The National Police Chiefs Council (NPCC) has outlined plans for a cyber support function and a catalogue of solutions for police forces.
They are included within a newly published National Policing Cyber Security Strategy, developed in collaboration with the Police Digital Service (PDS) as a programme of work aimed at increasing cyber resilience in policing.
The plan for a support function is included among 17 proposals for transformation, and provides for a centrally managed but geographically diverse team of senior cyber staff. This will provide information security cover for police forces, work with them to develop cyber operating models, support recruitment, help to develop descriptions of job roles and training plans.
It will come with the development of a cyber toolbox with features such as templates for operating models and a library of common cyber role description, standards, processes and procedures.
The catalogue will be combined with a roadmap to provide a list of cyber solutions providing the greatest benefit to policing, assure them once for the sector and speed up deployment by negating the need for local tender processes. This is expected to provide efficiencies and support the development of centres of excellence, as well as encouraging police forces to work with partners in the private sector.
Range of proposals
Other proposals include: a cyber services training framework; enhanced training from the College of Policing; an acceleration of developing policy and standards; deployment of the Information Security Risk Management Framework and Information Security Risk Assessment Guidance; and the provision an online hub for the policing cyber community.
The document sets out five main objectives in line with the Government Cyber Security Strategy: managing risks, protecting against cyber attacks, detecting cyber security events, minimising the impact of incidents and developing cyber security skills, knowledge and culture.
These are related to five priorities, the first being an alignment between cyber security and policing outcomes. It will involve equipping police leaders with education and data related to cyber risk, with access to expertise and information, cyber training incorporated in long term training pathways, and the provision of cyber risk data.
There will also be an effort to develop a set of metrics and measures related to cyber resilience incorporated into governance and reporting at all levels.
Second is to ensure police forces have skilled and empowered cyber security personnel, through making the sector an attractive employer for the specialists, providing appropriate salaries, flexible working arrangements and clear opportunities for career progression. It will also involve mentoring and the development of a support network of peers.
Common policies and guidelines
Third is operational consistency, under which police forces will move towards a common set of cyber security policies, standards, processes, procedures, patterns and guidelines. This will be aimed at removing duplication of effort and enabling local information security officers to focus on their most pressing priorities.
Fourth is the development of nationally aligned technical capabilities, with measures such aggregating procurement, providing national assurance of relevant products to support their re-use, the development of ‘secure by design’ methodologies, and enabling automation and orchestration of processes and procedures.
There will also be efforts to enable intelligence led prevention and detection through focusing on a reduced technology footprint, support for operation and risk reporting in real time, and the building of a common awareness of tooling and capabilities.
Finally, a group of services will be made nationally available for functions such as continuous risk assessment and management, speeding up detection and response, intelligence led outcomes and optimal utilisation of investments.
In addition, the strategy aims at more effective integration with cyber security across government, and improved collaboration with industry partners.
Proactive and collaborative
NPCC lead for information assurance, T/Commissioner Peter O’Doherty, said: The strategy will enable us to take a proactive, collaborative approach to cyber defence, ensuring that every officer and staff member is equipped to tackle these threats head-on. Together, our imperative is to defend as one, no matter which police force or agency is called upon.”
NPCC lead for digital, data and technology, Chief Constable Rob Carden, commented: “We absolutely recognise that crime types and the requirements of policing are changing and are determined to stay one step ahead of those within society who pose a threat to the public. To the untrained eye, cyber crime is invisible, actioned by those who unfortunately seek to use specialist skills to harm others.
“We will continue to drive advancement wherever it is needed, in order to track, intercept and disable this activity, and destroy the networks that facilitate it. This strategy will be pivotal in driving that work forward”.
Jason Corbishley, national chief information security office at PDS, said: “The strategy is a significant opportunity to ensure that the cyber defences for policing are robust and respond to the ever-growing threats that are faced. Each of the initiatives set out in the strategy, will enable policing to improve its resiliency to cyber attack, and to maintain public trust and confidence in policing services”.
