How do we Police Cyber Crime?

Similar documents
National Cyber Crime Unit

Cybercrime: risks, penalties and prevention

Tackling Cyber Crime in the UK. Andy Archibald Deputy Director National Cyber Crime Unit

Cyber Crime ACC Crime

Building a response to cyber crime

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley

Cybercrime in the Automotive Industry How to improve your business cyber security

STRATEGIC POLICING REQUIREMENT

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

The Strategic Policing Requirement

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

How To Cover A Data Breach In The European Market

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

Security and Privacy

Making Sense of Cyber Insurance: A Guide for SMEs

Network Security & Privacy Landscape

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Regulation of Investigatory Powers Act 2000

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

Business Plan 2012/13

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Unit 3 Cyber security

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Supplier Vigilance: A Critical Layer of Defense

NEW ZEALAND S CYBER SECURITY STRATEGY

The FBI and the Internet

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

How To Protect Your Business From A Cyber Attack

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

THE STRATEGIC POLICING REQUIREMENT. July 2012

CYBER RISK SECURITY, NETWORK & PRIVACY

Who s Doing the Hacking?

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Establishing a State Cyber Crimes Unit White Paper

Cyber Security Strategy

Small businesses: What you need to know about cyber security

Corporate Spying An Overview

Federal Bureau of Investigation

Risk Management in Global Operating Industry

EY Cyber Security Hacktics Center of Excellence

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

The UK cyber security strategy: Landscape review. Cross-government

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

Nine Steps to Smart Security for Small Businesses

James R. Clapper. Director of National Intelligence

Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones. Tbilisi 28-29, September 2009

U. S. Attorney Office Northern District of Texas March 2013

Practical Steps To Securing Process Control Networks

1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.

ACE European Risk Briefing 2012

Addressing Cyber Risk Building robust cyber governance

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Fraud and Abuse Policy

Tackling the growing risk of cyber crime

Executive Cyber Security Training. One Day Training Course

Cybersecurity Awareness. Part 1

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Mitigating and managing cyber risk: ten issues to consider

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Cyber Risks and Insurance Solutions Malaysia, November 2013

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Cyber Security for audit committees

Cybersecurity: What CFO s Need to Know

Gregg Gerber. Strategic Engagement, Emerging Markets

Cyber/ Network Security. FINEX Global

SENATE STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS AUSTRALIAN FEDERAL POLICE. Question No. 100

Small businesses: What you need to know about cyber security

The cyber threat to banking

How To Write A National Cybersecurity Act

WRITTEN TESTIMONY OF

Transcription:

How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU

Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges & Opportunities

How do we police the UK? The civil force of a state, responsible for the prevention and detection of crime and the maintenance of public order. (Oxford dictionaries)

What is Cyber Crime? The Home Office, NCA Strategic Governance Group and the Serious Organised Crime Strategy and now ACPO use a three-fold categorisation dividing cyber crime into: - pure online crimes where a digital system is the target as well as the means of attack. These include attacks on computer systems to disrupt IT infrastructure, exfiltration of data, compromise the integrity of data or make data unavailable. - existing crime that have been transformed in scale or form by their use of the internet. The growth of the internet has allowed these crimes to be carried out on an industrial scale - use of the internet to facilitate drug dealing, people smuggling and other traditional crime types. Definition used in House of Commons Home Affairs Committee, E-Crime, 2013/14

Cyber Crime The Legislation Computer Misuse Act 1990 Section 1 - contains the basic 'hacking' offence of gaining unauthorised access to any program or data held in a computer. Section 2 - makes it an offence to 'hacking' with a view to commit, or facilitate the commission of, a further offence i.e. fraud Section 3 - contains the offence of doing any unauthorised act in relation to a computer with intent to impair / alter data Section 3A making, supplying or obtaining articles for use in S1 or 3 Telecommunications Act Public Order Act

What is Cyber all about? UK Cyber Security Strategy - Protecting and promoting the UK in a digital world (2011) The cost to the UK economy of cyber crime is 27 Billion (Cabinet Office 2011) The cost to the US economy estimated $300 Billion (MacAfee 2013) The cost to the worldwide economy estimated at one trillion dollars (MacAfee 2013) Funding via the National Cyber Security Programme - 650 million (not estimated)

