Interview with Detective Chief Superintendent Andrew Gould, Cyber Crime Programme lead at NPCC

Dec 10, 2020 | Interviews

The National Police Chiefs’ Council (NPCC) is the representative body of all the police chiefs from the different forces around the country. They work together to improve policing in order to keep people safe from the ever changing threats faced here in the UK. We spoke to Detective Chief Superintendent Andrew Gould about how the Police are responding to the rise in online crime.

Can you tell us more about what the role of Cyber Crime Programme Lead for the National Police Chiefs Council entails?
Policing in the UK is locally delivered simply due to the way our system was designed and established. In the early 19th century, there was a popular fear of a national police force that could become over politicised, consequently, there was an emphasis on local autonomy and accountability. This is one reason England and Wales now have a total of 43 independent county and Metropolitan forces. Police Scotland  and The Police Service of Northern Ireland are additional forces that operate in some of the devolved regions of the UK. Each force is operationally and constitutionally independent, so they cannot tell each other how to manage something. This, of course, is good for democracy, but it is no longer an ideal way to structure policing in the 21st century. We are now dealing with global challenges, a prevalence in online criminal activity and threats that are more national and international. For some time, policing has recognised it needs to be more regionally and nationally joined up, whilst still delivering for local communities. The National Police Chiefs’ Council (NPCC) is a meeting of all the chiefs from the different forces to discuss  strategies, policies and processes with a goal to becoming more coordinated and efficient. This way, we can work out thematic leads and agree a common approach rather than pulling in different directions. In regards to cyber crime, the traditional response from police which was perceived as having low interest and being unlikely to take action has been revolutionised. In recent years, thanks to £55m of extra government funding, there has been massive changes to cyber policing in the UK with upskilling throughout all forces and specialised units opened up throughout the country. We liaise closely with the National Crime Agency, the National Cyber Security Centre (NCSC) and GCHQ, we also have ten regional cyber crime units, plus in the last couple of years, local force cyber crime units. Unlike other areas of policing, the NPCC has tasking control over all of those police teams, so we can focus on the right operational priorities and deliver greater consistency and performance. In recent years, we have developed some fantastic cross-agency working relationships and are able to coordinate and work closely together. We have built a world leading integrated local, regional and national response, focused on delivering local victim care alongside high quality national and international investigations.

With such huge strides taking place in cyber crime policing, what do you see as the main challenges that still remain and what plans are in place to address them?
The development of our cyber crime units has been underway since 2017, and we have now a well established network of local, regional and national centres. This model works really well and allows for some strong incident response and reactive police investigations, however, it is not a game changer in itself. Whilst we believe we have a good understanding of the threat and capability, we don’t feel like we are having the level of impact yet where we are really starting to drive cybercrime down. We are proactive in covertly targeting high level Cyber Organised Crime Groups, yet, we need to start being more proactive in our use of the latest data and threat intelligence, being data driven instead of relying on crimes to be reported.
There are some huge opportunities that policing is starting to work towards in the UK, but there needs to be more investment in creating the platforms so that we can share evidence, intelligence and data between forces. Updating technology would allow policing all the benefits that business gets in terms of working in automated, smart, fast and digitally capable ways. Law enforcement in the UK can’t consistently do that yet because we don’t all share the same technology, that said, there are significant shifts happening such as moving to the cloud. Cloud technology allows a far more collaborative and secure approach to intelligence sharing which leads to a bigger and faster response to online criminal activity and policing is catching up fast in this area.

Policing in general has the four Ps strategy of Pursue, Protect, Prepare and Prevent.  Can you tell us how this translates in terms of policing of cyber crime?
The four Ps is the strategy bedrock used in UK policing adapted from counter terrorism and now embedded in the Home Office’s Serious Organised Crime Strategy.

Pursue as the name suggests is about apprehending and disrupting criminals. This is more complex and challenging to do in cyber space, however due to our close working relationships across the agencies, we’ve built a strong capability and are getting some good operational results with hundreds of arrests as opposed to just a handful in previous years. With the advent of the local force cyber crime units, the Regional Cyber Crime Units have been freed up to focus on high end Organised Crime Groups and are doing some really exciting work.

