Michael O'Connell, Vice President and Executive Advisor of NEC Corporation speaks at the II International Security Symposium on 19 and 20 March.
During his presentation, he shared the importance of using biometrics to ensure the work of law enforcement agencies, ensuring unrivaled agility and accuracy in preventing and combating cybercrime.
Reach out at safety@nec.com.sg if you would like to have more details.
SQL Database Design For Developers at php[tek] 2024
Global Risks Policing Cyber-Physical Fusion
1. The global risks to policing from the
fusion of the real world with cyber space.
Michael O’Connell, Vice President and Executive Advisor
NEC Corporation.
Distinguished guests, ladies and gentlemen.
It is my great honour to be here today to share an insight into the global risks posed to policing from the fusion of the real world with cyber space. This will include a deep dive into a specific crime threat to look at its transition into the cyber world, delivering fresh challenges and increased harms to the real world.
We will then look at new capabilities that permit us all an opportunity to innovate and solve not just todays but also tomorrows challenges and mitigate risks to our common security needs.
Having previously been a senior UK police officer and formerly a Director of Operations at INTERPOL I am now please to be with NEC, a strategic partner to INTERPOL and the global policing community, and an active friend and partner to the Federal Police and Government of Brazil, bringing innovation to public safety.
So firstly lets look at the global challenge:
In the past those of us from the law enforcement community and to some extent the national security space used to view our threat spectrum through the prism of crime and terror, or war and civil unrest, which was predicated as physical, real world threats.
Now though we have seen over the past decade through globalisation, digital transformation, mass migration, the economy and a changing geopolitical order the threat radar is far more complex than it ever was. It is now displaying a significant shift into the cyber world.
As recently reported through the World Economic Forum’s Global Risk Register and subject of heated discussions at the UN, the INTERPOL General Assembly in Dubai in November and the gathering of global leaders at Davos, Switzerland, the challenge is somewhat multi-dimensional now, leading us onto an interpretation that we are faced with seismic changes through what has been termed ‘Globalisation version 4.0’.
It challenges some of our past assumptions on risk.
When we look at recent international surveys on public perceptions of what they regard as primary risks we see some surprises:
With terror attacks accounting for a response of only 20%,
Violent crime 30%,
Yet these used to be the primary occupation of our security strategists, perpetually within our ‘top ten’, but it seems they’re not the primary concern to many of our citizens today:
Instead we see their greatest concerns in their ‘top ten’ are;
Cyber attacks for the theft of identity and fraud at 82%
Cyber attacks leading to disruptions to critical infrastructures and business at 80%.
Clearly demonstrating the fear and threat our citizens have from the cyber world.
You will also see at large scale migration and natural disasters which brings in a wider context to our physical world.
Another interesting observation was a loss in confidence in collective security alliances with a response rate of at 73%.
Does this suggest that the formula we are using to protect is not effective enough for our citizens now to have confidence in? Do we need to change? Do we need to redesign our energy and innovation in a different way to bridge the gap between the real and cyber world?
Following on with this theme of the physical and cyber world we are confronted with new challenges:
These reprioritised interpretations of risk from our citizens signpost a new concern. The physical related to natural disasters which can lead to destruction of cities, forcing mass migration, which can and often do lead onto a potential significant loss of life, and civil unrest.
Followed by the growing fear of how we better protect our physical and cyber borders, including how we prevent a biological attack or natural pandemic. This threat demonstrates the clear bridge between cyber and real world problems, as it has the potential to be physically brought to our shores or the knowledge transferred across the cyber border to permit domestic creation and delivery.
Regional threat assessment including Europol’s IOCT 2018 and Trend Micro’s indicate the growing significance of Africa as a source of both cyber enabled and increasingly cyber-dependent crime. This trend continues with West African OCGs being increasingly sophisticated in cybercrime. While ‘traditional’ social engineering scams still epitomise the crimes associated with this region, social engineering combined with technical attacks involving malware are becoming more commonplace.
Within Europe the majority of cyber threats continue to emanate from within Europe, either domestically, or from other European countries. The current emphasis on the use of email as an attack vector is clearly demonstrated in some of the trends highlighted by industry. Austria, Germany, Hungary, Italy, Russia, Spain and the UK, had some of the highest global rates of malicious emails containing malware, while Ireland, Norway and Sweden similarly had some of the highest global rates of email containing malicious URLs.
Moreover, the Netherlands, Hungary, Portugal and Austria, also suffered from high global rates of phishing emails. In some cases this was exacerbated by some of the world’s highest rates of spam.
