The Unisys Security Index, announced on Wednesday 8th November 2011, tracks consumer’s concerns about national, personal, financial and online security every six months. In the latest report it was revealed that almost half (49 per cent), of respondents in the UK felt that the law enforcement authorities were playing catch up and needed more resources to monitor criminal behaviour online.
This suggests that there is an increased expectation from the public about how law enforcement responds to cyber-security concerns and whether the authorities have access to the skills and resources they require. Based on our work with governments and businesses around the world, we feel there are three key areas, which can help progress the debate:
More expertise in computer forensics – in the past, if you had a witness who saw a crime then you had a good case; but today you need specialist computer experts to gather evidence and to have the knowledge to pick out key trends in discussions on social media channels. This takes particular skills and there should be a discussion about how to recruit this talent; how it can be funded and which skills should be the priority.
Encouraging young people tempted to commit online crimes to apply their skills on the right side of computer security – for example, I’m also director at the Cyber Security Challenge, set-up to encourage more people from different backgrounds to consider careers in cyber security. Each year the Cyber Security Challenge runs a series of competitions testing problem solving and investigative techniques and it demonstrates how diversity in experience can help bring different approaches for solving security challenges. Legal profession and law enforcement could also draw on different backgrounds to help expand understanding of behaviour in this area.
Shifting investment in research and development – to date much of the research into computer security has focused on creating unbreakable encryption codes or the toughest perimeter defence. With so many access points to any kind of modern IT network, there needs to be a shift towards securing information itself rather than building a wall around it which can be breached. Also investing in new techniques such as behavioural analysis and predictive methods can help prevent or at least pre-empt online criminal behaviour.
There is no overnight fix to this problem; we can’t fool ourselves into thinking it will quickly dissipate if these measures are in place but they are a good starting point to bring in the right people and talent to close the gap between law and technology.