Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
This strategy has been developed to outline the way in which Hertfordshire Constabulary will identify and tackle the threat presented by cyber crime.
Hertfordshire Constabulary is committed preventing crime and protecting victims of crime. This strategy sets out what Hertfordshire Constabulary will do to effectively manage cyber crime in order to minimise the impact of this rapidly evolving crime type on the residents and businesses across Hertfordshire and beyond our borders. The strategy will focus on both the prevention and detection of offences, and will also focus on identifying emerging trends to reduce the opportunity for criminals to target residents and businesses across the county.
The National Cyber Security Strategy key aims are to Defend, Deter and Develop. This Hertfordshire strategy will mirror that ambition to ensure that the work undertaken complement both the regional and national work to combat this threat, however in Hertfordshire the plan will be delivered using the 4 ‘P’ Framework (Protect, Prepare, Prevent, and Pursue) to provide consistency with the local approach to tackling Serious and Organised Crime, and also the Hertfordshire Fraud Strategy.
This plan demonstrates how Hertfordshire Constabulary will deliver its approach to cyber crime, and builds on the commitment outlined in the Police and Crime Commissioners Community Safety and Criminal Justice Plan 2017-2024 ‘Everybody’s Business’ which highlights the desire to ‘maintain and develop capability in response to rising and changing threats’.
The National Cyber Security Strategy (NCSS) outlines that ‘the vision for 2021 is that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world’.
Whilst this Hertfordshire strategy will deliver its ambition through the 4 ‘P’ strategy it mirrors the Defend, Deter, and Develop objectives outlined within the NCSS, that being:
We have the means to defend the UK against evolving cyber threats, to respond effectively to incidents, to ensure UK networks, data and systems are protected and resilient. Citizens, businesses and the public sector have the knowledge and ability to defend themselves.
The UK will be a hard target for all forms of aggression in cyberspace. We detect, understand, investigate and disrupt hostile action taken against us, pursuing and prosecuting offenders. We have the means to take offensive action in cyberspace, should we choose to do so.
We have an innovative, growing cyber security industry, underpinned by world-leading scientific research and development. We have a self-sustaining pipeline of talent providing the skills to meet our national needs across the public and private sectors. Our cutting-edge analysis and expertise will enable the UK to meet and overcome future threats and challenges.
This strategy deals with cyber crime in the context of two interrelated forms of criminal activity:
Crimes that can be committed only through the use of Information and Communications Technology (ICT) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g. developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity); and
These are traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).
The NCSS outlines the areas of threat and vulnerability, and the key areas include:
2021 data provided by the National Fraud Intelligence Bureau, Office of National Statistics and National Crime Survey highlight the scale and potential for increase in cyber related offences as follows:
Cyber crime reporting is increasing, both nationally and within Hertfordshire with figures from NFIB indicating that nationally, 47% of all crime is cyber or fraud related. It is becoming increasingly difficult to separate fraud from cyber as the technological enablers of email and mobile devices have increased the potential for offending in this way exponentially, not to mention making it harder for the offenders to be identified and caught as they can now commit offences anywhere in the world.
The 2019 HM Government Serious and Organised Crime strategy outlines both cyber crime and bribery & corruption as thematic areas of organised crime. This is further articulated within the NCSS which highlights the insider threat, and this strategy replicates the risk articulated within the NCSS:
Insider threats remain a cyber risk to organisations in the UK. Malicious insiders, who are trusted employees of an organisation and have access to critical systems and data, pose the greatest threat. They can cause financial and reputational damage through the theft of sensitive data and intellectual property. They can also pose a destructive cyber threat if they use their privileged knowledge, or access, to facilitate, or launch, an attack to disrupt or degrade critical services on the network of their organisations, or wipe data from the network.
Of equal concern are those insiders or employees who accidentally cause cyber harm through inadvertent clicking on a phishing email, plugging an infected USB into a computer, or ignoring security procedures and downloading unsafe content from the Internet.
Whilst they have no intention of deliberately harming the organisation, their privileged access to systems and data mean their actions can cause just as much damage as a malicious insider. These individuals are often the victims of social engineering – they can unwittingly provide access to the networks of their organisation or carry out instructions in good faith that benefit the fraudster.
The overall cyber risk to an organisation from insider threats is not just about unauthorised access to information systems and their content. The physical security controls protecting those systems from inappropriate access, or removal of sensitive data or proprietary information on different forms of media, are equally important.
Similarly, a robust personnel security culture that is alive to the threat posed by disaffected employees, fraud in the workforce and industrial and other forms of espionage is an important element in a comprehensive approach to security.
The spectrum of offences which the term cyber crime encompasses is incredibly broad and, dependent on the offence itself, can have a significant impact on the welfare, health and reputation of the victim. Victims can be either individuals, who are usually victims as a result of some social engineering, or businesses who are targeted victims for significant financial loss through the cyber dependent ‘hacking’ and malware type offences.
The aim for Hertfordshire Police is:
The Hertfordshire Serious Fraud and Cyber Unit (SFCU) is the force’s response to fraud, courier fraud, cyber dependent and cyber enabled financial crime, and all serious and complex fraud.
