By Michael Wagers, PhD, Director, Division of State & Provincial Police, IACP; and David J. Roberts, Senior Program Manager, IACP Technology Center, IACP
ctober is National Cyber Security Awareness Month (NCSAM), and 2013 marks the 10th anniversary of NCSAM. Increased connectivity and distributed networks make U.S. critical infrastructure and sensitive data vulnerable to attacks by criminals, hacktivists, and state and nonstate actors alike. As Director of National Intelligence James Clapper noted in his unclassified annual threat assessment to Congress in March 2013, “State and nonstate actors increasingly exploit the Internet to achieve strategic objectives, while many governments—shaken by the role the Internet has played in political instability and regime change—seek to increase their control over content in cyberspace.”1
The significance of the cyber threat confronting the United States has never been greater. As former FBI Director Roberts S. Mueller observed earlier this year, “Network intrusions pose urgent threats to our national security and to our economy.”2 Director Mueller also noted that, “Improved collaboration and information sharing among federal agencies such as the CIA, NSA, DHS, and the FBI has been vital to our collective success against terrorism over the past decade. But equally critical to our success has been the integration of our state and local law enforcement counterparts through the establishment of Joint Terrorism Task Forces.”3 The International Association of Chiefs of Police (IACP) understands that the cyber threat is real, and that it is here and now. The IACP has taken a leading role in technology issues, cyber threats, and the integration of state and local law enforcement with federal efforts. IACP recognizes that cyber security is not just a national-level challenge—it affects state, local, tribal, and territorial (SLTT) law enforcement agencies every day. These agencies encounter issues ranging from cyber-enabled crime committed against local individuals and businesses, to forensic cyber investigations, to protecting against and responding to cybercrime, cyber-attacks and intrusions.
Over the past year the IACP has continued, expanded, and redoubled its efforts to address the significant issues to help SLTT law enforcement agencies counter cyber threats and the issues posed by cybercrime and cyber-enabled crime. The goal, much like after the 9/11 attacks, is to increase the capacity of SLTT enforcement agencies to prevent, mitigate, and respond to the challenges posed by cyber-threats, attacks, intrusions, and crime. The IACP is also coordinating with appropriate organizations and partner associations, such as the Association of State Criminal Investigative Agencies (ASCIA), the National Fusion Center Association (NFCA) and the IJIS Institute on complementary cyber efforts to ensure that gaps are being filled without efforts being duplicated. The following is a brief outline of the cyber efforts over the past 12 months:
Cyber Roundtable (December 2012)
On December 19, 2012, the IACP co-hosted a Cyber Threat Roundtable with the Department of Homeland Security (DHS) that brought together over 20 state and local law enforcement and government officials from across the country. Representatives from DHS, FBI, and the White House attended and gave presentations about the work being done at the federal level. The meeting provided federal officials an important opportunity to engage state and local law enforcement and government representatives in active discussions on needs and challenges at their levels. The discussion also focused on setting a path forward to help address the challenges that were identified.
Meeting attendees left with a sense of urgency. Many saw it as a critical moment to begin building capacity by actively engaging state and local law enforcement, chief information officers, and other government officials from across the country. State and local stakeholders and participants expressed their enthusiasm to work cooperatively with the federal government in order to meet the following objectives:
- Keep SLTT law enforcement and government officials updated about the threat environment;
- Highlight best practices that allow for effective coordination between and among federal, state, and local entities;
- Better understand the authorities and interrelated roles and responsibilities of DHS and other federal agencies, and state and local government law enforcement and government officials regarding the cyber threat, cybercrime, and cyber-enabled crime;
- Identify challenges to effective coordination—for example, capability limitations, resource constraints, lack of clear or comprehensive authorities—and develop recommendations to address those obstacles;
- Support a standards-based approach for the exchange of information, similar to the National Information Exchange Model;
- Further leverage the capabilities of the National Network of Fusion Centers on the cyber threat;
- Develop a coordinated way forward and engagement strategy through the creation and empowerment of an advisory body that gives a voice to all of the relevant stakeholders—federal, state, and local governments and industry—on a regular and sustainable basis.
The IACP has begun taking steps to implement these action items by organizing high-level meetings with its federal partners to continue the dialogue about the need to actively engage state and local law enforcement; site visits to the National Cybersecurity and Communications Integration Center (NCCIC) and the National Cyber Investigative Joint Task Force (NCIJTF); co-hosting a secure video conference for state and local law enforcement with the FBI; and co-sponsoring and organizing a plenary session regarding cyber security and the cyber threat for the 2013 IACP Annual Conference entitled, “Cyber Attacks: Not Just a Big Government Problem.”
