As the use of technology in policing continues to grow, security is—quite rightly—rising rapidly up the agenda. The intensifying focus on security reflects a key concern: that the advance of police technology may be outpacing the security measures in place to protect critical systems and information. In this short series of two blogs, I’ll start by examining the evolving security landscape for today’s policing systems—before going on to describe how better security may be achievable at a lower cost than you might expect.
Until recently, technology providers to the police tended to view security as just another part of police technology transformation programmes, albeit a vitally important one. However, more than ever before, security now is becoming a solution area in its own right: Still technology-dependent, of course, but emerging as a distinct focus for police IT projects—which increasingly include cloud-based “Security-as-a-Service.”
In today’s common parlance, the term “security” is increasingly interchangeable with “cyber security”—and the widespread move to technology-enabled policing makes this blurring especially relevant to today’s police forces. In terms of cyber security, it’s clearly vital that forces across the UK ensure they’re protected at a local level, through frequent rigorous reviews and testing of their defences.
But at the same time, the welcome rise in collaboration between the 40-plus forces across England, Scotland, Wales and Northern Ireland raises the stakes another notch. So as well as assessing cyber security risks locally, it’s vital to elevate the perspective and gain a view across the whole network: Is Durham facing different threats from Essex or Northern Ireland?
Such questions are becoming increasingly pressing, and it’s not hard to see why. Despite the growing role and importance of digital technology in policing, IT investment budgets have remained constrained—resulting in a comparatively low level of attention and money being directed towards security. This relative lack of investment is in stark contrast to sectors such as financial services, where firms have invested heavily in cyber security from the ground up.
Now, with the global escalation in well-funded and closely-targeted cyber attacks, the low level of investment in security is becoming not just unwise, but positively dangerous. This is all the more true given that the threat to government networks is particularly high.
So, what’s to be done? As police forces continue along their journey towards ever higher technology enablement, they need to think about security at both local and national levels—with the latter being safeguarded by a UK-wide approach governed by a centralised Security Operations Centre (SOC) responsible for threat monitoring and response across the country.
It’s also important to remember that cyber threats don’t just come from outside. There’s a continuing need to protect systems internally against potential actions by disaffected employees—meaning the outside-in and inside-out elements of cyber security are of equal importance.
The need for constant vigilance and monitoring is further underlined by the fact that many organisations don’t discover they’ve been attacked until after the damage has been done. Add in developments like the explosion in mobile connectivity and the Internet of Things, and the case for change is even more powerful.
In my second blog in this series, I’ll explore the combined effect of these factors, and explain why data is key. Watch this space.