The team will continue to focus on the prevention and investigation of serious, complex and sensitive cyber- crime and financial crime, as well as supporting and advising colleagues in other departments dealing with cyber and financial investigations.
Cyber crime covers a whole range of illicit online activity from hacking, fraud and scamming, to stalking, hate crime and even human trafficking.
The unit is a specialist point of contact between officers, partners, other agencies and businesses in the fight against online criminality and will be working in partnership with colleagues within the Local Policing Command and ERSOU.
To reduce the impact of cyber crime by understanding and dealing effectively with the current and emerging threat.
We will work closely with partners and our local communities to increase capacity, capability and effectiveness at identifying and tackling cyber crime. Success will require support and knowledge across the partnership to firstly identify threats and crime, and joint work to achieve increased investigative and intelligence capabilities across policing and other partners.
In order to prepare effectively in terms of staffing capacity and skills/technological capability the force needs to understand the local demand from cyber crime, and the levels of potential threats faced.
The force will maintaining accreditation of the Digital Forensics Unit in accordance with ISO 17025 (and future digital ISO requirements) to ensure equipment and processes withstand scrutiny in a criminal court.
The force will invest in the technological hardware and software required to effectively investigate cyber crimes, and seek regional support when required.
The force will ensure the provision of specialist support (DMI, CDIU, and CAB) to support investigations, and that SIOs and OICs are aware of the digital investigative opportunities to implement at the earliest opportunity during an investigation.
Through the Serious and Organised Crime Partnership Board work with key external stakeholders to ensure key messages are understood within their organisations to assist in identifying and responding to the early signs of cyber crime activity.
To strengthen the protection of individuals, communities, systems and infrastructure against cyber crime.
Our ambition is to strengthen cyber crime capabilities across our existing workforce through process improvement, professional development, and sharing of good practice. Our aim is to deliver a dynamic and efficient response to cyber crime, making sure that we maximise the use of digital techniques and other proactive tactics so investigations are more proactive and less protracted. The force must strive to embed a plan to support criminal investigations and safeguard victims.
To evaluate the use we make of cyber specials and volunteers to ensure that they are used effectively.
To ensure that 100 percent of victims who report to Action Fraud will get advice in person or over the telephone to prevent them becoming repeat victims.
To increase the visibility and awareness of Action Fraud to the public across Hertfordshire to support the response to cyber crimes.
To ensure that the force is able to identify victims of cyber crime, and provide victim support to all vulnerable victims in Hertfordshire.
To maximise the use of the national Know Fraud database which is the bureau’s intelligence system with details of all cyber crime to help build knowledge and resilience of threats.
To stop individuals becoming involved in cyber crime, and to provide an effective deterrent to this criminality.
Effective policing also means developing a better understanding of the risk profiles of individuals and businesses in our communities so interventions are targeted effectively. Hertfordshire will use national and local intelligence to understand the local threat and risk profiles of their communities.
To ensure that 100 percent of young people identified as vulnerable to cyber crime will get prevent contact and intervention from a prevent officer where appropriate.
To build partnerships with industry and other organisations outside law enforcement to maximise the opportunity to identify cyber crime, and disrupt those offenders impacting across Hertfordshire.
To enhance internal and external web-based information with guidance and advice for officers, staff, organisations, and the general public to be able to identify and protect themselves from becoming a victim of cyber crime.
Engaging with schools, communities, partners and businesses to share messages around cyber criminality.
To promote Cyber-Security Information Sharing Platform and Cyber Essentials programme to local businesses
To utilise our internal expertise to work with partners at time of need to protect the public from threat following an attack, or upon intelligence of an imminent attack.
To reduce the cyber crime threat through the investigation of individuals and groups engaged in cyber crime and the disruption of their activities.
A better understanding of the impact of interventions will result in more effective interventions. We will maximise our use of technology, analytics and evaluation to develop more evidence based practices and understand impact.
To maximise the use of the Organised Crime Group (OCG) mapping process through which those groups engaged in cyber crime criminality are disrupted and dismantled.
To ensure that those recorded crimes which have the highest risk and complexity are investigated by the dedicated Serious Fraud and Cyber Unit.
To maximise the range of disruptions through the use of the partners available, including GAIN which is accessible through the ROCU.
To seek specialist advice and support from the Eastern Region ROCU to enhance the ability to disrupt and dismantle individuals and groups engaged in cyber crime.
To ensure that all cyber crime OCG’s are briefed at Regional level through the Regional Tasking and Intelligence Group led by the ROCU, to share emerging threats and maximise the delivery of support from the ROCU and other agencies.
To deliver an effective media strategy to warn and inform the public of immediate threat, provide protection advice, and reassurance to residents and businesses.
The Eastern Cyber Resilience Centre is part of a national network of centres, established by the Home Office to help businesses, charities and public sector organisations tackle the rising threat of cyber-attack.
The Centre is a not-for profit limited company that is staffed by police and funded through a mixture of private and public money.
Sitting alongside the existing Police Cyber Protect Network its key objectives are raising awareness of cyber risks and providing affordable services to its members to help them recognise their own vulnerabilities and improve their cyber resilience.
Working alongside partners in the private cyber sector, academia and the police, the centre is uniquely placed in its ability to reach out to regional businesses and help them to become more secure in the online space.
For more information, please visit the website (opens in a new window).