Law enforcement must demonstrate effective cybersecurity

Technology makes tasks exponentially easier and opens up opportunities to people around the world. However, innovation brings with it new areas of weakness. Data breaches or computer viruses can threaten any networked device, from a personal smartphone to enterprise server farms. This presents a major risk to organizations, as adoption of new technology can leave them susceptible to hackers.

Organizations are not protecting their data
Despite the prevalence of technology in today’s society, many organizations are unprepared for the threat of a cyber attack. According to a study from the Disaster Recovery Preparedness Council, about 73 percent of businesses and groups do not take necessary precautions to protect their data and IT systems. Although the research focused on these organizations’ disaster preparedness, including potential recovery plans, the findings show a distinct lack of planning, testing and budgeting with regard to the weaknesses of critical applications.

These areas may attract the attention of cyber criminals. The computers, networks and programs used by high-profile security agencies frequently house sensitive information regarding officers and civilians. This data can be appealing to hackers with ill intent, who want to seek notoriety or gain the upper hand on law enforcement.

“What we have seen is a change in the sophistication of attackers and the attack vectors,” said Ed Lowery, a special agent in the U.S. Secret Service. “These are professional criminals; they study their victims, and they are looking for vulnerabilities they can exploit.”

Tech companies bear responsibility for easy-to-use security
Susceptible areas are everywhere on the Internet. A recently discovered “worm” called Linux.Darlloz, for example, was created to invade home routers, televisions and security cameras. Once it has embedded itself into home devices, the worm can download files loaded with personal information, potentially accessing credit card data, home security systems and more. Individuals must carry out extensive security measures to ensure their information is protected.

Although around for two decades, web browsing is not much easier to secure. During a panel discussion on cybersecurity during the 2014 SXSW conference, NSA whistleblower Edward Snowden gave three tips for preventing surveillance: full disk encryption, network encryption and Tor. Tor is the most advanced of these three, as it creates a grid of virtual tunnels that makes it impossible for an outside company to monitor an individual’s Internet activities.

The problem, argued ACLU security researcher Christopher Soghoian, is the degree of difficulty needed for a non-technical person to configure an acceptable level of data protection. Good security is not an out-of-the-box solution. People have to choose between easy, highly-polished tools or those that are secure but extremely difficult to use. Technology companies must be willing to fight their own business models to avoid making security an opt-in afterthought.

“So many of the services we’re relying on are not secure by default,” said Soghoian. “I want the next WhatsApp and the next Twitter to have end-to-end encrypted communication.”

Cybersecurity is a threat to law enforcement agencies
Government agencies are filled with non-technical employees. A recent Senate report examining the risk posed to American agencies noted that lapses in security occur at all levels of the federal government. In the past, cybersecurity breaches affected groups such as the Nuclear Regulatory Commission and the Emergency Broadcast System. The former suffered the theft of nuclear plant information, and the latter was compromised by hackers who displayed warnings about a zombie attack. Other notable breaches included networks operated by the Energy Department, Internal Revenue Service, and the Securities and Exchange Commission.

“Almost every agency faces a cybersecurity challenge,” Michael Daniel, a special assistant to the president on cybersecurity policy, told The Washington Post. “Some are farther along than others in driving awareness of it. It depends on whether they’ve been in the crosshairs of a major cyber incident.”

Whether storing personnel details or employee training records, agencies must guard confidential data from hackers while still being able to use that information for their own operations. Striking the balance between the practical benefits of cutting-edge technology and the need to shield themselves from attacks remains a struggle for many agencies.

Law enforcement must guard against cyberthreats
Remedying the problem is easier said than done. The Department of Homeland Security is responsible for overseeing the cybersecurity efforts of other federal agencies. DHS emphasizes the importance of installing antivirus software, using strong passwords to secure networks, taking advantage of forward-thinking IT staff members, but the Senate report revealed they don’t themselves follow these best practices.

“None of the other agencies want to listen to Homeland Security when they aren’t taking care of their own systems,” Sen. Tom Coburn, the lead author of the report, told The Washington Post. “They aren’t even doing the simple stuff.”

Law enforcement agencies need to do their part to protect themselves and others against cyberthreats. To be effective leaders, however, they must demonstrate their own behavior is in line with their policies. The investment in technology can pay off if agency members are trained to use the systems properly. The first step in this process is outfitting their technology with most advanced security settings possible and protecting their own data. Only then can agencies turn their attention to protecting the privacy of others and reducing cybercrime.

News brought to you by Envisage Technologies, building software for law enforcement, public safety and the military. Ready. By Design.

Related Posts

2017-05-30T10:33:48+00:00 March 21st, 2014|Law Enforcement, Readiness|