Capability: Digital Forensics
For those watching what seems like a proliferation of Police dramas on television, you might be impressed by how easily data is shared between partner organisations: Officers tap into numerous IT systems to retrieve vital information that is key to solving their case.
Sadly, as you would probably expect, the reality is somewhat different.
Data sharing
The Digital Government report from July 2019 highlighted that data sharing is key to ensuring that digital Government can be transformative. It enables departments to work together to produce efficient public services that work for the citizen, thus improving the citizen-Government relationship.
The new National Data Strategy also recognises the importance data has to play in enhancing economic competitiveness and productivity across the UK economy, through new data enabled business models, and the adoption of data driven processes.
Data sharing has long been discussed within Policing. One of the key recommendations of the Bichard child protection inquiry in 2003 was that all forces across the UK should improve how they collect, store and share data.
In 2005 the Information Systems Strategy for the Police Service (ISS4PS) highlighted “The importance of a national approach to information sharing is now uppermost in current strategy for policing as reflected in the National Policing Plan.”
The following year the National Policing Improvement Agency (NPIA) Guidance on the management of Police Information talked of effective Policing relying on the Police Service to communicate and share information with other forces and partner agencies.
Fast forward 15 years and the National Policing Digital Strategy 2020-30 prioritises the need to deepen collaboration with public sector agencies to unlock effectiveness, by developing ‘fluid’ data and insight exchange, within appropriate ethical and legal boundaries.
Collaboration is necessity
No-one can fail to notice the masses of data that is being created today and the fact that it is growing at an unprecedented rate.
Over the last 15 years, Policing has also started to see an explosion in the data that it holds. Allied to this is a growing pressure for them to start to utilise and share this data to their advantage.
Citizens are starting to demand and expect more from the Police service. With resources more stretched than ever, Police are now having to look at new ways of working – becoming smarter in utilizing the information they have available to them and sharing it to obtain greater insight.
No-one can accurately predict how the next 15 years will unfold, but as digital trends rapidly evolve across all areas of our lives, the abundance of data and the vast array of sources from which it emanates will continue to grow.
For a long time, public sector bodies have been locked into the mentality that they need to be autonomous in their operation, harbouring their own data and with the ideas of collaboration and sharing being forced rather than instinctive.
More recently though, policing as with all public sector, has seen austerity and the ever increasing need to save money as a driver towards more collaboration and data sharing.
A by-product of this is the ability to provide a better-quality service and a more rewarding citizen experience. Agencies are provided with a more holistic view of the individuals they are dealing with and their circumstances, allowing them to make better informed decisions.
Given this win, win scenario, it seems like a no-brainer, doesn’t it?
Why’s taking too long?
If the idea of collaboration and sharing of data is clearly beneficial on a number of levels, why have we been discussing it for so long without taking any action?
The biggest obstacle to collaboration and data sharing is arguably a wealth of stand-alone, legacy applications that exist within Police estates.
“Legacy systems are invariably built on outdated architectures with high maintenance costs, inherent inflexibility, redundant features, lack of connectivity and low efficiency. Complex application and process logic is often hard-coded and undocumented.”
Gartner Oct. 2019
“Legacy systems are a significant barrier to effective Government transformation and digitisation.”
Digital Government report, July 2019
Given the autonomous mentality that previously existed, Police applications were never built with collaboration in mind.
This means that these legacy systems don’t easily provide the ability to interact and share their data with other applications – they are siloed, with the data being accessible only by the application to which it relates.
All is not lost however. There are numerous different approaches we can use to help create interoperability and integration for your legacy applications:
- Rehost: redeploy the application component to other infrastructure (physical, virtual or cloud) without modifying its code, features or functions. This allows significant, short-term technology benefits without altering the application code base. Benefits of migrating to the cloud include: Improved application resilience; Disaster Recovery; Scalability; Accessibility.
- Re-platform: migrate to a new runtime platform, making minimal changes to the code, but not the code structure, features or functions. This enables the application to run on modern technology framework while limiting the requirement for a major development project.
- Refactor: restructure and optimize the existing code (although not its external behaviour) to enable data sharing and improve non-functional attributes. Refactoring focuses on breaking up the legacy code base into smaller manageable modules allowing consistent improvements to the application through small, iterative release cycles.
