Global progressive policing
Opinion:

Policing cybersecurity: Making the online space safe, secure and successful

Former Chief Constable of Cumbria Stuart Hyde QPM explains how the National Cyber Security Centre (NCSC) is helping to mobilise resources to address cybersecurity.  The Yorkshire and Humberside Counter Security Information Sharing Partnership (CISP) champion and Northern Powerhouse partner, aql®'s CEO Dr Adam Beaumont, has appointed Mr Hyde to promote the CISP to local organisations including business, schools, health and charities.

No one is exempt from attack; it doesn’t matter whether you are a business mogul or running a local cub football team—your data can help unlock your money, and that is what attackers are after. The NCSC has many ways to help you keep safe, keep your data secure, and your money where it should be, in your bank. But, as a police officer, PCSO, staff member, or volunteer, what can you do to keep yourselves up-to-date? You can start now, Read this Google Cybersecurity Certification Review to learn about the skills gained, instructors, and hands-on labs offered in Google’s affordable cybersecurity program.

The challenge that cybersecurity brings is a broad and deep one. It doesn’t just affect the “IT Industry” and it’s not just for folk who speak techno. Just because you can’t subnet an IP address doesn’t mean you can’t be part of the solution. There are many things you can learn and then advise other people to consider.

CISP is a joint industry and government initiative set up to exchange cyber threat information in real time.

Useful tools

Start with www.getsafeonline.org, the primary UK site for cyber safety. If you want to find out what’s available, get on there and dig deep; it has many aspects covering a range of Cyber issues and lots of information and resources. Plus, it does actually work in real time and addresses new and challenging issues. You can follow it on Twitter as well @GetSafeOnline.

Next up, the 10 Steps to Cyber Security (https://www.ncsc.gov.uk/guidance/10-steps-executive-summary) is a simple list of the things that any organization can do to protect itself. My favorites are to educate people, provide a good process and policy and then test it out.

Moving up the scale you can follow and then refer people to Cyber Essentials and Cyber Essentials Plus (https://www.cyberaware.gov.uk/cyberessentials/get.html). These are the minimum an organization needs to work with the public sector. Again, reading and thinking about these can help self-learning; we all want to work in a learning organization, after all.

The best standard is the ISO 27001 https://www.iso.org/isoiec-27001-information-security.html; this shows the organization really means it and with General Data Protection Regulations coming in 2018 (which will outlive Brexit) this could be a must for many organizations to secure contracts.

So, to help build your own knowledge, the above is a simple route to help you advise callers, victims or people who just want some help. And it’s all free…

Keeping up-to-date

Secondly, you want to stay informed. You want to know about the latest threats or alerts. Well, to help you out with that, the UK Government funds and supports the Cyber Security Information Sharing Partnerships or CISP for short.

CISP is not just for the IT specialists and Cyber Crime Investigators. Police managers and those interested in staying ahead can also use it.

CISP is a joint industry and government initiative set up to exchange cyber threat information in real time and in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business. Members include NCSC itself, the NCA, NFIB, banks, Regional Cyber Crime Units and a range of policing interests, as well as broader industry and organizations including health and education. It is a secure portal (you need a password and a secondary authentication from a mobile) and provides plenty of useful documents you can share with others as well as keeping you up-to-date. CISP is not just for the IT specialists and Cyber Crime Investigators. Police managers and those interested in staying ahead can also use it.

To join CISP is easy. Just click on www.ncsc.gov.uk/cisp and apply. Oh, did I also mention it is free to join…? So, you won’t need to hunt down a budget holder and plead for funding.

So what sort of information can CISP provide for you and what value is it?

You should encourage any business that has an internet interface to register, and that is probably most companies these days. So when you are meeting or talking to industry, schools or health or even local charities, ask them if they are members. Remember for them, and you, it is free. CISP may give them the nudge to think about a recently reported scam or a particular virus or Trojan, or provide information about ransomware. Either way, you are doing them a favor just by asking. And it’s free…

So what does it cover?

Here are some references to subjects covered in the last few weeks.

  • Spear phishing campaign launched against public sector bodies including police, things to look out for and helping to avoid “click bait”
  • Password Guidance – how long, how complex. Some national guidance from the NCSC to help people manage multiple accounts
  • Information about attacks on a range of vectors
  • Global Cybercrime Reports to provide background information
  • Various flaws that seem to be embedded in systems and how they can be addressed
  • Cyber crisis support, how it operates and how to access it
  • Ransomware, how to deal with it

One of the downsides of CISP is that it has been left to local police forces and particularly the Regional Cyber Crime Units to promote it.

Neighborhood policing on a digital scale

These are all relevant and timely pieces of information that can be of real value to individuals and organizations. In operational terms, they provide up-to-date information that can help people protect themselves. It is like neighborhood policing but on a digital national scale, providing timely and appropriate information to help people stay safe online and protect their businesses and organizations. The information is aimed at a broad spectrum of people including organizational leaders, as well as those providing services online.

One of the downsides of CISP is that it has been left to local police forces and particularly the Regional Cyber Crime Units to promote it. Industry in some areas is taking up the challenge in the absence of a broad marketing strategy. Luckily, in the Yorkshire Humberside region one of the key stakeholder entrepreneurs, Dr Adam Beaumont CEO of Digital Communications Group aql®, has been appointed as an Ambassador for CISP. He said recently: “Whilst we help provide connectivity and substantial storage for many parties, both public and private, we want to ensure that companies in this region protect themselves and make the internet a safe place to operate and do business. That’s why I want to see the CISP succeed. By supporting the joint efforts of businesses across the region, we are helping build growth and make our community safer.”

We are working with the Head of the Regional Cyber Crime Unit DCI Vanessa Smith to help promote CISP and we have organized and delivered information jointly at several events as a partnership. Everyone needs to understand the threats, risk and harm of cybercrime and support good cyber security. We want to keep the internet safe to use, as secure as possible and deliver successful outcomes for all. CISP helps with this journey.

Stuart Hyde QPM works on behalf of aql®, helping to build security in Yorkshire Humberside Cyber-security Information Sharing Partnership (CISP)

For more information and to apply to join CISP, please go to: https://www.ncsc.gov.uk/cisp/

 


You must be registered and logged in to post a comment

Please LOG IN or REGISTER
Top