransomware, is lowering. Ransomware can now be bought and sold as a service, so targets are not limited to large companies. Increasingly, we are seeing that this can and does happen to even the smallest companies, so we are encouraging a culture change in relation to reporting.”
On the technical capability and skills that exist in Northern Ireland, Woods is full of praise for the aptitude that exists in Northern Ireland. “We are very technically capable in this part of the world,” he states. “We work in an environment where we are constantly training and evolving our skills within the PSNI cybercrime units but we also support officers throughout the PSNI who are utilising digital capabilities on a daily basis for better outcomes.”