Chapter 8: What are the governance and leadership arrangements for digital crime at a national and force level?
Please note: In July 2017 HMIC took on responsibility for fire & rescue service inspections and was renamed HM Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS). Inspections carried out before July 2017 may continue to refer to HMIC.
Real lives, real crimes: A study of digital crime and policing
Chapter 8. What are the governance and leadership arrangements for digital crime at a national and force level?
What are the national governance and leadership arrangements?
8.1. One of the 12 National Police Chiefs’ Council’s co-ordination committees that are designed to provide direction and oversee the development of policing policy is the crime operations committee. One of the national policing portfolios that reports to the crime operations committee is the digital intelligence and investigation portfolio. It was established in June 2014 when the chief constable of Essex, Stephen Kavanagh, was invited to “co-ordinate the response to digital intelligence and investigation.”
8.2. As a consequence, the development of digital capabilities across the police service is being brought together under the Digital Intelligence and Investigation Framework. (See Digital Investigation and Intelligence Policing Capabilities for a Digital Age, National Police Chief’s Council, April 2015. This was endorsed by chief constables in April 2015. A capabilities management group, chaired by Chief constable Kavanagh, has been established by the National Police Chief’s Council, the National Crime Agency, the College of Policing and the Home Office.
8.3. The group will co-ordinate a number of existing strands of work which are directly related to digital crime but housed in different national portfolios, such as digital forensics, communications data, intelligence, economic crime, online child sexual exploitation, social media engagement and cyber-crime.
8.4. The immediate priority for the management group is the development of guidance to help forces establish the necessary capabilities to deal effectively with digital crime. If successful, this will help to establish consistency in the way that victims of digital crime are served across England and Wales.
8.5. While the police governance structure may now have been simplified, the funding arrangements remain complex. Funding is currently provided through a number of unco-ordinated streams which include:
- the Communications Capability Development Programme (a government programme designed to ensure that police forces and the security and intelligence agencies have the capability to detect, prevent, disrupt and investigate crime);
- the National Cyber Security Programme (the government of the day put in place this programme as part of the Strategic Defence and Security Review in 2010. This provided funding between 2011 and 2016 for the Government’s response to cyber threats. See: [t]he Strategic Defence and Security Review”, Her Majesty’s Government, October 2010, page 47, paragraph 4.C.1.)
- the Police Innovation Fund (a Home Office fund of £50M for projects aimed at transforming policing through innovation and collaboration. See: the Home Office website); and
- a force’s own funding from council tax precepts or the Police Grant.
There are also examples of additional funding being made available through European and academic partnerships.
8.6. None of these funding streams has the development of digital policing capabilities as its core function. As a consequence, the ability to lead national change is reliant on the ability of the police service to bid successfully across a range of funding.
8.7. In the past, when aspects of digital crime were spread across a number of different portfolios, there lacked a central point of co-ordination to ensure that any secured funding was most effectively used.
8.8. We hope that, with the advent of a single portfolio, these funding issues will resolve themselves.
8.9. The purpose of this study has not been to inspect the suitability of national structures or, indeed, the effectiveness and efficiency of these individual portfolios. We can say that that the national policing leads with whom we have spoken are clearly passionate about this area of policing and are committed to improving the national policing response to the many and varied challenges presented by digital technology.
8.10. We are certain that the provision of effective digital investigation and intelligence policing capabilities will require the transformation of a significant proportion of the current policing model within England and Wales. Such transformation will require both governance and funding.
8.11. HMIC regards the co-ordination of this area of business as a positive step. The next challenge is obtaining a secure source of funding in order to take forward the work that will be required to place the police service nationally in the best position possible to respond effectively to digital crime.
What are the governance and leadership arrangements at a force level?
8.12. The case for strong leadership and co-ordination nationally is duplicated at a local level. While the minimum levels of capability may be set at a national level, it is for forces, and in particular chief officers, to ensure that they are provided at a local level.
8.13. We found that the level of involvement of chief officers varied. Some were clearly engaged and had taken responsibility for putting in place clear management structures, strategies and tactical plans. Those tasked with the implementation of these tactical plans were empowered, as a result of effective governance structures, to take matters forward themselves. As a result, these forces were more advanced in the development of their response to digital crime.