- Re-architect: materially alter the code to shift it to a new application architecture and exploit new and better capabilities. This will leverage and extend the application features while introducing new integration concepts to promote data sharing and deduplication. Where appropriate an Application Programming Interface (API) would be developed to allow data sharing between application/modules over a secure HTTPS protocol.
- Rebuild: redesign or rewrite the application component from scratch while preserving its scope and specifications. When deciding to rebuild an application, consideration should be taken to ensure the architecture is designed in a modular, scalable fashion promoting data sharing and future integrations using a combination of APIs and messaging architecture.
- Replace: eliminate the former application component altogether and replace it, considering new requirements and needs at the same time.
To find out more about how we could help your organisation unlock integration and interoperability, take a look at our Police page.
Digital transformation is essential for the police force to stay relevant, effective and responsive in its approach to protecting and serving the public. Over the next five years, it’s estimated that policing in England and Wales will spend between £7bn – £9bn on technology alone. However, the scale of the change poses a range of challenges for police forces.
Digital transformation has the potential to touch every part of the policing process, changing the way police work, harness data, exploit available technologies, collaborate with partner organisations and organise themselves. Each of these issues has wide reaching consequences, both for the industry as a whole and for individual officers. A responsible technology roadmap must therefore focus on the capabilities, processes and approaches that can maximise efficiency and learning across the whole policing system while meeting the specific needs of individual contexts.
Here we examine the key challenges faced when implementing new technology, as well as the ways forces can minimise risk and maximise ROI.
What are the key obstacles to digital transformation?
The challenges in modernising technology in the police force are similar to those faced by other public and private organisations. While the pace of technological development has accelerated rapidly in recent years, the pace of organisational change has, inevitably, lagged behind. This results in institutions attempting to both change their structures and processes and the technology behind them simultaneously, resulting in unclear scope, competing incentives and a lack of organisational clarity.
In the police force, this leads to issues such as:
Legacy technology limitations
Historically siloed procurement processes lead to a range of embedded tools that are no longer fit for purpose. Even systems that may have once been cutting-edge can be rendered unsuitable by a change in context, or rapid advances in technology. This leads to an inefficient patchwork of tools that don’t connect with one another, reducing efficiency and increasing spend, especially if locked-in to existing suppliers for long term contracts.
Clashing organisational structures
Structurally, the pace of change has raced ahead of the protocols that govern its implementation. This can be seen not only in the slow pace of procurement processes that can end up delivering outdated solutions, but also in the way those solutions are conceptualised. For example, there is still much to be decided on the appropriate use of how police forces use automation tools, such as artificial intelligence (AI), machine learning and the internet of things (IoT) in their role. In the absence of a clear path forward, it’s hard to take the next step.
Underinvestment in key areas
In an era of heavy budget scrutiny, public organisations of all kinds are wary of the risk of expenditure on systems that do not deliver value. While the public may be most interested in the number of frontline officers deployed, the less glamorous side of the policing – back-end infrastructure, data and communications – receive less attention, despite their crucial role in preventing crime.
Inconsistent understanding of data
The volume of data now available to businesses, consumers and public institutions is both huge and growing. While there have been promising results in steps towards using big data in policing, the real value can only be realised when aligned with a broader strategy that can source, structure, analyse and leverage data in a consistent way across different forces, platforms and contexts.
Creating a tailored transformation strategy
National policing development guidelines take into account that meeting these issues will not be a one-size-fits-all solution. The precise form and impact varies from force to force, depending on a range of factors. Moving forward requires a targeted approach that takes into account the unique circumstances of each force and deploys relevant strategies. A transformation plan must therefore include:
- Awareness of the local challenges in policing and needs of the public
- An assessment of the legacy systems in place
- Plans to leverage available skills, personnel and budget
- Appropriate timelines for change
- A definition of success and project ROI
A key element of digital transformation for police forces will be appropriate collaboration with technology and change management providers. Given the huge range of products now available, there is scope to create unique technology stacks for individual forces that nevertheless connect to and enhance the capabilities of the wider police network.
