The Policing Challenges of Breach ResponseExperts: Law Enforcement Needs to Adopt a Risk-Based Approach
The critical challenge facing law enforcement agencies is the rapid growth of sophisticated cybercrimes and resulting breaches. Traditional methods and controls are simply not keeping pace with the advancement.
See Also: Main Cyber Attack Destinations in 2016
Cyber experts argue that law enforcement's tools to monitor attack vectors have been ineffective and even obsolete. But it isn't just about the tools. Security leaders also argue that a risk management approach is essential for law enforcement groups to deal more effectively with cyber crime and breaches.
Says Prashant Mali, attorney and president of Cyber Law Consulting, "While the policing in cyberspace is a neglected area, the country has to hire a new cadre of cyber policy across states to only focus on preventing and detecting cyber breaches and crimes, without resting the burden of maintaining law and order on them."
This topic was discussed at ISMG's Data Breach Summit by experts on the role of enforcement agencies in preventing breaches and cybercrime. Brijesh Singh, the CISO for the Indian state of Maharashtra and IG of CID, as a key note speaker, says that the threat is evolving in such a manner that it is impossible for law enforcement alone to tackle it. "All of our traditional models of policing, they don't work here."
Policing Challenges in Tackling Cyber Crime
The bottom line is: Police personnel are not adequately equipped to prevent breaches or handle cyber exploits.
The challenge Singh sees is lack of right tools, knowledge and expertise among the enforcing authorities to match industry standards in dealing with growing vulnerabilities. "The priorities for the law enforcement groups have been different until the recent past, more tuned toward dealing with terrorism, money laundering, narcotics, human traffic and other forms of crime. But only now they get an extended portfolio to deal with cyber breaches and crimes with no expertise on the methods."
Singh notes that since Indian enterprises are not mandated to disclose or report any data breaches they suffer to any regulator, the extent of breaches will remain unknown.
"The reported figures by the government may not even be 1 percent of what is happening, and as a result the capability of law enforcement agencies to investigate is also questioned because of the nature of evidentiary value," Singh says.
The critical concern, according to Dr. Onkarnath, consultant and information security strategist, is the dynamic nature of cybercrime and cyber criminals, which throws up the challenge in seeking evidence as it is all virtual.
The most critical challenges Onkarnath says, are:
- Technological gaps in addressing new forms of threats;
- No act supporting the networks and law enforcement bodies to deal with privacy and data breaches;
- Lead time taken for collection of evidence from diverse sources is time consuming;
- Least innovation taking place in data protection and investigating methods concerning law enforcement groups.
Adds, Mali, "Cyber police are not equipped to monitor attack vectors nor track them, as they don't have enough access to any data of national and international cyber gangsters, nor a pattern to track them."
Mechanism to Handle Breaches
There has been special focus by the home ministry to build capabilities of law enforcement groups to tackle cybercrime. Experts find that the result is as not as dismal as it appears, as the government is taking positive steps in enhancing methods to prevent and detect breaches.
According to Singh, the Maharashtra government has sanctioned an outlay of $3 million this year toward setting up cybercrime and forensic labs in each district.
Some of the initiatives taken up, according to Singh, are setting up:
- Basic cybercrime investigation capabilities at police stations across states;
- Advanced cyber cells at district level and commission;
- State-of-the-art cyber forensic labs and investigation labs in major cities.
"It's most important is to train the police to take a risk management approach and put appropriate measures in place to deal with cybercrime systematically," he says.
To streamline the process, he says the government has mandated every enterprise to appoint a CISO to bring in the necessary security measures in helping the law enforcement group understand data privacy and risk challenges.
Dinesh Bareja, COO of OpenSecurity Alliance and founder of India Watch, welcomes the government's initiative to impart training to police at all levels in tackling cybercrime. He cautions, "It is critical to upgrade investigation methods across all levels and not restrict it to cybercrime departments alone if police departments need to tackle cybercrime."
Mali stresses the need to enable cyber police and NCRB to have access to data breach notifications at regular intervals through a proper mechanism.
Onkarnath believes that it is a collaborative effort between law enforcement agencies at the global level and cyber experts to track cyber criminals.
Singh doesn't rule out the need for putting strong security processes across all departments to track cybercrime, given that the government is sitting on a huge goldmine of 17 years of data. "A conscious collaborative effort is being taken up by the government along with Nasscom and DSCI in establishing the labs and driving innovations to help the police impart knowledge and skills to deal with cybercrime prevention and detection," Singh says.