Webinar presenters Jed Stone, Jill Battley, Eldon Amoroso, Bonnie Locke, and Patrick Doyle answered a number of your questions after their presentation, Improving Police Information Sharing on a Global Scale. Here are just a few of their responses.
Audience Question: Someone wants to know a little bit more about effective tabletop exercises. How do you conduct them? How many agencies are involved, and what are some of the best practices you can recommend?
Jill Battley: Okay, so the tabletop exercise, it can be either, as Eldon said, local, for just your internal organization between yourselves. Even sharing intelligence amongst intelligence unit and operation officer. There are already difficulties and barriers to that. And or it can be, I’ve been involved in the way they’ve been multi-agency, and you’ve got the first responder there as well. And I’m sure Jed you must have done some of that when you were working ready for the Olympics at doing that multi-agency tabletop. And there are plenty of organizations out there that will run them professionally for you, if you’re not used to running one of them, I would highly recommend, in the first instance, who’s getting some wanting to run it for you. And they can work exceptionally well, the learning from it. And also, the content you make an across the board. You just can’t replicate that. So, I would very much highly recommend tabletop exercises. Seminars, are also really important, providing them not too insular and inward-looking, and that you do open it up to practitioners, operational staff, as well, to learn from them. But for me, some key points would be, the agreement beforehand on sharing and the protocols. You can do that slow time and fast time that you have to rely on standards and understanding about what’s required and what you’re going to do with the intelligence when you get it. And vetting is another important aspect with intelligence if you’ve got people that hits the right level and are not just vetted once when they start that role but vetted on a regular basis. That gives other agencies and other organizations confidence that you are operating to a standard that they can relate to, and they’re happy to share that intelligence with you.
Jed Stone: Conscious comment on that, as well, and just purely because, I think exercise, exercise, exercises is one of the things you —– before the Olympics, you can’t get enough exercise and your doctor to tell you that, so it must be true, right? These tabletop exercises and stuff really show in advance the problems, in advance of the actual incident happening, where is your sharing of information, or intelligence letting you down. And, so, just to actually take part in these things can really help uncover a lot of problems before they are a real problem. And so, yeah, I would, absolutely, and we used to do and do your part, as well, lots of multi-agency exercises. Whether that was law enforcement agencies, could be social services, could be Public Health England. All that sort of stuff is really worth it.
Jill Battley: I think just on that Jed, as well. Another important aspect, a plot from the exercise, for me, is the debrief, and people don’t pay enough attention to debriefs. So, in the UK, we tend to have what we call a hot debrief, which is immediate the time, and what we need to do. But actually, longer term, we then have a proper on its usually an all-day on some of the serious instance, sometimes longer. And it can be a themed debrief. Or a chronological debrief, depending on what’s relevant to the incident. But the debrief on being properly monitored and captured and the lessons that come out of it. And then what are you going to do with that? What are you going to do with those lessons? Were you promulgating them? Who are going to benefit from it? Because it’s no good just benefit the poor people in the room. It’s got to be wider and broader than that.
Audience Question: How can law enforcement work more closely with industry to share information? And is there a sense of whether or not this is something that law enforcement is even open to?
Patrick Doyle: That anyone can answer. I’ll tell you ———– Cybersecurity. Absolutely. And there could never be enough sharing on the cyber end because a lot of the cybercrime is commerce-based. Not all of it. Obviously, people get traded and all sorts of debauchery perpetrated on both the internet and the dark web and other places and just through pilfering. But absolutely, I think law enforcement is open to it, Jill, Eldon is closer in time than I am to law enforcement service. I think they’re more open to it every day and are getting picked on themselves enough with cyber-attacks that they’re now saying what commerce and industry and other government agencies are up for. So, panelists weigh in, please. But I say yes, law enforcement is open to it.
