The head of the PCeU says the unit is doing a lot with not much funding. Does she want more?
The Met’s Police Central e-crime Unit (PCeU) has been a remarkable success story for the UK. Established in 2008 to focus primarily on mitigating cyber crime, it has since gone on to arrest over 150 suspects. That might not seem like a lot, but it is in recuperating money lost to cyber criminal operations where the PCeU has shown its worth.
Back in November of last year, the Met claimed its cyber crime unit had saved the UK economy more than £140 million in just six months. Following that, it continued to announce arrests, taking in 14 over a £1 million phishing scam in March this year. Charlie McMurdie, head of the PCeU, tells TechWeekEurope that the body is set to blast the targets it has been set by government out of the water.
When the government announced it was going to pump an extra £650 million into fighting cyber crime in 2010, it allocated £30 million to the PCeU. With that money, the Coalition asked the unit to save £504 million over four years. “I’m confident we’ve hit that 4-year performance target in year one,” McMurdie says. She thinks the body is “punching above its weight”.
Data sharing has been a big part of the PCeU’s success. Earlier this year a number of regional cyber hubs were established designed to hook up to the PCeU for sharing data.
“Straight away there was a benefit from those hubs,” McMurdie said. “It is not just about the dedicated resources I have to provide a response to cyber crime, it is the contacts and our surrounding family who can give us valuable information too. It may only be a few staff that we have paid for in those hubs but you get their contacts within industry and academia.
“Almost immediately they were up and running, doing their own investigations and working with us. They have already had successful operations.”
As the PCeU gets prepared to be rolled into the National Crime Agency, the success of those hubs will be reviewed. If they are deemed to have been successful, more may be set up across the UK. “We are looking at the benefits and the performance delivered by the hubs to decide whether we want more hubs or whether we can add capability to existing hubs,” McMurdie said.
The PCeU is currently mapping the UK to see where the biggest cyber threats lie. That will inform where potential hubs might pop up.
Despite its success, the PCeU, unsurprisingly, has its fair share of problems. As with law enforcement bodies in other major Western nations, there is a serious cyber security skills gap. “Within law enforcement it is a significant issue for me to get good quality detectives who understand the cyber aspects. The cycle to get someone at the fully trained-up stage takes five years,” the PCeU chief notes. “These are big cases and I need high quality investigators.”
McMurdie has recently set up an internship programme, which she hopes will inspire more to join the cyber side of the force. The PcEU is also a big supporter of the Cyber Security Challenge and McMurdie would like to have her organisation design some of the programmes within the initiative.
There’s also the issue of funding. The £30m the PCeU has currently been allocated seems small, considering this is a division that needs some serious tech do all its forensic and analytic work. McMurdie is proud of hitting targets early, but hints that she would like more and believes that could come when the National Crime Agency is established. “Hopefully that will provide an opportunity for growth. I think we’re doing a good job, delivering results.”
And what of laws – the so-called Snooper’s Charter for instance? Will that benefit the organisation as it looks to use data to its advantage? When asked whether she was happy about the Communications Data Bill, McMurdie said she would not comment on the matter.
Yet it seems the PCeU is already using the current powers it has to work effectively. McMurdie said the organisation was leveraging communications data “day in and day out”, using it to attribute attacks to certain sources and then resolve attacks. Of course, there are those criminals who are smart enough to hide their IP through VPNs or the abundance of other services that can prevent users from being tracked on the internet.
Doesn’t that also make Snooper’s Charter somewhat redundant? Again, McMurdie chose not to comment. Silence says a lot sometimes.
What do you know about Internet security? Find out with our quiz!