Written by: Jule Pattison-Gordon
A resident or business that’s suffered a ransomware attack or other cyber crime might react the same as they would to other crimes: by calling 911.
But in Texas’ smaller, rural communities, the officers first arriving on the scene often don’t know what to do.
“We were hearing from the West Texas law enforcement folks that their deputies or the officers would go out there and just would kind of be like, ‘I’m sorry, we can’t really investigate that; we really don’t know what to do/how to handle that,” said Chris Jett, a training manager at Texas A&M Engineering Extension Service (TEEX) who previously worked in local law enforcement.
“I think a lot of cyber crime, probably, in Texas is being under reported just because the first responders — the first ones on the scene — just don’t know how to handle it, how to identify it, and which laws apply,” Jett said.
This problem came to the state’s attention last year, when one of the Texas Councils of Government (COGs),orregional planning commissions, first raised the issue, said Tony Sauerhoff, the state’s deputy CISO and cybersecurity coordinator. When Sauerhoffasked the state’s other 23 COGs about their experiences, they all reported the same struggle.
Texas officers aren’t required to learn much about cyber crime, said Gretchen Grigsby, director of government relations for the state’s law enforcement regulator, the Texas Commission on Law Enforcement (TCOLE).
“The world of cybersecurity and cyber crime investigations is rapidly evolving, and many courses exist in this space,” Grigsby said in an email. “At this time, however, the only statewide requirements are a couple of references in the basic peace officer course related to identity theft and missing or exploited children.”
A new free training aims to help fill the gap.
The Texas Department of Information Resources (DIR) reached out to TEEX, and the two teamed up to tackle officers’ cyber knowledge gap. They jointly created anIntroduction to Cyber Incident Investigation for Law Enforcement course andlaunched it last week as a free, four-hour online training.
The course is asynchronous so that officers “can take it whenever, on a slow night or something like that,” Jettsaid.
The new course isn’t obligatory, but officers get continuing education credits for completing it, and it can provide much-needed guidance.
The training guides officers on topics like handling digital evidence, preventing and recovering from cyber incidents, responding to cyber incidents, and understanding which state criminal offenses apply to cyber attacks.
The course is particularly designed for smaller law enforcement agencies, which are the ones least likely to have their own cyber crime investigators, Jett said.It aims to give the small agencies the resources to start their investigations. Depending on the severity of the incident, those agencies may wish to then get in touch with others, like state or federal cyber units or larger localities that have their own cyber crime units and can help analyze the digital evidence.
The training was originally envisioned for the uninformed officers who would be the first ones arriving on the scene and taking a report, but it can be helpful to others, too. It could help telecommunicators taking residents’ 911 cyber crime calls better know what questions to ask, for example, and administrators who brush up on cyber may then be better positioned to identify where personnel need additional cyber trainings,Jett said.
FIRST RESPONDERS’ CYBER NEEDS
When an officer arrives at a home or small business to respond to a cyber crime, they are immediately faced with practical questions they haven’t always been prepared to address.
Questions can be things like, “what to do with the computer — it’s as simple as that,” Sauerhoff said. “Whether to shut down the computer or not shut down the computer. How to close it up and transport it, and where to transport it to. Who to call for support. Those types of really, really basic things that cyber professionals kind of take for granted. We’ve had to start there.”
The training explains things officers should look for when doing an initial cyber incident investigation, Jett said. For example, “if it’s the computer system that’s compromised, treating that as the crime scene — so documenting what’s on the screen, what devices are attached, who’s had access, etc., etc. Just the typical investigative questions, but in the context of dealing with a cyber incident,” he said. The course also explains the kinds of digital evidence to look for and how to collect it, if needed.
The materials cover another fundamental issue, too: helping officers identify whether a cyber incident has indeed occurred and whether it counts as a crime, Jett said. Computer breaches are specifically dealt with in Texas penal code, for example, and other non-cyber-specific laws may apply to a particular incident, too, such as those around theft, fraud and child pornography.
Course participants also get a guide to additional resources, including contact information for state and federal cyber divisions they may wish to engage with. A cyber crime that appears to be part of a nation-state attack or which impacts critical infrastructure should be reported to federal authorities, for instance.
Finally, the course prepares officers with some basic cyber hygiene guidance to pass on to the constituents who had called 911, to help reduce the chance of being re-victimized.
While the training is aimed at dealing with cyber crime, it can also help officers respond to other crimes as well: In today’s digital-infused world, most offenses involve digital evidence that officers need to know how to collect, Jett said.
“Even crimes that aren’t specifically a cyber incident are going have digital evidence attached to them,” Jett said. “[For example,] if somebody’s keeping records of their bad deeds on their computer or their phone [or] thumb drives, things like that.”
DESIGNING THE TRAINING
Texas DIR and TEEX designed and tested the training’s content and course flow with input from COGs and local law enforcement representatives like a sheriff and a police officer from a small city, Sauerhoff said. Jett expected partners would revisit the course in about a year to update content, as the cyber landscape is frequently changing.
The state and TEEX have just started getting the word out, with Jett planning to promote it at a sheriff’s conference in July. In the first six days since the course’s launch, 21 people signed up, Jett said.
The offering is also freely available to the general public, although Sauerhoff noted that sections about the Texas penal code may feel a bit dry to them.
This article appeared on Emergency Management News and is shared with consent: https://www.govtech.com/security/texas-training-prepares-police-to-respond-to-cyber-crime