These attacks also account, at least in part for the fact that a significant proportion of global attacks originating from compromised IoT devices stem from a number of Europe countries. Moreover, some EU countries, such as France and Germany are significant global sources of spam. Law enforcement outlined a wide variety of cyber-attacks emanating from other European countries, although there was strong emphasis on various aspects of payment fraud. In this regard, Bulgaria and Romania were highlighted as having a key role.
When we cast the spotlight onto the Americas, particularly the USA, it continue to be both a key originator of global cyber-attacks and a target for cyber-attacks originating both domestically and from overseas. Industry reporting indicates that the USA and to a lesser extent Canada, is a primary target for global ransomware attacks. The USA is also the top focus for attacks by targeted attack groups and mobile malware. The USA has been the world’s second largest host of botnet-forming compromised IoT devices since 2016. Moreover, the APWG identifies both the USA and Canada as top countries for the hosting of phishing sites, with the USA dominating those figures by some margin.
Latin America also features heavily in cyber security reporting. Lack of adequate cybercrime legislation has resulted in Brazil being both the number-one target and the leading source of online attacks in Latin America; 54% of cyber-attacks reported in Brazil allegedly originate from within the country.
Similar to the USA, Brazil is also a top host of phishing sites, with some reporting putting Brazil as one of the world’s top ten originators of all cyberattacks.
The profile of Mexico is becoming increasingly prominent, with Mexico suffering from the largest number of cyberattacks in Latin America after Brazil. Both Brazil and Mexico suffer from malicious URL containing emails, which are coupled with some of the world’s highest rates of spam.
The primary threat coming from the Americas as a whole, from a law enforcement perspective, relates to various aspects of payment fraud.
Over in the Oceania region it still suffers from cybercrime internally. The major cyber-threats reported by the Australian Cyber Security Center (ASCS) mirror those reported by the EU – ransomware, data stealing malware (including the mobile variety), social engineering, DDoS, supply chain attacks and growing levels of state sponsored activity.
Based on industry reporting, cyber-attacks directed towards Asia countries appear to follow a different profile and methodology compared to those commonly encountered in Europe. While emails loaded with malicious attachments are still noted in several south-east Asian countries, the use of malicious URLs to the same effect appears to be very limited. However, higher rates of phishing, particularly again in Southeast Asia, suggests that compromised credentials are still highly valued.
China also has one of the world’s highest rates of spam. Asia also appears to be one of the primary regions subjected to targeted cyber-attacks. While the US was top for such attacks, seven Asian countries featured within the top ten. Asia is one of the regions particularly plagued by mobile malware, with several Asian countries featuring in various top ten lists of mobile threats, although that particular threat is concentrated in the US. China is also consistently the home the highest number of botnet-forming IoT devices, by some margin.
So we can see it’s a complex threat environment.
So how do we ensure we design out ineffective structures that may be enablers to this mutli-faceted threat arena?
How can innovation help us solve these future challenges?
How can we channel this innovation to derive rapid impact?
In response to this challenge, let me share with you my thoughts on how we can channel innovation to create maximum impact.
We transform to innovate:
At the heart of any resilient transformation, that permits us a better opportunity to respond, has to be a fresh look at our structures.
If the foundations aren’t strong, whatever we build will be at risk of collapse or weak in its response to the threat and risk thrown at it.
We at NEC advise on creating a new integrated response, which channels your capability to maximum effect.
We define this around three trends that deliver a better security resilience;
IOT – security around the internet of things, or internet of threats as it is often referred to.
IAC – enhanced inter-agency collaboration. Which has to incorporate industry and academia.
This was most recently supported in the comments from the Executive Director of Europol Ms Catherine De Bole who commented in their recent 2018 IOCTA - cyber threat report where she stated;
“Only if law enforcement, the private sector and the academic world work together closely can cyber crime be combatted effectively”.
And finally,
ICP – the integration of cyber and physical security systems and practices.
Combining these three elements we can deliver a cultural change to our policy framework, operating practices, and tactical response. Designing out silos, inefficiency and creating a new order to how our citizens can embrace their new economies and communities with confidence, which are safe and resilient by design and protect their digital identity.
Now I would like to take you on a deep dive and look into a specific crime area that clearly demonstrates the challenges from the criminals exploiting the cyber world to enhance their opportunity to generate vast illegal profit and hurt the innocent in the real world.
A prominent area of harm and exploitation remains modern day slavery and human trafficking or people smuggling.
It is an age old problem for policing, border security agencies and governments.
