Protecting confidentiality on police networks
Greater shared access to central information is a huge advance in UK policing, but it requires the most stringent safeguards be put in place, explains Stephen Lewis.
Greater shared access to central information is a huge advance in UK policing, but it requires the most stringent safeguards be put in place, explains Stephen Lewis.
Historically, police networks were secured to standards decided by each individual police authority under guidance from the then Police IT Organisation (PITO) since replaced by the the National Policing Improvement Agency (NPIA). So, although there were many similarities, each police force had its own set of solutions deployed on its own network but with access to some central resources, such as the Police National Computer (PNC) and databases on the Police National Network (PNN).
Obviously, communicating between forces proved challenging at best under this infrastructure. So, more recently, there has been a welcome drive to change the structure by moving existing networks towards a new, national standard. This has been led by the NPIA in a move to establish a new set of standards consistent with national government information assurance (IA) policy and, therefore, supporting consistent national standards across the police service.
At the heart of the new set-up is the Police National Database (PND) that aims to provide a single access point for searching information held across all of the forces main local operational information systems and national police systems. Its aim is to improve the management and sharing of information and intelligence by the police service at national and local levels and to ensure national consistency. After all, a common standard for police information management must be a good thing.
This is at the heart of the recommendations laid out by the Sir Michael Bichard inquiry into the Soham murders, where easy and quick access to information across forces would have significantly assisted in the investigations. In fact, his findings led to the creation of the PND and all forces are expected to have the technology in place during the course of this year to support this centralised approach to information storage and access with the appropriate security to ensure the PNDs ongoing integrity. Accurate information is the lifeblood of policing and it is incredibly sensitive in its content. This means that confidentiality is paramount.
However, although this approach makes a lot of sense, there are, as always, stumbling blocks along the way.
The first, and probably most applicable at this point in history, is the cost involved in moving to a new set of standards. Finding budgets to upgrade and/or adapt networks is never an easy task for individual police forces.
Also, having a common repository for information raises the sensitivity of the data well above that of the normal day-to-day material processed in a police force. This can create tensions when police forces need to work with external agencies and the general public whose level of authorised access to information may be much lower than is required by the new structure.
The increasing need to store and access confidential data is something that can be, and is being, supported by technology as terminal equipment and network protection are being upgraded to meet more exacting standards.
The greater shared access to central information is a huge advance in UK policing but it requires the most stringent safeguards be put in place to protect the sensitive information involved in police investigations.
And police forces must often work under difficult circumstances, so they need technologies that are easy to use, robust and readily available, yet secure enough to work over some of the most vulnerable transports, including WiFi, 3G, general packet radio service (GPRS), Internet, broadband and even satellite.
At the same time, network administrators must manage complex, cross-domain authentication and highly granular access policies to ensure that users interact with only the specific resources that they have been cleared to use.