Agenda item

(i)              Joint Report of Dave Orford, Assistant Chief Constable, Durham Constabulary and Jane Robinson, Corporate Director, Adult and Health Services.

(ii)             Presentation by DI Audra Fawcett, Durham Constabulary and Andrea Petty, Strategic Manager – Policy, Planning and Partnerships.

The Chairman introduced Detective Inspector (DI) Audra Fawcett, Durham Constabulary and the Strategic Manager – Policy, Planning and Partnerships, Andrea Petty to give a presentation to Members in respect of Cyber Crime (for copy see file of minutes).

DI A Fawcett noted that a brief video would be shown, highlighting the ease that personal details could be gathered from an individual’s internet presence.  The video showed several people believing a “psychic” knew personal details about them, before revealing a team of “hackers” working behind the scenes to sift through that person’s digital life.

DI A Fawcett reminded Members that whatever you put online could be used and exploited so it was important to be careful what details you gave.  Members noted two types of Cyber Crime: cyber dependent, where a computer was used to carry out a crime to attack another computer or network such as hacking or denial of service attacks; and cyber enabled or facilitated, traditional crimes where a computer is used instead or in addition to the offence, such as fraud, theft, harassment and public order (trolling).

It was explained that the National Crime Agency (NCA) had noted the scale was large and growing, with 2 million computer misuse and 3.8 million fraud offences committed in the year ending March 2016.

It was highlighted that the crimes were far from victimless, rather the victims simply suffering at a distance from the offender and around 80% of Cyber Crimes could be defended against.  It was mentioned that emerging threats included schools being targeted with ransomware, where a computer was locked and the information only released once a sum of money had been transferred to the attacker.

Members noted the national “4P’s” approach:

• Pursue – offenders
• Prevent – people becoming involved in or remaining in Cyber Crime
• Protect – the public/organisations from becoming victims of Cyber Crime
• Prepare – for the consequences when Cyber Crime incidents occur

It was explained that “cyber-hygiene” was important and consistent messages needed to regularly repeated to help educate the public as to the importance of making themselves as safe as possible, especially young people, in terms of allowing connections to wifi and releasing personal information, such as bank details.  It was added that in the cases of preparing for the consequences of Cyber Crime, it was an extra financial burden in terms of regular backups of data being made, and this can often be an issue for small and medium sized businesses (SMEs).

Members noted two quotes:

“Every crime will involve some element of digital technology, regardless of crime type” – National Police Chief’s Council (Vision 2020)

“It is no longer appropriate, if it ever were, for the police service to consider the investigation of digital crime to be the preserve of those with specialist knowledge” – Her Majesty’s Inspectorate of Policing

It was noted that Durham Constabulary wanted to integrate the digital aspect into all investigations as a key element.  DI A Fawcett explained that in terms of digital investigations and intelligence (DII) agreed investment had created several specialist Cyber Crime resources and that there was a view to mainstream digital policing.  It was added that there was a need to meet emerging challenges and opportunities to investigate digital crimes and that also to gather intelligence and exploit digital evidence effectively.  It was noted that there would be the opportunity to use data fusion to bring together all information from partners to help increase the intelligence and investigative opportunities.

The Strategic Manager – PPP explained that a Task and Finish Group had been established at the Safe Durham Partnership (SDP), with Members including: Durham County Council (DCC), the County Durham and Darlington Fire and Rescue Service (CDDFRS), the Police, Crime and Victims’ Commissioner (PCVC), Durham Constabulary and the National Probation Service (NPS).  It was explained that an action plan focussed on protecting the general public and organisations, those within our communities as well as the public and private sectors.

Members were shown a list of the links between Cyber Crime and the existing SDP priorities and noted several examples of work undertaken, including: a cyber e-calendar, with security tips each day; the Office of the PCVC and Age UK helping raise awareness with older people; a “Cyber Safety Day”, with the Council and partners with attendance by over 130 people; and information sharing with the Community and Voluntary Sector (CVS) and helping to provide a “Cyber Essentials” mark on websites, similar to a “Kite Mark”.

The Strategic Manager – PPP added that in terms of next steps it was noted that a number of events and actions would take place including: Paul Hamlyn Foundation Funded project; Fulfilling Lives; “Everyone can help” online bullying project in schools; association of School Governors Executive Meeting; Exploitation, Grooming and Radicalisation events; Cyber Crime messages, with the Local Safeguarding Children Board (LSCB); a scenario based training exercise in Quarter, 1 2017; and raising awareness through the Area Action Partnership (AAPs).