Here we will look at the current situation and how it demonstrates the challenges faced by investigators from the fusion of the cyber and real world. We will also explore new policing practices that can improve positive outcomes for justice and most importantly the victim’s of these crimes.
The threat from this crime type is well defined especially when we look at the recent joint publication from IOM and its Global Migration Data Analysis Centre (GMDAC) that reports on their assessment of global migration indicators.
We can draw a deep learning from the headlines (open discussion on data).
Importantly we should also pay attention to the well known underlying causes and effects.
Primary drivers to mass or irregular migration remain steady with natural disaster, poverty, economic drivers, crime and terror.
What is changing though is the operating environment this all takes place within.
Whilst we can note that the migratory and transportation flows follow those of the global economy they utilise a complex diversity of levers to facilitate this travel.
Through both legitimate and illegitimate channels these levers include corrupt officials, counterfeit documents, political impotence, organised crime and terrorism networks. On top of these are the evolving technological capabilities that enable mobility, communication, financial exchange and encryption.
Throughout all of this is a common outcome – victimisation of the vulnerable and innocent, and profiteering for the criminal.
Whilst there is good news in that we are seeing an increase in the conviction rates for those who traffic humans, it also probably speaks to the fact that we are seeing an increase in volume of offending.
To note though is the growing concern that with each success as ever comes a deeper education for the criminal networks in the techniques and tactics we adopt to deter and detect. This leads to making the work of the investigator more challenging. They need to be smarter, more collaborative with partner agencies and importantly also joining forces with academia and industry to modernise the response.
To demonstrate the increased complexity to the job of the investigator, in the past we used standard tactics to monitor and detect criminal behaviour. Through basic physical surveillance of association and activity in the real world we could identify and detect. This evidence could then be enriched with telephone intercept and financial intelligence.
Now though as we can see here with the evolution of the cyber world we have a proliferation of communication channels, most utilising a form of encryption, low cost smart phone communication platforms and wifi access points that reduce the opportunity for physical surveillance and making identification of offenders even more challenging.
The use of encrypted devices is prolific amongst Organised Crime Groups involved in People Smuggling/Human Trafficking. The devices are used by criminal groups and migrants for the purpose of avoiding detection by law enforcement and also because they are a less costly method of communication.
The most frequent platforms used by OCGs can be split into three main categories.
1. Advertising/public side of the OCGs, i.e. OCGs advertise to vulnerable groups and possible clients online. OCGs also advertise job opportunities and/or find associates for the ‘lawful’ side of their activities.
2. Secure means for organising and communicating between the members of the OCG or other affiliate OCGs.
3. Use of publicly accessible and available platforms to avoid law enforcement detection and facilitate cross border/maritime travel.
It is usual that some applications and platforms fulfil more than one strand of their MO.
The most commonly used platforms for the first strand include, Facebook, VM, Twitter, Telegram, snapchat and Instagram.
For the second strand the majority of OCG members use: Facebook messenger, Viber – as seen between Greece and Turkey as an example, and WhatsApp – usually if there are connections with the UK, South America or some Northern European countries, IM and Skype.
Other applications used as an aid to organise their illegal activities include Skyscanner, Google maps and other GPS location applications and online platforms. All messaging apps offer end to end encryption thus OCGs and migrants do not use standard text, again both to avoid detection and save costs.
In regards to the third strand there are a variety of weather applications used such as, imo(international maritime organisation), Seaconditions, and other live boat positioning platforms. Some OCGs also monitor media using applications like CNN, Euro TV live, BBC, Euronews, national news agencies, GLWiZ and region specific media applications, as well as Twitter.
The use of foreign Sims is also a method employed by Organised Crime Groups in an effort to avoid detection. To date we are seeing little use of the Dark Web by People smuggling OCGs including document providers. There also has been little use of the Dark Web/TOR, and or dedicated encryption devices such as Black Berry Messaging (BBM).
The use of Sat phones are predominantly observed in the North Africa/Southern Greek Islands, or Turkey to Italy maritime people smuggling routes, also the vast expanses of South America, however the use of Sat Phone is less frequent by Organised Immigration Crime Groups in comparison to OCGs involved in International maritime drugs smuggling.
So we now have to embrace even more innovative investigative practices.
There is the necessity to bridge the physical world with the cyber to permit investigators the opportunity to monitor, deter and detect.
This cannot be achieved in isolation and requires a enterprise approach utilising government agencies which include law enforcement, academia and industry.
The challenges are significant, not just in the volumes of those being trafficked, but establishing the pathways for their mobility, and their new community, marketing and the contact points the traffickers utilise in the real and virtual world.