Strategic Drivers for Cyber

UK Cyber Security Strategy

Our good friends...the 4 p s Serious and Organised Crime Strategy Pursue Criminal investigations and disruption activity targeting the top tier cyber threats Prevent Stopping individuals becoming involved in cyber crime Protect Prepare Helping businesses and the public to avoid victims of cyber crime Responding effectively to major cyber attacks and mitigating their impact

The Threat Nature of the threat - Complex, global and constantly changing - Perpetrated remotely - Difficult to trace - Significant impact in the longer term Threat Actors in Cyber Space - Hacktivists to cause disruption - Criminals financial impact - States, conduction cyber espionage or disruptive attacks on critical infrastructure - Terrorist, physical attacks remain

The Threat Cyber Crime As-A-Service Forums Malware Exploit Kits Intrusion ( Hacking or unauthorised access to systems) DDOS CAV AVC APT Bulletproof Hosting E-Currencies

National Crime Agency

Regional Organised Crime Units ROCU Core Capabilities Confidential Unit Prison Intelligence Technical Surveillance Regional Fraud Teams eforensics Operational Teams Operational Security Covert Unit Protected Person RART Cyber Crime Gain

Regional Cyber Crime Units

Present Capabilities Estates Staffing Training Equipment

I ve been a victim of Cyber Crime

Reporting Cyber Crime?

Cyber Crime Workflow Process NCCU Action Fraud SEROCU Cyber Crime Unit Copied In 5 South East Forces

Campaign Dermic FBI took executive action on the owners of Blackshades which is a remote access tool. Functions include: - Remote Desktop Control - Keylogging - Webcam control - Credit card capture - Distributed denial of service (DDOS), and more

DDOS Victim in Hampshire Suspect in Cornwall Servers based in the UK Further victims identified World Wide

Network Intrusion Hacker stealing data from a private medical company. Suspect stole confidential client data Website defacement as proof Blackmail attempt via Email, and Social Media Possible link to Russia

Network Intrusion Former employee Sent a Wipe Command to hundreds of employees devices BYOD Further access and alterations made into companies system. Impact, loss of contract and reputation.

OP ASPEN

Answers on a..

New ( joint ) ways of working Law Enforcement Agencies Government Industry Business Academia

Law Enforcement Partnerships NCCU SAM / Embeds Regional Forces CRUG, HTCU User Group FBI, Secret Service, Homeland Security, Europol

Government Cert UK CisP BiS Cabinet Office Home Office Other Offices

Government Initiatives The Ten Steps Key Government Cyber Guidance Cyber Essentials Scheme Innovation Vouchers ( 5,000)

Industry Chamber of commerce FSB TechUK Tech Companies

..And a few others

Potential Opportunities and Implications for Insurance Companies

SUMMARY Helping firms to get to grips with cyber risk Helping the insurance industry to establish cyber insurance as part of firms cyber tool-kits Helping London to be a global centre for cyber risk management

Cyber Insurance? Generally policies will/can cover the following: First party damage to data Business interruption Privacy and security liability, including notification and credit monitoring costs Brand reputation Cyber extortion Technology professional liability Multimedia liability Payment Card Industry Data Security Standard (PCI DSS) compliance Cyber terrorism

Insurance Considerations Within the sector, the cyber threat is not well defined, confusion over definitions Incomplete data in respect of the scale of cyber crime Risk management for cyber insurance Cyber insurance is a business opportunity Individuals/businesses unable to understand the risks in protecting their data/information

Policing Summary Incomplete data in respect of the scale of cyber crime NOT a local or regional type investigation International reach Cyber crime can be committed remotely, therefore difficult to identify offender/s. Victims unwilling or unable to report crimes Staff, knowledge, training gap, retention Knowledge of Law Enforcement Agencies/Courts Data protection and storage

Any questions? Craig Jones 01865 555776 Serocucybercrimeunit@thamesvalley.pnn.police.uk

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information