The Chairman thanked DI A Fawcett and the Strategic Manager – PPP and asked Members for their questions.

Councillor N Martin noted that he often received spam e-mail however there was not a quick 2-3 click system to be able to report them and felt a level of ease was required to make people willing to actually report them.  He acknowledged there was a method via Action Fraud, however this was not straightforward and a less “clunky” method of reporting was needed.  Councillor N Martin asked if there was any representation on the Task and Finish Group or links to banks or utility companies as each month those organisations would send through an e-mail with a link marked “click here to view your bill” and he felt this was bad practice and providing an opportunity to criminals to exploit.

DI A Fawcett admitted that the Action Fraud reporting process was a little clunky and would feedback to a regular Government user group and that the Police would welcome any intelligence as regards any scam e-mails.  Councillor N Martin asked how members of the public could do this and DI A Fawcett explained through the usual methods of contacting the Police.  Councillor N Martin noted that in terms of those types of digital activities, people would expect a 10-15 second method of clicking on a few links to be able to forward their concerns.  The Strategic Manager – PPP added that there were links to many businesses in Durham as regards Cyber Crime messages for our communities and that the Police worked closely with banks such as Lloyds and Barclays.  DI A Fawcett added that there was “CyberNorth” a group that included Universities, Banks and the NHS.

Councillor T Nearney noted the Durham Constabulary “In the Know” tool that helped in terms of reporting and information sharing and asked with Cyber Crime often being not fixed to a single geographical location, were there systems in place in terms of regional, national and international threats.  DI A Fawcett noted that intelligence sharing was the “bread and butter” of Police Forces and information was also shared at Regional Team meetings, involving the Cleveland, Northumbria and Durham Forces.

Councillor T Nearney asked as regards digital investigations and intelligence and whether advice was updated on a 6 monthly basis or on a rolling basis.  DI A Fawcett noted that the Gloucester and Essex and Kent Forces had been working together in terms of integrating digital practices into their investigations.  It was added that focus groups of staff from Durham Constabulary had been established and that a training package was being pulled together, bespoke for each role, and that all would begin with good cyber-hygiene and that training would then be on a rolling or emerging threat basis.

Councillor F Tinsley noted he could understand how Durham Constabulary could be able to deal with Cyber Crimes such as harassment by people living in the County, however, as often such phishing e-mails were orchestrated and carried out from abroad, asked was there anything they could do.  If so, Councillor F Tinsley suggested that by explaining how reporting such phishing e-mails was important and providing feedback to the public would help to demonstrate the value of such reporting.  DI A Fawcett noted that there was an ongoing case as regards a local offense, and that agreed that there needed to be a communication of clear examples to show how Cyber Crime was being dealt with.  It was added that was an issue in terms of some of those involved in Cyber Crime were young people that could be convinced to use their skills to help prevent Cyber Crime, and also to help prevent them entering the criminal justice system. 

It was added that all information was useful and that if the scope was beyond that of Durham Constabulary then there was mechanisms to escalate to a regional level or the NCA where appropriate.

The Chairman noted there were good examples of practice across many Forces, including information in relation to grooming compiled by Leicester Police.  DI A Fawcett noted that many in attendance came from an era where the important safety message was to not speak to strangers and now there were additional dangers in terms of online grooming.  It was added that this was not to scaremonger, however, there were important messages that needed to be delivered in order to help protect young people and the issue was hard-hitting.

The Head of Planning and Service Strategy, Peter Appleton added that the SDP had raised many issues and DCC staff had also been made aware of cyber-hygiene and also in terms of obligations under PREVENT.  It was added that in addition to working with Overview and Scrutiny, there was an opportunity to be able get messages across, perhaps a link to the video shown to Committee being provided via the Council’s Twitter feed, or utilising other Council channels.

Councillor J Armstrong noted the issue was a possible topic in terms of next year’s Work Programme for the Committee and added that it could be useful to have further information shared with School Governors and the AAPs.   

Resolved:   

(i)            That the report and presentation be noted.

(ii)           That the Committee receive further updates in relation to the Cyber Crime Action

          Plan at future meetings.