Protect in the context of cyber crime, is all about prevention, and describes an important part of our work. We strive to educate members of the public and organisations on how to protect themselves online and reduce their chances of being a victim of crime. Working closely with the National Cyber Security Centre, our protect network strongly promotes the Cyber Essentials scheme as something every business needs to get in place to cover the basics. It is true that probably as much as 80-90% of cyber crime can be managed by having simple effective controls in place. Sometimes people can feel a bit overwhelmed and frightened by cyber crime, but the good news is that an awful lot of it can be prevented just by following a few basic rules and you don’t have to be tech minded to do this.

Prepare focuses on helping companies and other organisations develop resilience by planning and preparing for a breach. We know that prepared companies are more able to survive an attack and continue their business operations. Incident planning and disaster recovery can all be worked through hypothetically with the help of table top exercises such as ‘Exercise in a Box’ (an online tool from the NCSC which helps organisations test and practise their response to a cyber attack) and ‘Disruptions and Decisions’ (an innovative exercise/game that features lego, and explores the security decisions people make to protect their businesses). The more businesses test and exercise their plans, the better prepared they will be should it happen for real.

Prevent is an initiative that no other country seems to be doing yet.  We aim identify young people who are at risk of entering the world of cyber crime and divert them away from this pathway towards some of the incredible opportunities that exist in the corporate world. Most of the young people we work with are not in it for financial reward, it is more to test their skills and gain kudos and respect from their peers. Often, they have no idea of the consequences of their actions, nor do they realise it is  illegal.  If you are a robber or burglar, on the whole, there are not very many job opportunities for you in the business and private sector. Cyber skills, however, are incredibly valuable and highly desired in the modern market place and we can direct youngsters towards apprenticeships and online tools that prepare them for interesting and challenging jobs in tech and cyber.
Cyber choices is a national programme led by the National Crime Agency and delivered by Cyber Choices teams around the country along-side police cyber teams. It is an initiative designed to reduce cyber crime by engaging with people who are at risk of performing illegal online activities. Referrals can be made by educational establishments, partner agencies as well as through police investigations.

What advice would you give to organisations who:
Currently know very little about cyber security and are looking to make a start on the journey?
Every small business needs somewhere to start, as they can feel very lost amongst so much information and with so many cyber security companies. Cyber Essentials is that simple and sensible first base, it acts as a great gateway to knowing what you should be doing. For additional help in understanding cyber security when starting on their Cyber Essentials journey, we would recommend they join their local Cyber Resilience Centre to benefit from the latest advice and guidance and access the cyber tools and support they need

Those unfortunate enough to have been a victim?
First, report it to the police, these days you will get to speak to a member of staff and receive the right level of support. A cyber crime officer will be able to point you in the right direction for further help and recovery.
Find out where your nearest cyber resilience centre is and get in touch with them. Membership is free and you will receive important advice and support and learn about pathways to help you manage an incident.
The strong message to all businesses is very clear, to avoid being vulnerable to security incidents, make sure that you implement the essential controls to manage the majority of cyber attacks, organise an effective system of backing up your essential files and practise and prepare what you would do if you had a cyber incident in advance of it happening

What was your own journey that led you to become Cyber Crime Programme Head for NPCC?
In the previous three years before joining the NPCC, I was in the Met’s Fraud and Linked Crime ONline unit (FALCON) and head of the Met’s Cyber Crime Unit. Prior to that, I spent 10 years in counter terrorism, which included leading counter terrorism investigations all over the world. It was very interesting and challenging, but I did get to the point where I needed to spend more time with the family. So I looked for a change of scene and was asked to move into cyber,  I have never looked back, it’s been a great move.

Are there any other current policing initiatives around cyber crime that you would like to share?
The Police CyberAlarm is a brand new policing initiative that organisations’ can use to help monitor malicious activity across their network. Available as an easy to install virtual server, the Police CyberAlarm is a free tool for businesses to help them become more secure online. The system monitors traffic across the internet gateway by looking for suspicious activity at the firewall, on the outskirts of the network. Real time threat data which is collected and analysed by the police can be collated into a body of threat intelligence enabling the police to gain up to date knowledge about the latest attacks and potentially emerging threat actors. Officers are able to feed back specific information to an organisation about if and how they are being attacked and by whom, as well as advice on protecting themselves against more general incidents and trends.
Additional benefits to the organisations include free monthly vulnerability scanning on their websites and external IP addresses. Within months, we believe we will be in a position to be able to offer member organisations live security breach alerts. To find out more about the Police CyberAlarm or to become a member, go to the website.