The new age of cybercrime and crime fighting has Law Enforcement officials using social media tools like Facebook, Twitter to inform the public and allow residents to interact with them and to help solve crimes – take this year’s Stanley Cup riots in Vancouver, an estimated 117 arrests and counting (some already serving convictions), tipped off by more than 3,000 messages offering tips about the identity of those appearing to commit criminal acts.
More than 600 messages came with YouTube links and 1,011 links to other social media sites, mostly Facebook. Social media has created a whole new world for law enforcement, and in some ways the police have never had it so good but with the good there is also bad. Most social media networks do not check the links in users’ posts to see if they could lead to Web malware threats such as drive-by-downloads allowing a passage way for viruses and malware – the cross-site-scripting attacks that took place against Twitter in September 2010 are a clear example of how attackers conducted harmful tests and virally evolved their attacks into the social media world. Law enforcement departments are now taking these threats seriously and are protecting their internal IT infrastructures, but what about mobile systems?
Cruisers are equipped with communications appliances, which police departments use to connect laptops, DVRs and other devices carried in vehicles to the city’s computer systems. However, the technology also poses an enormous security risk. It’s also possible that devices that provide minute-by-minute ‘situational awareness’ information to police have internal resources available over IP addresses making them vulnerable to hackers and the cyber world – the protectors need protection!
Law enforcement agencies that operate mission-critical information technology (IT) systems without adequate security controls in place put the public, themselves, and our government at extreme risk. Data contained within these systems are extraordinarily sensitive and mission critical. Having effective information technology security policies is essential to protecting the information assets of an agency from accidental or malicious compromise. The fact is that these units need cyber protection too. It’s like arriving to a dangerous scene wearing no armor, with no weapon or back up….Yikes!
Things to consider:
1.) Develop your Security Policy Development Team.
2.) Establish key phases of the IT security development and implementation process.
3.) Conduct a self-assessment, which provides a status report of your current system.
4.) Through a risk assessment, determine what security exposures exist in your IT systems, using findings from the self-assessment
5.) Develop and implement an ongoing measurement process to ensure that the controls are effectively mitigating the risks such as technologies and process based solutions.