Policing the digital streets
Nicola Whiting explains why police forces are turning to automated defence systems to fight criminals in cyberspace.
The global cyber-attack that struck the NHS has thrown the state of cyberspace into sharp relief. Easily accessible, automated software tools are flooding the digital underworld, enabling even amateurs to carry out sophisticated cyber-attacks, while the pool of specialists needed to protect against them runs dangerously low. With a manpower shortage affecting their ability to secure critical networks, police forces and law enforcement agencies around the world are turning to new automated cyber security systems. The internets underbelly, the dark web, is now home to multiple, highly-structured criminal organisations. Peddling their wares on the equivalent of a black market eBay for cyber weapons, hackers sell attacks with different levels of sophistication, complete with user reviews and performance ratings, some of which even come with a money-back guarantee. The online arsenal ranges from automated distributed denial of service (DDoS) tools, which overload networks with barrages of data, to dictionary attack tools that autonomously pump out endless password combinations to break into private devices, to more sophisticated exploit kits that attack unpatched zero-day vulnerabilities. Reports show that hackers are using these automated weapons to dramatically simplify and multiply sophisticated cyber attacks on critical national infrastructure, public sector agencies and government bodies. With access to this kind of ready-made, automated software, cyber criminals with only rudimentary skills have been able to carry out cyber-attacks with levels of sophistication which would have previously been far beyond them. As a result, the number of cyber attacks has risen exponentially in recent years, while at the same time, the network of cyber criminals has widened thanks to the widespread availability of automated hacking tools allowing amateurs to become experts. The cyber attack that hit the NHS and other organisations demonstrated the potential devastation these tools can inflict. The perpetrator(s) behind the attack used an automated delivery tool known as eternal blue to deliver ransomware payloads en-masse. The tool allowed the malware to spread through file-sharing protocols set up across the internal networks of various NHS Trusts like wildfire, causing widespread delays and cancelled scans and operations. A similar ransomware attack on a US police department wiped out eight years of vital digital evidence. These automated hacking tools can quickly multiply a single attack into a multitude of cyber attacks at a speed and scale far beyond humans, at a time when the pipeline of human talent needed to defend against such threats is running low. The (ISC)2 International Information System Security Certification Consortium 2017 Global Information Security Workforce Study, the largest ever survey of the global cyber security workforce, found an expected shortfall of 1.8 million cyber security workers by 2022. A critical shortage of defenders, coupled with tools that multiply the number of attacks exponentially, has made organisations easy prey for cyber criminals. The Police Response Due to the nature of police operations, critical systems cannot afford to fail and the sensitivity of police data means that this information must be protected at all times. This makes the police, like the NHS, a prime target for financially-motivated ransomware or data extraction attacks because of the value of their data and systems information. Fighting fire with fire, a number of police forces and law enforcement agencies, such as the FBI, are now increasingly deploying automated cyber defence technologies to ensure their networks and computer systems are fortified against this new era of autonomous cyber-attacks. To ensure absolute security, these organisations are using intelligent software that can scrutinise and audit swathes of digital infrastructure for any underlying vulnerabilities that would leave an organisation at the mercy of hackers. Such technology aut