Survey—Law Enforcement Perceptions of Cyber Security Threats (April 2013)
The IACP Computer Crime and Digital Evidence (CCDE) Committee4 and the Canadian Association of Chiefs of Police (CACP) undertook research to better understand the nature of the cyber threat facing SLTT law enforcement agencies, the actions these agencies have taken to combat the threat, and recommendations for additional actions to ensure the security of vital information resources. A survey was administered to IACP and CACP members, and nearly 500 agencies responded. Results indicate that most respondents recognize that cyber-attacks pose a real and serious threat to law enforcement, though only half had implemented policies, practices, and technologies to sufficiently minimize their risk. Survey findings were presented at the 2013 LEIM Conference and the 2013 CACP Annual Conference, and will be presented at the 2013 IACP Annual Conference—a summary report for publication is being drafted and will be available in the near future.
State and Local Law Enforcement Cyber Crime and Digital Evidence Assessment
Expanding the research initiative to assess the cyber capabilities of SLTT law enforcement, the IACP, again through the CCDE Committee, developed a survey regarding cybercrime and digital evidence. It is designed to gather information regarding SLTT law enforcement agencies’ cybercrime investigation and digital evidence practices and is being administered in partnership with the National White Collar Crime Center (NW3C). The survey is being distributed to IACP and National Sheriffs’ Association (NSA) members.
Cyber Meeting with Industry Partners (May 2013)
Public and private industry plays a crucial role in cyber security. Often itself the target of cyber intrusions and attacks, public and private industry provides the hardware, software, and networks that support day-to-day operations and enable robust global information sharing. Building effective partnerships with public and private industry partners is a critical step in leveraging services and technical expertise, building resilient information systems and resources, and expanding the capacity of all levels of law enforcement. Recognizing the importance of creating a strategic partnership with public and private industry partners, the IACP convened a meeting with industry professionals, senior-level representatives from DHS and the FBI, and members from the two IACP Committees that have taken the lead within the IACP in addressing cyber issues—the CCDE Committee and the Committee on Terrorism.
The meeting was designed to develop strategies and resources to do the following:
- Increase education and awareness about the ways in which law enforcement agency personnel and third-party contractors are creating cyber vulnerabilities within their IT infrastructures.
- Discuss the creation of training programs based on the latest threat analyses that promote industry-standard measures that can be implemented to prevent intrusions at the state and local level.
- Clearly communicate with the law enforcement community about the proper roles and authorities regarding the response, investigation, and mitigation of a cyber intrusion at all levels of law enforcement.
- Develop model policies and procedures for SLTT law enforcement.
- Provide technical assistance and subject matter expertise to SLTT law enforcement so they better understand the nature and scope of the evolving and changing threat; how to properly address the threat by hardening IT infrastructure; and what resources are available to respond, mitigate, and recover from an intrusion when it occurs.
Education and Raising Awareness: Stop.Think.Connect Campaign (July 2013)
The IACP joined with the National Cyber Security Alliance and the Stop.Think.Connect Campaign. The IACP has worked with DHS in drafting a one-page document for law enforcement that will be distributed to all attendees of the 120th IACP Annual Conference in Philadelphia in October. Each week in October there will be a different cyber security issue that NCSAM will focus on, including, “Cybercrime,” “Cybersecurity and Critical Infrastructure,” and “Being Mobile: Online Safety & Security.” ?
1James R. Clapper, Director of National Intelligence, Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community, Senate Select Committee on Intelligence (March 12, 2013), 1, http://www.intelligence.senate.gov/130312/clapper.pdf (accessed September 11,2013).
2Robert S. Mueller, Director, Federal Bureau of Investigation, remarks at RSA Cyber Security Conference (February 29, 2013), http://www.fbi.gov/news/speeches/working-together-to-defeat-cyber-threats (accessed September 7, 2013).
4The IACP Computer Crime and Digital Evidence Committee (CCDE) includes chiefs and other ranking law enforcement practitioners, private industry subject matter experts, and solution providers. CCDE is actively developing resources for law enforcement, including research assessing current practices, emerging trends, and strategic priorities, as well as the development of guides to cyber security for law enforcement and “Tech Minute” videos addressing cyber security, cyber threats, and related topics.
Please cite as:
Michael Wagers, "Expanding Law Enforcement Cyber Capabilities," Technology Talk, The Police Chief 80 (October 2013): 114–115.