By working with an experienced provider, you can create a transformation strategy that meets your unique challenges with a combination of relevant tools and process management. Outside advisors can also help streamline the planning and execution journey by offering a strategic view as to how operational processes can change, or be adapted, to make the most of emerging technologies.
Accelerating the digital journey
With the pace of technological change showing no signs of slowing, the challenges and opportunities that digital disruption presents to policing have the potential to become defining issues for the service.
To maintain its leading position in world policing and continue to operate as an effective public service, the police force in the UK must find a way to move past the challenges associated with digital transformation and embrace the opportunities available.
CACI has extensive experience working with large scale transformation in major industries, using agile, iterative approaches to test processes, new software and collaboration strategies to deliver tangible value quickly and cost-effectively.
You can also visit our policing page to find out more information.
Policing in the UK sits at a turning point, facing a rapidly evolving world of criminal activity that demands a new approach while also contending with tight budgets and highly scrutinised use of resources. To maintain its position as a world leader in policing, it’s essential for police forces to maximise the utility of available resources, be they financial, technological or human.
The challenge for many is that the infrastructure behind traditional policing methods has failed to keep pace with rapid advances in digital technology, driven by the private sector and enthusiastically embraced by the public, businesses and criminals alike.
In order to stay relevant, forces must be able to leverage these same capabilities, both to stay abreast of criminal activity, but also to improve efficiency and effectiveness in their own internal operations and focus resources where they can make the most difference.
Grasping the digital opportunity
In order to provide the service levels that the public expect and deserve, policing methods must be closely aligned with the challenges they are attempting to solve. In 2021, that means embracing and optimising digital systems.
Digital technology is now deeply embedded within nearly all areas of our lives, and crime is no exception. It’s estimated that more than 90% of reported crime now has a digital element, whether that’s in enabling threats, increasing their complexity or generating digital evidence through devices, applications, social media or the internet.
Alongside this evolution has come an explosion in the volume, complexity and availability of data. In 2020, people created 1.7 MB of data every second. This growth in information creates an opportunity for forces to analyse datasets to discover trends, use artificial intelligence to quickly support decision making and share data instantly. However, when it comes to data, many teams are working with outdated methods.
Risks of connecting the dots manually
Recent research from 2020 indicates that a large number of forces are still relying on manual processes to manage, transfer and analyse data. 66% of respondents acknowledged that data-management was the most time-consuming aspect of the investigation process including:
- Driving around to collect CCTV video from homes and businesses
- Copying and burning CDs and DVDs
Not only does this increase the manpower required to manage an investigation from end to end, it also slows down the evidence-gathering process. Across the country, this leads to thousands of hours of time wasted on manual processes that could be automated, taking officers away from other, more valuable work.
The digital systems that are in place can also be a limitation in themselves. Procurement processes can be long and laborious, resulting in a patchwork of technology that is out of date by the time it’s delivered, and that doesn’t integrate with other systems. This leads again to manual processes plugging the gaps, whether by physical transfer of information or manual rekeying of data.
By prioritising connectivity and data currency, police forces can enable a more seamless information journey that acknowledges the reality of modern challenges while improving utilisation of existing resources.
An efficient model of digital policing
While forces and national programmes have already been delivering change through a number of individual programmes designed to improve specific processes and outcomes, an efficient solution must take a holistic approach.
As collaboration between police and other government services becomes more important, connection needs to be built into the infrastructure of policing. We suggest three key ways that departments can approach digital transformation to target efficiency gains and improved results.
Maximising cloud connectivity
In order to make relevant data as accurate, available and shareable as possible, it’s essential to prioritise cloud networking. By moving away from a hard-copy based system of discs and hard drives, teams can minimise officer involvement with data transfers and centralise information with tools such as a digital evidence management system (DEMS).
Forces should aim to adopt a “cloud first” principle for applications and data, where economical, interrogating proposed solutions for ease of use, connectivity and security. This must go hand in hand with network upgrades and security. Cloud connectivity increases the data demands on networks, with more information moving digitally.
This may require investing in specific skill sets for network maintenance and management in order to ensure that the move to cloud is not barred by prohibitive costs or poor connectivity.
