Run Toward the Incident: Collaboration between Academia and Law Enforcement for Cybersecurity

min read

Collaboration and partnership between academia and law enforcement can bring about positive contributions for future research and activities in cybersecurity.

3 wood figures using chains to form a triangle. A 4th (red) figure is in the center.
Credit: Andrii Yalanskyi / Shutterstock.com © 2023

Challenging the conventional practices and wisdom happens every day. Some recent examples include novel recommendations and approaches in areas such as the green energy movement, electric vehicles, community policing, gender roles and norms, monetary benefits for college and university athletes, diversity, equity, and inclusion (including disabilities), and even the use of plastic bags. Stopping to take stock of the norm can be healthy, can create situational awareness, and can bring about positive contributions and evolutions.

Law enforcement practices and activities have similarly been called into question over the past several years. One approach to meeting this challenge is integrating and advancing science and research into law enforcement agencies, resulting in benefits for researchers, practitioners, policymakers, agencies themselves, and the community overall.

Along these lines, the mission of the National Institute of Justice, through the U.S. Department of Justice, is a Listen, Learn, and Inform paradigm. This terrific example provides a model for establishing greater integrations for those in higher education and academic research activities and the expert practitioners. Additionally, special research publications contribute to this vision of greater collaboration and integration between law enforcement agencies and academic research and of the benefits that can be provided.Footnote1

Running Toward the Incident

In much the same way that an emergency responder runs toward, rather than away from, an incident, those in the cybersecurity, criminal justice, and public administration academic fields should be running toward, and advancing, collaborative research with law enforcement subject experts.

In a recent talk at an event in my neighborhood, a local township police officer mentioned how he had experienced his first visit to a home where a dead body was located. This not only was a marker of experience but also was indicative of how one cannot avoid such a situation if working in the critical area of emergency medical services. The knowledge gained can be valuable in putting oneself (the researcher) into the shoes of a work role expert and soliciting input. Indeed, the Emergency Services Sector is one of the sixteen categorized infrastructure sectors identified in the Presidential Policy Directive (PPD) 21.Footnote2 It includes law enforcement, fire and rescue services, emergency medical services, emergency management, and public works.

To provide another personal example, some years ago I injured my back while climbing a ladder to clear leaves from a gutter. I made it to my bed but could not move. After a call to 911, the local police were the first to arrive to assist me. The presence of local law enforcement brought about anxiety, but in just a few moments I was happy to hear that my problem was not unique, according to the officer. He explained to me and my family that there was no way I was getting out of my house and to the hospital without excruciating pain and screaming. (Gulp, what?) At first hearing this, I was petrified, but I soon felt better having been told what to expect and having received psychological support. The experience of the officer was exactly what I needed to hear: he had seen this before, he knew the basics of what I needed for medical care, and he demonstrated confidence. The officers provided a wooden board to keep me flat on my back, and after it stayed with me through the ambulance ride and into the hospital, I didn't want that wooden board to leave me!

Another time, when I was working as a civilian in the role of lead for application security in a New York transportation police department, I walked with one of the police chiefs into Grand Central Station in New York City. While we carried on small talk, the chief spotted a citizen, in a wheelchair, possibly homeless, who apparently spent his days passing the time at Grand Central Station. The chief called out to the individual by his first name and struck up a conversation. Is there a better sign of dignity than to hear one's own name called out by a police chief in a positive tone? This same chief advocated for collaboration with other law enforcement agencies, especially when implementing advanced security technologies, and showed an openness to new ideas and data science. He even planned field trips to other agencies to create collaborations. This is an excellent collaborative approach to conducting research and finding potential solutions to thorny problems.

One final personal example was when a police captain invited me to have a cup of freshly made espresso in the captain's office as a means of creating a collaborative relationship. Such actions can be valuable and positive in opening up a genuine line of communication. The opportunity was not rushed, and it created and inspired kinship. (By the way, the coffee was high-quality, and I received a bottle of excellent Italian seltzer water as well.)

Areas for Potential Research and Collaboration

Cybercrime continues to grow. The annual FBI Internet Crime Complaint Center shows that complaints have increased from 351,937 in 2018 to 800,944 in 2022, with losses increasing from $2.7 billion to $10.3 billion. The annual report includes only those cybercrimes and cyber incidents that are disclosed, meaning that many are missing.

