IOCATA 2016
Home Europol Twitter Europol facebook Europol LinkedIn

This section provides an updated law enforcement view on the interlinked topics of the Internet of Things, Big Data and Cloud computing and services172.

The growing adoption of the IoT further contributes to the convergence of people, processes, data, and objects to deliver new or enhanced services such as precision personalised medicine173, and provide improved contextual awareness and decision support. This not only introduces cybersecurity risks and ethical questions but also creates a number of challenges in terms of identity, privacy and trust.

Cloud computing and services provide the environment needed to support the storage and distributed processing of the data collected via the IoT. This links it to the concept of Big Data, which in essence is about new ways of analysing, visualising and leveraging large amounts of data in real-time or near real-time.

These concepts are a driving factor behind new types of ‘critical infrastructure’ such as smart cars, smart ships174 or smart cities. However, they also play a crucial role in more conventional types of critical infrastructure, as more and more smart and connected sensors are being used in such settings too.

For law enforcement, Big Data, the IoT and the Cloud are no longer emerging threats but feature regularly in investigations. While there has been some improvement in terms of law enforcement’s ability in dealing with these threats, the dominating view is that police are still playing catch up in these areas.

As more and more relevant data will be located in the Cloud, cross-border cooperation to access electronic evidence and legal assistance will become even more critical. Consequently, some of the key concerns raised by law enforcement were around the perceived inadequacies of the MLAT process, difficulties in international cooperation and technical and procedural difficulties in seizing evidence stored abroad.

Criminal abuse of the cloud img

Criminal abuse of the cloud

More than 30% of European countries have investigations involving criminal infrastructure abusing the Cloud. For most of the reporting countries, the threat is medium to high and increasing. Nearly 50% of law enforcement in the EU reported the need to gather evidence from the Cloud during investigations and a small number of countries additionally reported investigations into attacks against Cloud providers, involving, in one instance, a ransomware attack.

For law enforcement, this is an increasing issue, which comes with legal, operational and technical challenges. While about half of law enforcement cooperates with academia and industry, only 41% of the reporting law enforcement agencies provide training on this topic to staff

Criminal abuse of the IoT img

Criminal abuse of the IoT

Over half of European law enforcement agencies surveyed indicated that many investigations involve smart devices, mostly in the form of smartphones. Nine countries also reported investigations into attacks against smart devices.

The IoT presents a growing number of legal and technical challenges including closed/proprietary systems and communication protocols (and the variety of operating systems), making standardised analysis difficult (e.g. requiring live data forensics). Moreover, encryption, fast development cycles and the rapid introduction of new products and a lack of training and education are additional issues.

While 68% of law enforcement cooperates with academia and industry in relation to the IoT, only about 32% of the reporting agencies provide training in this area.

Big data img

Big data

The increasing digitisation of evidence creates substantial volume challenges for law enforcement. The reported average volume of data per investigation is now close to 3TB and it is expected that this figure will continue to rise.

48% of the responding European countries cooperate with academia and industry on Big Data and/or provide training. However, only 24% of these countries use Big Data analytics as part of their work in, for instance, the identification of crime hotspots.

Law enforcement has highlighted a number of challenges in relation to Big Data such as the difficulty in seizing large amounts of data in a forensically sound manner. The subsequent analysis of the data also takes proportionately longer. Other issues include lack of tool support, hardware and software costs (particularly data storage costs including backup solutions), legal and privacy issues (such as how to protect personal data) as well the need for specialist skills and training.

Future threats and developments img

Future threats and developments

The increasing amount of data that is being collected and processed via the IoT creates new privacy, cybersecurity and trust issues and risks. Because of the scale of the IoT, trust between different devices and across different platforms can be hard to engineer and expensive to guarantee.

The decision support and contextual awareness offered by smart devices will make them and any supporting infrastructure a target for criminal data manipulation too.

It is inevitable that the new types of ‘critical infrastructure’ created by the IoT, as well as existing infrastructures, will be the targets of novel hybrid threats such as new forms of extortion involving hacked smart devices (ranging from very small medical devices, to smart cars, smart container ships and smart cities), data theft, attacks resulting in physical and mental harm, and new types of botnets175. Such attack scenarios would not be limited to a particular category of attackers or a particular set of motives.

New approaches to increasing cybersecurity for the IoT and to establishing trust and ensuring privacy in the decentralised network it creates may include the use of the blockchain or Distributed Ledger Technology (DLT)176. DLT can potentially provide a framework to facilitate transaction processing and coordination among interacting IoT devices. It may also be applied to ensure that the operating system and firmware used in a smart component of critical infrastructure has not been tampered with.

An area of particular concern is the field of biosecurity and the link to the increasing market of private companies offering DNA sequencing. Unlike stolen credit card information, someone’s DNA fingerprint cannot be ‘invalidated’ once it has been leaked.

  1. Security Intelligence, The Threat From Weaponized IoT Devices: It’s Bigger Than You Think!, https://securityintelligence.com/the-threat-from-weaponized-iot-devices-its-bigger-than-you-think/, 2016 footnote 75
  2. CoinDesk, IBM Reveals Proof of Concept for Blockchain-Powered Internet of Things, http://www.coindesk.com/ibm-reveals-proof-concept-blockchain-powered-internet-things/, 2015 footnote 76
Recommendations img

Recommendations

  • Supported by a pro-active, agile and adaptive model, law enforcement requires the relevant training and skills to be able to effectively investigate crimes involving smart devices, including seizing evidence stored in the Cloud. This should also cover the use of new technologies and possibilities such as Big Data analytics to support the work of law enforcement.
  • Law enforcement should further strengthen collaboration with industry, the financial sector and academia with a view to achieving improved technology readiness and developing the required preventive and investigative capabilities.
  • Research should be stimulated into Big Data analytics, machine learning and Artificial Intelligence (AI) approaches with a view to improving cybersecurity and law enforcement work through better threat detection and prediction, intelligence collection and analysis, and faster responses.
  • Law enforcement needs to dedicate resources to further building and enhancing the necessary skills and expertise and to acquiring the tools needed to process, index, analyse and visualise large amounts of data.
  • As already highlighted in previous reports, security-by-design, security-by-default and privacy-by-design should be the guiding principles when developing smart devices, making use of standards, industry best practices and recommendations177.
  1. ENISA, Securing Europe’s IoT Devices and Services, https://www.enisa.europa.eu/events/copy_of_enisa-workshop-on-cyber-security-for-iot-in-smart-home-environments/1-enisa-securing-europes-iot-devices-and-services, 2015 footnote 77
law enforcement
Open image in new tab Challenges for Law Enforcement
  1. IOCTA 2015, https://www.europol.europa.eu/iocta/2015/big-data.html, 2015 footnote 72
  2. Keith G. Kozminski, Biosecurity in the Age of Big Data: A Conversation with the FBI, http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4710219/, 2015 footnote 73
  3. BIMCO, Cyber Security Guidelines for Ships Launched Today, https://bimco.org/News/2016/01/04_Cyber_security_guidelines.aspx, 2016 footnote 74