Peter Yapp, Peter Goodman, Helen Evans, Gary Brailsford Hart, Nicholas Lloyd and Martin Smith, chairman and founder of SASIG.
The police service as it is currently organised is not agile enough to keep up with developments in cyber-crime, Peter Goodman, chief constable of Derbyshire, told delegates at the first-ever Cyber Security Connect UK 2018, being held in Monaco.
He added that the police have made great strides in dealing with cyber-crime in the past six years but still lag significantly behind rapidly developing threats to security.
Cyber Security Connect UK is organised by DG Consultants/Les Assises in association with the Security Awareness Special Interest Group (SASIG).
"One of the concerns we have is that we are still a bit reactive," he said. "We are not as proactive as we would like to be, and I don’t think we are a sufficiently entrepreneurial enough set of people to keep pace with the way the world is changing."
He said that while surveys showed that the public was suffering increasingly from cyber-crime and online fraud, police services continued to prioritise physical crimes such as burglary and automobile theft over internet-enabled offences. He added that more people he speaks to have been victims of online crime than physical crime.
Police forces remain ill-equipped to deal with cyber-crime though more police forces now have experienced cyber-crime investigators and victims are more likely to receive a response if they report online crime to Action Fraud – previously criticised for poor response to crime reports.
Despite these improvements, he said that police cyber-crime investigations are hampered by the geographical structure of police forces while cyber-crime is cross border. England has 43 separate constabularies and there are just 70 cyber-crime investigators across the whole of England and Wales.
He said that police need to work more closely with industry and academia at a national and local level. "Our industry engagement is good at a national level, but it’s pretty poor at a local level," he said. "So our challenge now is to build intelligence capacity at a local level, and the only way to do that is to work with our colleagues in industry and academia."
Traditional policing has been "blown out of the water" by online crime, he said, because the traditional relationship between victim, offender and location no longer held true.
"In some ways, the digital world and the digitisation of victimology and criminology has shaken policing to its very roots because of the way its structured. We are 43 fiefdoms in England and Wales plus Scotland and Northern Ireland, governed and led in a way that is counter collaborative," he said. "There will come a tipping point where we will have to reconsider the whole structure of policing in the UK and beyond if we are to cope effectively with the new threats that we face. It's a really big issue for us and it's coming quicker than most people think."
Gary Brailsford Hart, director of information and CISO at City of London Police, told delegates that Action Fraud had been overhauled to make it more effective and urged delegates to report all incidents of fraud not only to help build a better picture of the overall problem but also to generate actionable intelligence.
He said that Action Fraud collects more than 25,000 reports of incidents per month of which 12,000 to 15,000 of these are disseminated if it contains actionable intelligence.
Air commodore Nicholas Lloyd, CIO for all UK military operations, suggested that the threat of cyber-crime by nation-states was overblown. He told delegates that while cyber-crime – especially by nation-state actors – is well resourced, it is unlikely to affect individual companies directly.
"Think about your patching and disaster recovery arrangements, but don’t panic too much because states are not going to use their best cyber-exploits against you – they are going to save those to use against other states. It’s more about collateral damage in that respect," he said.
One delegate asked what work was being done to overcome the geographical boundaries around law enforcement to combat what is essentially a threat without boundaries.
Peter Yapp, deputy director at the National Cyber Security Centre (NCSC) said that because of Brexit, the NCSC is working with countries at a deep level around the world to build cooperation around cyber-security.
Helen Evans, representing the Home Office, said that it is widely recognised that the impact of a no-deal Brexit on law enforcement will be significant – for instance, leading to the loss of the European arrest warrant and affecting cooperation with Europol.
It was revealed last week that the Met Police had set up a no-deal Brexit focus group to scope out workarounds to these and other problems for law enforcement.
"If we are in no-deal territory, then it will be a case of making everything work through the excellent relationships that law enforcement have with European partners but it will take longer for each contact that is made because it will be a case of reinventing the rule book. With a deal we can preserve some of those instruments and that is very high on the list of things that the Home Office and government are arguing for."
However, she added, not everything was bleak – the Budapest Convention exists outside the EU and provides a model for international police cooperation.
And Brailsford Hart pointed out that police already work internationally as, for instance, the City of London Police has liaison officers in New York City.