Implement targeted automation solutions
As well as making data more available for teams and sharing, cloud migration also makes digital data accessible between applications and interfaces. This unlocks the possibility to automate many of the manual processes that reduce efficiency and increase lead time for key activities.
Not only does this save time and resources, but automation also reduces the chance for human error when it comes to lost files, corrupted data or delays. By leveraging tools such as automated data-sharing mechanisms and data analysis tools, forces can access the information they need in a streamlined and efficient manner which avoids duplication of efforts.
Bringing legacy systems into the now
Adding in new digital capabilities need not be a complete ‘rip and replace’ project, removing all existing digital infrastructure. By combining existing legacy systems with new connections, forces can drive value sooner while targeting progressive improvement.
For legacy platforms that are not directly integrated with each other, API-based connectivity layers can enable mediated transfer of information into other front-end applications or data layers. This shortens the time to ROI while also building foundations for future deeper integrations of systems.
Embracing digital efficiency
In a rapidly digitising world, police forces have an opportunity to take control of the way they approach and engage with the new data revolution. By deploying connected technologies and sharing insights and functionality directly through online channels, officers can work more efficiently to target the root causes of criminal activity and offer better support to communities.
CACI is proud to be working with police forces to help develop their vision through a step change in their implementation of key technologies. By working together both tactically and strategically, we can help pinpoint transformation opportunities, identify bottlenecks and improve performance.
You can also visit our policing page to find out more information.
For the uninitiated reading this, what is the cloud?
Well in its simplest form, the cloud refers to a remote Data Centre, commonly owned and operated by a 3rd party, that is used to host applications and store data that a Force would have previously provided via their own on-premise Data Centre facility.
The cloud is commonly accessed via the internet, meaning any device that has some form of internet connection can access the applications and data that reside there. That device could be a desktop in the station, but it could just as easily be a remote device such as a laptop, mobile or tablet being used out in the field. Given access is via the internet it also means that it makes it far easier to share anything that’s stored in the cloud with other entities should you wish to do so. Ideal if you want to work collaboratively with other agencies and share data.
Another added benefit is that the cloud hosting provider takes on the responsibility for maintaining the infrastructure on which your data and applications are stored, as well as being responsible for the environment in which it resides.
Cloud services are typically subscription based, which shifts the commercial model from a capital one, where the Force has a large capital outlay relating to procuring and maintaining their own in-house IT provision, to a revenue-based, ‘pay as you go’ model allowing for easier budgeting with no large initial outlay. Cloud technology also provides the ability to ramp services up and down as needed, meaning the Force only pays for what it needs, typically with a lower overall total cost of ownership.
CLOUD FIRST POLICY
Back in 2013 the Government introduced its “Cloud First” policy. Within it was a recommendation to all Public sector organisations that, they should prioritise the use of cloud when considering new IT solutions. The inference being the public cloud rather than a community, hybrid or private deployment model.
Key to this recommendation was that “Departments should always source a cloud provider that fits their needs, rather than selecting a provider based on recommendation.” I’ll come back to this point later.
The Government stated that, “By exploiting innovations in cloud computing we will transform the public sector ICT estate into one that is agile, cost-effective and environmentally sustainable.”
The benefits of having a cloud-based deployment were clearly evidenced in 2017 following the Manchester terrorist bombing. In the aftermath of the incident, the cloud based HOLMES2 (Home Office Large Major Enquiry System) was used to set up a Casualty Bureau, to support with missing persons, the identification of individuals and logging of evidence. Thanks to being hosted in the cloud, within two hours of the attack, 27 forces were able to utilise the casualty bureau to support one another with mutual aid.
Another cloud native system that will undoubtedly benefit all forces is the much criticised and highly controversial LEDS (Law Enforcement Data Service). LEDS is the Home Office’s new “super-database” for Police. It combines the PNC (Police National Computer) and the PND (Police National Database) into one data source. Although massively over budget and behind schedule, no one doubts the benefits it will bring to Policing. Given the amalgamation of the systems there will be reductions in running costs by supporting a single, far more efficient system. Police will have access to a much broader set of information, which should help in speeding up the identification of persons of interest. LEDS is to be hosted on the commodity cloud service within Amazon Web Services (AWS). This will widen the scope beyond policing in terms of organisations able to obtain access, such as the DVLA, Financial Conduct Authority, Highways England, Competition and Markets Authority and the Royal Mail.