8.14. In one force, there was a clear thread of commitment from the police and crime commissioner through to the force’s implementation leads. There was a clearly identified chief officer who was able to task, analyse, authorise and, most importantly, co-ordinate change through a management board. A detective superintendent was identified as the strategic lead with four chief inspectors responsible for the implementation of the board’s decisions. Tactical implementation plans were in place and there was clear evidence that these were being put into practice.
8.15. As part of this structured response, the force was able to ring-fence a budget, controlled by the chief officer lead, in order to improve the force’s digital capability. This was the only force which we visited that had such dedicated funds. The availability of identified funding further facilitated the process of implementation. As one implementation lead commented:
“the strong strategic structure enabled the implementation of the plan in a relatively straightforward manner.”
8.16. This position was not achieved overnight. The original business case for change was written in 2013 and had been, in the words of one senior officer, “a slow burn”. However, the force is now in a position that allows senior officers to be confident that, in a relatively short period, they will be able to demonstrate real change in how the force responds to the needs of the public.
8.17. In other forces, the responsibility for effecting change had been devolved to middle-ranking officers. We found these officers to be well informed and passionate about this area of business. They were committed to driving forward improvements within their particular force and they had achieved impressive results, often by sheer force of personality and interpersonal skills.
8.18. However, while their commitment should be recognised and applauded, it was clear to us that these officers were hindered by the need to drive activity ‘upwards’. This involved gaining access to individual tiers of authority seeking endorsement along the way before any particular initiative could be presented to the relevant chief officer when, if approved, it was then driven ‘down’ and implemented as policy.
8.19. By way of example, we were presented with a strategic training plan in one force. It was an impressive document which provided detail of the various facets of the organisation and the training that was to be provided, by whom and by when. Unfortunately, in the absence of a clear ownership by chief officers it had not been approved, or, in one instance, even seen by senior managers. As a consequence, there was no guarantee that it could or would ever be implemented.
8.20. We consider that the transformation that is required with regard to digital crime cannot be provided by ad hoc arrangements and an over-reliance on middle managers. Irrespective of their personal knowledge and expertise, they do not have either the appropriate level of authority or the strategic oversight to ensure that the required capability is provided in a structured and effective manner.
What external partnerships have the police formed?
8.21. All the forces that took part in the study had, either individually, or in some cases through a regional capability, recognised the benefits of entering into partnerships with academia, businesses and partners within government.
8.22. In one force, such a partnership has resulted in the relocation of the force’s digital forensic services and staff to the local university’s campus. This enables the force’s digital forensic teams to work alongside university staff and students. The force considers that this partnership provides a wide range of benefits which include: enhanced research opportunities within an operational environment; the ability to develop an internship scheme; and improved experiential and practical learning for students.
8.23. We also found that a number of forces were making good use of partnership arrangements at a national level, such as the Cyber-security Information Sharing Partnership, known as CISP. (This is a joint industry and government initiative, designed to share cyber threat and vulnerability information and therefore reduce the impact on United Kingdom business. See: the CISP website). This is part of Cert-UK, the United Kingdom National Computer Emergency Response Team (Cert-UK has four main responsibilities: providing national cyber-security incident management; supporting critical national infrastructure companies to handle cyber-security incidents; promoting cyber-security situational awareness across industry, academia and the public sector; and providing a single international point of contact. See: the CERT-UK website). CERT-UK was formed in March 2014 in response to the National Cyber Security Strategy. (See: [t[he UK Security Strategy: Protecting and promoting the UK in a digital world, Her Majesty’s Government, November 2011.)
8.24. CISP is a joint industry and government initiative which shares current threat and vulnerability information in order to increase awareness of the cyber threat and therefore reduce the impact on businesses within the United Kingdom.
8.25. We found that a number of forces were engaging with local businesses and raising awareness of the benefits that membership of the partnership provides. One force was seeking to establish, at a local level, a similar forum with membership open to business and individuals.
8.26. Other forces were using the same principle at a neighbourhood policing level. Subscribers to an alert service received online updates of emerging digital threats.
8.27. We commend these local initiatives to other forces which have yet to consider how best to ensure that their local communities are involved in responding to the threat which digital crime poses.
- Cyber-security Information Sharing Partnership (CiSP)
- Get Safe Online
- Cyber Street Wise
- Cyber Essentials
8.28. The police service needs to create effective leadership, and governance arrangements and strategies at all levels to manage the threat that digital crime poses, engaging with all those inside the police service and in the private sector who are able to provide expertise.