Jamie Saunders, director of the NCCU
Jamie Saunders, director of the NCCU

SC met up with Jamie Saunders, director of the National Cyber Crime Unit (NCCU), a division of the National Crime Agency (NCA), at its Citadel HQ which squats solidly among the gritty council estates of Vauxhall.

The NCA launched a year ago as part of the wholesale reorganisation of law enforcement in the UK designed to increase local accountability and oversight of policing - but the need to deal with national level problems remained.  So the NCA was created to carry out that national ‘lead-coordinate and support' function – beyond cyber – where national level investigations need a national level agency to coordinate local forces.  

The Serious Organised Crime Agency (SOCA) e-crime unit and the Metropolitan Police e-crime unit were then combined to create the NCCU, and its officers are currently drawn 50:50 from those two organisations.
Saunders explained the role of the NCCU: “We are focussing on the higher end of the (cyber) threat and particularly going up-stream.  Local law enforcement needs to respond to individual victims; getting them to a position where they are able to do so is a challenge in its own right.”

From the outset, Saunders emphasised: “The core competence of the NCA is its investigative skills. That's what we do.” Adding, “Good investigators can pick up cyber pretty quickly if they have the right aptitude and willingness to learn; they are good at coordinating activity. Some of the recent operations have not been carried out by deep technical specialists in terms of the investigation.”

A second point made was that: “We don't need to have all the technical capability in-house.  It's a matter of bringing in expertise from outside and partnering up other parts of government or the private sector. And there's the NCA Specials who are essentially volunteers but with deep expertise and experience – which we are promoting quite strongly.”  

Saunders elaborated: “Our capability is layered, like an onion, with the investigator at the core, a range of in-house specialists wrapped around that, and then partners wrapped around that. We can draw on specialist expertise including allies internationally, but we do need our own organic technical skills base and growing and sustaining that is indeed a challenge. The actual core owned by us – we are talking hundreds – is supported by hundreds of others in the broader community.”

Cybercrime is differentiated from cyber-enabled crime, as all crime types are increasingly internet-dependent, with the full range tackled extending from top-end cyber crime, to criminals using sophisticated cyber infrastructure to conduct their criminality – of all kinds, as well as digital policing. All three are interconnected, and the skills challenge runs across all three: “So while I am interested in the top-end skills, for digital policing it's the policeman on the beat understanding the opportunities and issues around digital forensics etc.”  

However, Saunders notes: “We do need to attract people who are near the front of the technology curve, who understand the challenges digital is likely to produce. We will be launching a recruitment campaign very soon to target technologists a little more obviously.”

 “There will be a cadre within law enforcement focused on these more sophisticated cybercrimes.  I don't think they will outnumber people dealing with that wide range of crimes, most of which will become cyber-enabled in some way. Cyber-enabled crime will be the norm.”

Defining the NCCU mission, Saunders says it's about organised crime groups – people who are in it for the money.  NCA's strategic objective is to put a greater focus on suppressing the upstream ‘cyber-crime-as-a-service' marketplace which is driving a whole range of state, non-state, financially motivated, and non-state politically motivated groups.

Next come specific criminal threats which reach a threshold of harm where the NCA sees the need to galvanise international effort to do something about it. Saunders comments: “The Gameover Zeus, Cryptolocker and Shylock operations marked a pretty significant step up, demonstrating that with the right public/private partnerships and international partnerships, we can actually take action and very significantly degrade individual threats like that.  The challenge is, ‘How do you scale and sustain those efforts?'