Arguably, the cloud-based technology that has had the biggest positive impact of late is Microsoft’s 365 Productivity Services suite, being rolled out to Forces as part of the National Enablement Programme. The national lockdown that was imposed in response to trying to combat the Covid 19 pandemic, added an additional level of complexity to Policing. Whilst most things ground to a halt, criminal activity continued and so did the need to police it. By using the collaboration tools that are offered as part of the productivity suite, Forces were able to continue to operate using a virtual environment, allowing employees to come together whatever and wherever their location.
Given the exhortations of the Government and the evidential benefits of adopting cloud technology, does that mean all Forces have rushed to go ‘all-in’ pushing all their Applications and data into the cloud in haste?
The short answer is no. Despite the numerous benefits to adopting a cloud first approach, as recently as 2 years ago, reports suggested that as many as 75% of all Forces still accessed and managed their data and applications on premise. So, the big question is why?
BARRIERS TO ADOPTION: SECURITY CONCERNS
Understandably, Police by the very nature of the job they do are quite anxious when it comes to re-housing their applications and data. A good percentage of the work is sensitive and needs guaranteed security. As you would imagine, most forces were initially very sceptical that the cloud could offer the same level of security as that provided in their own on-premise data centres. Surely no-one would be as concerned about the security of Police IT than the Police themselves.
When we talk about security in this instance, it usually relates to the need to ensure that everything belonging to the force is protected from a potential data security breach. When you have been responsible for security for so long it is hard to share that responsibility with someone else and have the confidence that they will look after things as well as you do. It is also unnerving when your security is no longer fully reliant on the tangible devices sitting in your data centre, that you can see and touch with a reassurance that everything is ticking along as it should be.
In a traditional on-premise solution, IT teams must manage and maintain security at every single location and for every single application. When it comes to Public Cloud, providers don’t have visibility of where or what the ultimate endpoint is, therefore all security has to be centralised and unified, able to cater for all possibilities. This unified security approach means you may end up with access to more security than you currently have employed on premise.
Let’s just for a moment take a look at cloud security:
- Security is now a shared responsibility with the cloud vendor, meaning there is less of a burden on your IT teams and your finances.
- Updates and patches no longer have to be resourced and scheduled in by the IT team, instead being applied in a timely fashion.
- Cloud security is highly automated, meaning a reduced need for human intervention and less opportunity for errors.
- As security is centralised there are less boundaries in relation to possible end points.
- Cloud security may offer more specialised and robust options that would probably otherwise be unavailable due to cost.
- Although public cloud involves trust of a 3rd party. They are generally experts in their field and are focussed purely on security and nothing else.
- Cloud providers are now compliant with necessary regulation, meaning you can rest assured they are using best practices.
Over the last few years billions of pounds have been invested by Public cloud vendors to provide efficient data security. So much so, that cloud security arguably provides better protection than that offered by a lot of on-premise facilities. Most of the major vendors are compliant with the Home Office’s National Police Information Risk Management Team (NPIRT) requirements, meaning cloud services can now support Police Forces across the UK who require Police-Assured Secure Facilities (PASF) to process and store their data in the cloud.
A big indicator of shifting attitudes around security, is the recent decision by the Defence Digital Service (DDS), a new group in the Ministry of Defence (MOD), to shift its data for its Readiness Reporting and Deployability Discovery (R2-D2) project to a public cloud.
Phil Jones from ISS (MOD’s Information Systems & Services) stated that Public Cloud is being used by several operations and projects within the MOD to identify how new services and capabilities can be delivered to Defence. Teams are able to access accounts to the Public Cloud offerings provided by Amazon Web Services (AWS) and Microsoft Azure – this provides teams with freedom to evolve their own Services that take advantage of industry leading capabilities.
BARRIERS TO ADOPTION: CULTURE
Culture was cited as being another barrier to adoption. Historically, Forces have been quite parochial in their nature. Very much with a sense of, “This is how we’ve always done things!” or “We’ll wait and watch what everyone else does first before we decide.” This mentality has left forces lagging behind the criminals who they are trying to outwit (Who conversely, have exploited this new technology in advanced and innovative ways, making their criminal activities far more complex and difficult to untangle).