All this generates huge amounts of data that investigators need to understand, assess and then prioritise for response.
To build new capabilities you need a strong foundation of R&D.
NEC has developed a network of 9 global research labs that employ over 1,000 research professionals, allocating over $1 Billion or more than 5% of NEC annual revenue to innovation and developing solutions that contribite to society.
Of particular note is a wide portfolio of capabilities that aid investigators and the police community to stay ahead of the technology wave that the criminals exploit.
Looking to solutions from new technology and innovation we have to create new mechanisms to advance policing. Firstly lets look at the cyber world.
A growing good practice is the establishment of national cyber intelligence centres. These should embrace the 3 dimensional partnership approach between State, Industry and Academia.
In Japan NEC is pleased to be at the heart of this development with their Police at their national centre JC3 . It has the direct attention of the head of Government, which is of critical importance, with the Prime Minister chairing meetings. This reinforces the importance to maintain an eye on the cyber world risks in the same manner that you would the physical world.
This capability needs to be connected to a wider global expertise that permits a global response as you can see. We have direct links to many of the key global and regional nodes engaged in policing these threats. This model we are now promoting and building out at other global locations to improve scale and reach.
One of the new locations we have supported expansion of this cyber capability is Rwanda, in collaboration with INTERPOL, Rwanda’s national government and police, an funding from the Japanese Overseas Development Administration.
Since 2016 we have been working collaboratively to create a regional centre of excellence that can be utilised not just for national cyber defence and investigation but also to project out to other cyber nodes we seek to support in the region. Through these we have a better chance to monitor and detect the threats for the virtual world that impact on the real world like Human Trafficking and other related threats.
From creating the cyber nodes to police the virtual world, we then need to bridge this into the physical world and adopt new detection and surveillance techniques to aid investigators, manage the data volumes and the use of multiple identities.
The most recent innovation in this regard is the role that AI and Machine Learning can have .
Here you will see the evolution of this capability with NEC.
We commenced the journey with “Visualization“,
starting from research in technology used to automatically read strings of postal destinations.
From here we invented highly-precise Fingerprint Identification and Face Recognition technologies. Now providing Iris and other detectors.
Then with “Analysis”, we have been engaged in analytics technologies including Deep Learning and Machine Learning since 2000.
And since 2010, we are working on research and development in technologies for “Prescription” and have created self-developed algorithms.
It is through the utilization of AI that we can better fusion multi modal data and surveillance streams to improve our understanding, analysis and permit consolidation for the investigator; and permit them the opportunity to make better and more agile decisions for action to detect and detain.
As an example ‘NEC the WISE’ technologies are used to convert real and cyber world data to create improved values. Improving outcomes for the investigator and the victim. Protecting borders, and bringing more offenders to justice.
It is by the fusion of these capabilities that we can start to transform our cities and make them safer. Noting it is the cities that are often the primary destination for all the trafficked victims, to permit them to gain employment or be put to work and exploited to generate the vast illegal profits for the organised crime groups, or become active for terror cells.
Also its important to note that forecasters are predicting that two-thirds of the worlds population are expected to be living in cities by 2050. So we need to get this right.
To build better resilience to our future threats and channel the innovation, we need to build integrated and smart communities. These multi-sensory environments permit rapid detection, response and intervention to threats, as well as advanced learning to build better protection.
19
So to draw in key findings and my assessment, it is clear we need to continue on our progress to close the gap between the cyber / virtual world and the physical world. This needs to inform the creation of new investigative practices that have both a global, regional and local impact.
It will necessitate a further refinement of the policing culture and practices to change the skill set; talent; education; skills and capability that a new policing team will require to police a new global community. It requires challenging our old methods and the courage to test and refine new practices to get ahead of the threat curve.
Not least of which is the critical importance to join better with industry and academia through trusted partnerships, as we can’t do this alone.
Finally, as discussed I take a quick look at what a trusted partner to law enforcement and government may look like to support new public private partnerships?
There are other great examples both here and elsewhere, but from an NEC perspective I hope you can understand the energy we invest into providing a credible, trusted partner to this most important work. We deliver high end capability and technology to support policing and national security challenges across the globe and look forward to a brighter future together.
Distinguished guests, ladies and gentlemen thank you for your kind attention.
I hope this presentation has been of some value to you in explaining what I perceive is the challenge between the cyber and real world. Importantly, the value that new technologies and policing practices joined with industry and academia can deliver to better assist the investigator in detecting global crime and terror.