Eldon Amoroso: Okay, yeah, I’ll just jump in for a moment. I think really that they are open to discussing those things. We had a webinar last week from the CACP side of things and we have Jim Emerson, who all of you probably know, speak about some of the trends that he’s seeing in cyberattacks. What are they trying? What’s been successful? Where did it? How did it come in? All of those things. And then we had, for the second half, we had a company and Peel Regional Police talk about how they’re building a framework to prevent those attacks. And so, I think those kinds of discussions in the area of cyber-attacks and cybersecurity are so critical, and that’s where sharing will suffer a real black eye if we are hacked, and that information is exfiltrated out. And so, that is a huge issue for policing.
Jill Battley: We, at the yard. There was, I suppose, this view that everything intelligence mentioned in the intelligence unit, and nothing came out, and that used to be the case. But we actually reached out to organizations in the city and said, look, we want to work with you to prevent or to be able to work together if there is an incident. And so, this is, again, where the tabletop exercises came in. So, many of large organizations have their own head of security. They have their own intelligence units. They have their security people, and we actually worked and did exercises with many of the organizations to combat a range of criminality. I won’t go through all of it, but it’s many of the serious crimes we worked on, the what-if scenarios, what are you going to do if that happens to the organization? And I suppose getting across to them, that we’re there to help and support them. First, to prevent it in the first place. But then secondly, if it does happen, what they could expect from the police, but also what do we need from them during the investigation. So, it was a partnership approach, very much so.
Patrick Doyle: And you would agree, Jed. We talked about this. I think law enforcement, in some cases, is jealous of the socks and the knocks that private companies have. I know you work for both sides of the public and private sectors. We’re quite jealous of the way in which they outfit their cybersecurity apparatus.
Jed Stone: There are different capabilities ——. And I think law enforcement should actually look to encourage working with industry, there are a lot of skills out there. On public sector pay, maybe, you don’t necessarily always get within the policing service. So, I think it’s this, kind of one of those things and establishing those relationships and that kind of rules of engagement and how that actually works. But there’s so much stuff around law enforcement these days. It doesn’t actually need to be done by this might be unpopular, a warranted officer. So, should we not be looking to certain other capabilities and just one example. Taking around the cyber, I worked for a period of time in Gloucestershire Constabulary and smaller constabulary, fantastic, perfectly formed. What they really excelled at was actually enlisting cyber volunteers. And so, while we have special constables that undertake that work in their own free time for no pay and take them a lot of hassle. Gloucestershire actually did the same thing with people that can actually do kind of cyber security stuff, ethical hacking, and all that kind of pay. So, there are also alternatives out there. Where we can start to work better with the industry. And a lot of those people that are volunteering their services were from industry and they want to have helped as well, please, and help their community.
Bonnie Locke: Nlets has had a strategic partnership program for probably 12 years now. We acknowledge the need to work with the industry. We’re kind of at center square between government and industry because there’s all this work, to your point, Jed, that police need to outsource. And so, we needed a way to allow them to securely share information as a kind of that extension of government. And I think what I try and tell my practitioner groups is, don’t be afraid to work and talk to industry. They’re a critical partner in all this. There are certainly some things they shouldn’t have access to, but there are many, many things that could be and should be done, perhaps by industry or in a partnership.
Patrick Doyle: And some of that occurred by incident with police departments. One in the United States suffered ransomware attacks and things like that, and they needed private industry to help them. They were more than happy to do so. And now see. As Jed said, some of the highest level experts in the cyber field are not in the government which may be unfortunate. You may think that is unfortunate. I do. But a lot of that technology and IT and just the staff resources to do that, those are private citizens who work for companies that law enforcement now needs. So, I think this partnership is going to build over the next many years.
Audience Question: Can you talk about information exchange operability standards specifically for digital evidence management, such as body-worn cameras, in-car cameras, remote aerial systems, and so on and so forth? Is there a standard that is effectively dealing with digital evidence management?