However, police culture is changing thanks to the everyday use of cloud in our personal lives. Barely a day goes by where we don’t perform some kind of interaction with cloud-based technology, passing data back and forth between applications and allowing us to do things on the move using our mobile devices, such as ordering food, making appointments and booking holidays, remember them?! We even trust the cloud to store our most precious memories in the form of photos and videos.
So, if security concerns have now been addressed and cultural views are changing, then what else is slowing mass adoption?
For those of you that read my last blog, you’ll already know the answer. However, for those that didn’t, go and read it! But in the meantime, the answer relates to the fact that a lot of forces maintain a large number of legacy applications, that were never designed for the cloud and don’t easily present themselves to being migrated on to one.
However, the aforementioned blog provides an indication as to how we at CACI can help forces overcome this obstacle.
WHICH CLOUD IS BEST?
If all barriers have been overcome and the decision has been made to adopt the cloud, how do you then go about deciding which cloud is best for you?
Let me try and explain by use of an analogy; when your child reaches a certain age there comes the time you want them to spread their wings and leave the family nest. Do you quickly find the first available cheap premise you can and proceed to move your loved one into it as quickly as possible? Then as each successive child reaches that same stage, find a similar property to the first and do the same again? Maybe you do!
But in all seriousness, most of us would probably seek the services of some form of an Estate or Letting Agent, someone with full knowledge of what’s available in the market that best suits your little treasure’s wants and needs. Relying on the Agent to advise and suggest viable options, before carefully choosing the best property available to them.
Well a similar approach should be applied when adopting a cloud strategy. Do you find the first cheap, hosted environment available and proceed to throw all your applications and data into it? Again, maybe you do, and I know some have to their regret. But the smart option is to seek the services of an experienced, qualified cloud migration partner, someone who has thorough knowledge of the market and an ability to provide the best advice on the optimum solution for your organisation. A partner that will consider your differing workloads and what you need to achieve and design a strategy around a perfect hybrid of available cloud resource.
HERE, NOW AND THE FUTURE
So with the many benefits the cloud brings: accessibility, affordability, removal of a maintenance burden, better levels of security, increased speed of deployment and rapid scalability, as well as the Government pushing its ‘Cloud First’ strategy, is this the end for on-premise data centres?
Gartner predicts that by 2025, 80% of enterprises will have shut down their traditional data centres, versus 10% today. But, is it as clear cut as that?
Traditionally when new applications were requested by the force, IT departments would consider how they could deploy the application using their in-house architecture. This strategy has worked well for many years, whereby the goal was to deliver the application to the Force’s own end users. But as the workforce has now become more agile and the need for collaboration with other agencies grows, it drives the need to change the strategy and ask, ‘how can we deploy this so that we can easily access it from anywhere and share the information stored with others if we need to?’. Decisions now need to be less architecture driven and more about the needs for the services that are being delivered.
Cloud doesn’t have to be an all or nothing proposition – don’t let the one size fits all message fool you. Just because someone recommends a particular cloud service it doesn’t necessarily mean it is suitable for your particular workload. Every Public cloud doesn’t fit every IT function. Planning around objectives and consideration of things like low latency and high bandwidth traffic needs to take place when designing a cloud migration strategy. Hence the need for an experienced, qualified partner who will provide a comprehensive, overall assessment before further engaging with your team on creation of a mobilisation and migration plan.
Cloud computing is no longer the novel concept it once was, it is a well-established, proven mainstream technology with many benefits and as operating models shift and demands increase, Policing should recognise cloud as a more effective method of delivering applications, software and data to those that need it.
It’s now highly regarded as inevitable that in time Gartner’s prediction will come to pass, but whether it is optimistic to think that it will occur within the next 4 years remains to be seen.
FIND OUT MORE ABOUT HOW WE CAN HELP
“POLICING’S FUTURE IS IN THE CLOUDS” is the 2nd in our series of blogs on how tech can help the Police. Read the first blog in the series “Legacy Application Interoperability & Integration in the Police Force” now.