The digital age has brought about a number of advancements in law enforcement procedures: from the way information is stored to how departments communicate. But while in many instances technology has improved the capabilities of a police department, in some ways it’s also made their lives riskier.
Securing data within law enforcement agencies is becoming more and more difficult as the amount of information police departments store online grows. An increasing number of departments are utilizing body cameras and that footage has to be kept somewhere. This is also true when it comes to evidence and other pieces of information.
“If you run an organization, being hacked is an issue because you are a target,” said Justin Fitzsimmons, a program manager in the High-Tech Crime Training Services department of SEARCH. “No matter what your organization is doing, the data that you’re holding (and) storing online makes you a target.”
Of course, it is critical to the justice system to have evidence and other information that police officers gather kept out of the hands of hackers who may use it for malicious reasons. The scary part is that there are a number of ways for hackers to target police departments.
“For example, if you’ve got a police department that has everything, all their reports and evidence, stored on a network-enabled computer,” Fitzsimmons said. “If that computer isn’t partitioned off from the internet, potentially anything that’s in there is at risk for some type of intrusion event. It could be as simple as a phishing scam that someone opened up on a computer that was connected to that network or to those servers, or it could be something much more nefarious in terms of an intrusion event by a sophisticated hacker.”
Unfortunately, Fitzsimmons said there is no way to ensure that a police department is completely safe from hackers; however, there are plenty of steps a department can take to minimize the threat of cyber attacks.
The first step in the process is to raise a department’s overall awareness when it comes to potential cyber attacks — and that includes more than just sworn officers. Administrators, secretaries and anyone working within the department’s network needs to understand what the potential threats are and where they might encounter them.
“One of the biggest issues is awareness: making sure that department personnel — not just sworn officers but everybody — is aware because it could be something as simple as an admin staff clicking on a link in an email that they think is related to a case, when in fact it has nothing to do with the case,” Fitzsimmons said. “And embedded in that link is something that is going to allow that sort of backdoor or trojan to hack into the department’s network.”
There are multiple ways that a department needs to prepare itself when it comes to dealing with a potential cyber attack.
“The second thing is it’s not a one pronged-attack,” Fitzsimmons said. “There are multiple prongs when it comes to dealing with this issue. A department needs to have multiple things going on at the same time.”
This includes a plan for how everyone in the department can avoid cyber threats and what measures need to be put in place in order to combat attacks that occur. That means also having specialized trainings.
“You need to train the people within the department to make sure they are not opening themselves or the department up with whatever they’re doing online,” he said. “If they need to use their work computers, make them avoid places where they may run into phishing schemes and things like that.”
It’s also a good idea to come up with do’s and don’ts for each department or position.
“A patrol officer is going to have a much different responsibility than a detective who is handling cyber crimes or someone who’s handling serious physical abuse crimes or property crimes because that detective may have to use the computer and be a lot more active than would a patrol officer,” he said.
This also means making sure everything is backed up in case information is stolen. That way a department isn’t at a total loss if a hacker comes along and steals all of its information
Create an adaptable plan
Hackers are coming up with new cyber attacks every day, so it’s imperative that a police department dedicates itself toward continually learning about new threats and updating the plan accordingly.
“This is an ongoing plan, and it’s an ongoing process,” he said. “You need to figure out the steps that are best for your department in terms of the size, in terms of the network capabilities, in terms of the network infrastructure, IT and what you have setup. It’s figuring out what you need on an ongoing basis, whether that means software patches or additional training.”
This also means that officers and staff should update their computers frequently.
“People always laugh at the software updates that you get but there’s a reason for that,” he said. “Those patches are to cover the newest viruses that are out there, and if we don’t update our operating systems, whether it’s Microsoft, iPhone, or whatever, that we’re using, they were vulnerable. Our devices are vulnerable.”
At the end of the day, a police department needs to remember a hacker’s goal and be mindful of any sensitive information that they might be after.
“The hacker or the person who is phishing for the information is generally looking for something that they are going to be able to (gain from, such as) selling financial information or identification information or using that information to gain control over the person they got it from,” he said.