Comment: Police pledge to protect our data

With data breaches prevalent among the public and private sectors, it is of paramount importance to ensure that any device used whilst on the street is able to be remotely controlled and wiped should a security breach occur.
With data breaches prevalent among the public and private sectors, it is of paramount importance to ensure that any device used whilst on the street is able to be remotely controlled and wiped should a security breach occur.

With the starting gun fired, the new coalition government is focussing on public services and especially spending within the sector. The Policing pledge was introduced in December 2009 to ensure all 43 police forces across England and Wales support law-abiding citizens and relentlessly pursue criminals to keep individuals and their neighbourhoods safe from harm.

The key element of the pledge is the dedication for patrols to be visible on the streets, spending at least 80% of their shift time visibly working within the community. The government’s advertising campaign, costing £5 million, recently hit the headlines once again in March 2010, being met with claims of deceit and dishonesty by the industry ‘Watchdog’. In March 2010 the Daily Mail reported that, on average, an officer spends 13.8% of their time on the beat, reduced from 15.3% in 2005.

However, whilst the debate continues to heat up over the topic of how the new government will support our public services for the good of the country, we have taken a look at the technology requirements of the forces needed to support the police from a strategic viewpoint.

Historically, police on the beat have been required to spend considerable time at headquarters to write up records, due to the lack of technology to support them whilst out on the street. A notepad and pencil, however, is now seen as inadequate and distinctly antiquated in approach. With all companies now embracing the benefits of mobile technology, the police have a number of security considerations to take into account, along with practicality of use and accessibility issues.

Police officers regularly require access to the DVLA database along with the Police National Computer (PNC) to file crime reports. All data handled by the police is personally sensitive and subject to the Data Protection Act. This act clearly states that “appropriate security measures shall be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.”

With data breaches prevalent among the public and private sectors, it is of paramount importance to ensure that any device used whilst on the street is able to be remotely controlled and wiped should a security breach occur.

Blue Cube Security has worked very closely with Staffordshire Police force over a number of years to support them with the introduction of new handheld PDA devices and meet the requirements of the pledge. To date, approximately 2400 mobile devices have been implemented within the Staffordshire force with Ian De Soyza, mobile data project manager, explaining: “We realised at the outset that securing the devices was an essential aspect of the project.”

Rob Swainson, sales manager at Blue Cube said: “A made-to-measure solution was required to best assist the officers. Ease of use was essential along with the practical day-to-day accessibility of the devices, but without impeding security levels. Mobile devices have made significant developments in recent years. With the advances in the devices themselves, this was the easier element to tackle in terms of usability; however the need to meet the security issues that accompany them was the more pressing matter.”

After extensively analysing the requirements of police forces, Blue Cube have highlighted the following areas for consideration:

Encryption

In order for the data to be kept on the device, Blue Cube decided to implement software that allows all data entered to be encrypted and placed in non-volatile storage. This includes automatic encryption when written and decryption when read. With no encryption technology being safe from a brute-force attack, ensuring the highest level of possible security keys for maximum protection was vital.

Accessibility

Hackers and interception of data are, however, only some of the IT security issues that the police face. It is not unheard of for devices to be misplaced or stolen, and therefore authentication and access to the device requires protection. There are two options available: first is password protection and, second, the use of two-factor authentication such as biometric technology.

Password systems are traditionally flawed via the ability for people to pass on passwords to others, or they can be guessed, stolen and also simply forgotten. Advances in biometric technology, however, have shown the promise of fingerprint technology. Biometric access is advancing rapidly and due to its unique nature, unauthorised accessibility is dramatically reduced.

Web-based access

All mobile devices rely on web-based applications. This highlights the reality that the majority of data attacks are targeted towards web-based procedures over the application layer due to the relative accessibility. Recent advances allow software to be deployed as well as de-activated remotely, wiping a device of any data or sensitive information.

Ian de Soyza highlighted how “having solved the security issues, a whole range of possibilities have opened up”. “Storing data on the device”, he says “is a much reduced security risk and this means we can provide officers with more extensive facilities to record details of an incident, be it a traffic violation or a crime report, store this information on the device, transmit it once complete and recall it for reference.”

Since embracing new technology and dedicating the resources and time required to the project, Staffordshire Police has seen a significant increase in visible policing, creating significant cost savings for the force.

With security breaches reaching headlines on a weekly basis it is imperative, especially for those in public services, to ensure that all areas are protected. The cost involved in the implementation of adequate technology is invaluable compared with the real cost of a data breach!


Gary Haycock-West is the CEO of Blue Cube Security. His career within IT began in 1980 and has spanned many sectors including retail, manufacturing and finance for organisations like Key Markets (now known as Somerfield), May and Baker and BZW (Barclays de Zoete Wedd).

What’s Hot on Infosecurity Magazine?