Patrick Doyle: I’ll kick it off and then let the others. You know, it’s funny, going right back to industry. Industry often creates those standards because they sell across geographies. So, in some cases, industry is at the forefront of that, creating similar file formats and ways in which, you have a let’s say, I have, I won’t even name the contractor, but I have a certain body-worn camera. And you’re on another government agency in another region of the country or another country. You know that you can share, because you’re dealing with the same, in some cases, it might even be the same on that, and law enforcement would be the same cloud. But it’s almost set up by the fact that vendors want file formats and sharing capabilities between their clients wherever they are. So, that is a trend that is occurring naturally in the business world, where I don’t want to create different file formats and different ways of sharing for different clients, just because they’re in different countries. That’s my first thought. Others.
Jed Stone: I’m sorry. I’m just going to jump in on that one thing, we sit in the very early days with the management of digital evidence, or as we call it in the UK digital assets because it could be intelligence, as well as evidence, or just information. And I think we all stood in the early days. I think file formats are industry standards and that’s great. There are still a lot of vendors out there using very bespoke formats for particular products. It’s how we actually handle that content management of evidence and digital assets moving forward. When we talk about sharing, yes, the file format is something that comes back to this point around misinformation. And, actually, if you’re sharing evidence, how would you share physical evidence compared to how you would share digital evidence? Saying, we still got some work to do looking at the mechanisms for that and ensuring that the chain of custody can’t be manipulated. I would suggest it’s probably easiest to have physical evidence and digital evidence at the moment and guarantee that hasn’t been tampered with.
Patrick Doyle: For some of the thought leadership groups we work for, IACP, International Association of Chiefs of Police, and the —— Institute. We’re currently working together on a study of the digital evidence life cycle, and these common technology needs, as it goes, between geographies, and we’re finding that there isn’t much common between the City, police department, and the City Prosecutor’s office. So, they’re not even sharing, effectively between agencies, under the same geography, same geographic and political umbrella. So, we haven’t gotten to that point yet. Good question. But I think that it doesn’t exist nearly to where that level it should be. Just by looking under the covers, within a geography, in terms of digital evidence, and sharing of those. There are no standards that I find applicable, even in singular states or territories. Have others found that? Our studies are in their initial phases but we’re not finding that there are standards are good enough to rely on across international borders. They certainly aren’t even across town, in some places.
Eldon Amoroso: The Province of Ontario is kind of working towards some standards on that, which I think is just really terrific. But, yeah, we’re not as far along in that as, as we could be, or as any of us would like to see, and that’s for sure.
Audience Question: What guidance would you be able to share in regards to prosecuting cybercrimes for district attorneys and other prosecutors in the US?
Patrick Doyle: Okay, hopefully, you mean in terms of that would be cross-jurisdictional outside of the country globally. We’ll assume it’s that method, well, honestly, prosecutors have a certain level of they can, I don’t want to say they can usurp the rules, but the police are usually very oriented to rules following and probably have more difficulty sharing than would be prosecutorial agencies. It just seems that at that level of government, they are able to ask for exceptions across international boundaries. In other words, when a prosecutor, we have this happened many when I was in police service, prosecutor or a crown prosecutor from one of the provinces in Canada called, it rose to a different level, and we found a way to get that done. You’d hate to say that a frontline officer called, maybe it wasn’t as urgent. But I do think the prosecutorial entities of the world have another level, they also have another, they’re closer to the political leaders, and can get things done. I know that’s a roundabout way of saying, I think they have less of a problem than do the police agencies in sharing, but standards at the prosecutorial level would be excellent as well. This way, they received information closer to be ready to prosecute and present in court. And those don’t exist except in terms of the international court, which has some standards. So, I don’t think those exist, and it’s a great question. I think it’s we’re just beginning to understand that. But I think the prosecutorial agencies probably are going to get some action sooner than our frontline police officers who want to share the same evidence that isn’t, or at the point where it’s ready, for prosecution, others. Any, anything to add to that? Great question, and it needs to be addressed. That’s where the rubber meets the road, right. Before it gets before a judge, it better be received, in a way in which the prosecutor can use it according to local standards. and we’re certainly not there yet. Great, great question. Further out, our problems are at our feet, not quite far that out on the horizon, but excellent, excellent question.
Click Here to Watch a Recording of Improving Police Information Sharing on a Global Scale.