The UK must exploit its unique position on the international stage to build an international strategy on how best to tackle cyber crime, according to Andy Archibald, head of the National Crime Agency's (NCA) National Cyber Crime Unit (NCCU).
This unique position derives from the UK’s involvement with the Five Eyes alliance, the EU and G8 cyber crime working groups, Europol and Interpol, and capacity-building efforts in the Commonwealth.
“It is important we harness that influence and representation to get an international strategy,” he told the annual e-Crime and Information Security Congress in London.
“More than any other area of criminality, cyber crime is truly global and the response must be international,” said Archibald, with most investigations spanning multiple jurisdictions.
He highlighted international co-operation, law enforcement skills and industry participation as the three areas that require “tremendous investment” in tackling cyber crime going forward.
“The international model for me begins with an understanding of the threat that we face and share, how we prioritise that, and the response, which must be joined-up international collaboration,” said Archibald.
More than any other area of criminality, cyber crime is truly global and the response must be international
Andy Archibald, NCA
Within that, he said, key priority areas are the “deconfliction” of international operations and global proactive investigative hubs and capabilities led by threats.
Turning to the second area of priority, Archibald said that in addition to traditional investigative skills, law enforcement needs the high-end skills to recover evidence and intelligence from the internet.
In a new modern crime investigation environment, law enforcement organisations need access to technical skills like writing and reverse engineering code, he said.
But Archibald said it is a challenge for law enforcement organisations to attract, retain and reward the best people with these skills in competition with private sector demand and attractive salary packages.
“To get access to those skills we have to look at how we can engage with industry through programmes which allow people to work with law enforcement on a part-time voluntary basis,” he said.
Looking to the future, Archibald said the NCCU is investing a “considerable amount of money” in developing law enforcement officers from officers on the beat all the way up to the high-end skills.
Finally, he admitted that in the past, engagement with industry had tended to be on the terms of law enforcement, which had made decisions on things like media coverage with little regard to reputational damage to the businesses involved.
More on fighting cyber crime in the UK
- NCA begins major cyber recruitment campaign
- NCA notches up first phishing conviction
- NCA changed UK cyber crime fighting, says NCCU head
- Legitimate users of Tor need not worry, says NCA
- NCA investigates “deep web” after UK Silk Road arrests
- BT, GCHQ and NCA set challenge to find UK cyber defenders
- British man arrested over hacking into US military systems
- PM says dark web can be policed
- UK National Cyber Crime Unit becomes operational
- UK police warn of malware campaign targeting mainly SMEs
- CERT-UK to drive international cyber security collaboration
“If we are going to work with the private sector, we must recognise the importance of that, and work with them to have an impact on cyber crime,” he said.
Underlining the importance of having a relationship with industry, Archibald said: “It is only through having mechanisms to share intelligence and information that we are truly going to understand the scale and the scope of the threat.”
He said the introduction of the cyber information sharing platform as part of new national computer emergency response team CERT-UK is a real step forward.
However, Archibald provided no real details of how collaboration with industry could work in practice, nor how the NCCU will find the resources to attract top cyber security specialists, leaving without taking questions or attending a planned media conference.
Independent security analyst Graham Cluley said that if the NCCU is to be successful in attracting the skills it needs, finding more money to invest in doing that will have to be put on the political agenda.
He expressed concerns about relying on voluntary programmes. “We need to attract the right people with the right skills with proper rewards. We cannot leave it to brigades of amateur volunteers.”
Cluley said more money also needs to be put into making it easier to report cyber crime.
“Because it is currently not easy to do, I suspect cyber crime is massively under-reported. But if there is no way to measure the real extent of cyber crime, there is no way of knowing if counter-measures are really having an effect,” he told Computer Weekly.
Educating SMEs about cyber crime
SMEs make up the largest proportion of business in the UK, he said, yet they are often overlooked when it comes to cyber crime initiatives.
“It is time government took note of the mantra that it is not the cost of the problem, but the cost of the solution that needs attention, so there is more investment in engaging with and educating SMEs on cyber crime,” he told Computer Weekly.
“Without investing in SMEs, the problem will be SMEs going out of business due to cyber crime, which is ultimately a cost to the UK economy,” said Bunker.
Without investing in SMEs, the problem will be SMEs going out of business due to cyber crime which is ultimately a cost to the UK economy
Guy Bunker, Jericho Forum/Clearswift
He called for government to put more effort into providing support to SMEs so they know exactly what they have to do to keep their businesses safe.
“What we need now is not words, but actions, in the form of concrete, but simple guidelines for small businesses on the technological and process controls they need to implement,” said Bunker.
He said the ability to combat cyber crime in the UK depends not only on co-operation between government and business, cross-border activities, information sharing and best practice.
“We also need more agility to deal with complex attacks that are being applied at greater speed. But agility is not just about speed, it is about effectiveness,” said Bunker.
There is also a real need to increase research into how attacks in the future may occur and how they can be combatted, he said.
“Advances in traditional crime, such as real-time video analysis to give advanced warning of criminal activities needs to happen with cyber crime,” said Bunker, who believes anomaly detection on big data sets will become critical to combatting crime.
While new technology is coming to market, he said the market needs to be agile enough to understand, adopt, deploy and operate it, and it needs to be simple to operate.
“Cyber criminals don’t distinguish between large or small organisations, so the need for solutions which can be used by organisations with smaller IT budgets and skill sets is of paramount importance,” said Bunker.
“I hope we can make progress before we all meet again next year and that government-sponsored programmes of information sharing and rapid response do start to make a real difference for organisations of all sizes in the relentless and ongoing threat from cyber attackers,” he said.