How can cybercrime be addressed? The National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST), has created the Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, as a way to bring consistency to the definition of cybersecurity jobs. The NICE Framework includes seven high-level categories documenting common cybersecurity functions. The categories range from "Protect and Defend" to "Oversee and Govern." One area that strongly aligns with law enforcement is "Investigate," which includes Cyber Investigation, a specialty area that "applies tactics, techniques, and procedures for a full range of investigative tools and processes to include, but not limited to, interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering." Given the increasing demands being placed on law enforcement agencies to tackle cybercrimes, this area is ripe for greater research. Many departments, particularly smaller ones, are not equipped to handle the cybercrimes reported.

In addition, several notable groups have demonstrated unique contributions to aiding organizations with greater cybersecurity and cybercrime strategic knowledge and guidance. The state of New Jersey, for example, has created the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) in the New Jersey Office of Homeland Security and Preparedness. Under stellar leadership, it provides superior routine cybersecurity and cybercrime threat intelligence and risk reduction information and offers local, county, and community services in dealing and contending with cyber incidents. Similar services exist in other state Homeland Security and Emergency Services departments.

The National Centers of Academic Excellence in Cybersecurity (NCAE-C), with oversight and management by the National Security Agency / Central Security Service (NSA/CSS), provides standardized curriculum and programs that align with the requirements set by the NSA/CSS for institutions to obtain its CAE-C designation. Additionally, this federally run and supported program partners with law enforcement such as the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The program requires an extensive application submission process in order for institutions to receive the CAE-C designation. Programs exists for Cyber Defense, Cyber Research, and Cyber Operations, focusing on output of academic achievement by meeting the desired characteristics to produce qualified cybersecurity-trained students ready to enter the workforce and meet the needs of the nation. The requirements for each of the available designations differ. For example, the Cyber Defense designation needs to ensure the organization has a cyber program that has been in existence for at least three years, with one year of graduates. Inclusion in the designated programs affords excellent opportunities to collaborate with other CAE-C institutions (currently there are more than 400), as well as with federal agencies, allowing another vector option for greater law enforcement collaboration.

Given the transnational nature of cybercrimes, it is virtually impossible to bring justice without true collaboration. The International Criminal Police Organization (INTERPOL) is an intergovernmental outfit with a presence in 195 member countries. Its goal is to help all law enforcement work together for a safer world. The vast reach of INTERPOL offers great value when pursuing cyber-related incidents that emerge outside of one's home country. In addition, the INTERPOL Innovation Centre fosters creative collaboration among law enforcement, private-sector subject matter experts, and academia.

Collaboration Example: InfraGard and Ransomware Incident Preparation

InfraGard is a resourceful public partnership between the FBI and private-sector organizations that align with the critical infrastructure sectors of the United States. InfraGard has 79 chapters throughout the United States and requires members to apply and undergo a background investigation. Membership affords individuals and organizations valuable insights on and awareness of cyber defense activities in specific sectors. Most critical to inclusion in InfraGard is the possibility for industry connections that can be extremely helpful when a serious cyber incident requires federal advice and assistance.

InfraGard also provides a very valuable security conduit between the sixteen categorized infrastructure sectors identified in PPD-21. A majority of the components and assets for critical infrastructure can be found in the private sector,Footnote3 enabling InfraGard to provide a precious, valuable outlet for cybersecurity professionals.

An InfraGard in-person event at Kean University in October 2021 allowed for cross-discipline, cross-sector, and public-private interaction between those in the professional fields of information technology, cybersecurity, information security, higher education, former federal (FBI and Secret Service) and local law enforcement, emergency management, and business professionals. During the event, organized by the Kean Center for Cybersecurity, an idea blossomed from a presentation on the topic of a practical guidance write-up for organizations preparing for the possibility of ransomware. As a result of the amalgam of inputs, the published research and ransomware framework, "Ransomware Incident Preparations," reflects a true diversity of disciplines.Footnote4 The work has been recognized and included in the 2022 Innovations in Cybersecurity Education program—exciting for both those in the cybersecurity academic community and those in law enforcement.

Cybersecurity preparations and incident response truly benefit from this type of genuine collaboration between academia and law enforcement.

Notes

  1. See, for example, Kristina K. Childs and Roberto Hugh Potter, "Developing and Sustaining Collaborative Research Partnerships with Universities and Criminal Justice Agencies," Criminal Justice Studies 27, no. 3 (2014). Jump back to footnote 1 in the text.
  2. The White House, Office of the Press Secretary, "Presidential Policy Directive: Critical Infrastructure Security and Resilience," February 12, 2013. Jump back to footnote 2 in the text.
  3. Cybersecurity and Infrastructure Security Agency (CISA), "Partnerships and Collaboration" (website), accessed May 12, 2023. Jump back to footnote 3 in the text.
  4. Stanley J. Mierzwa, James J. Drylie, Cochi Ho, Dennis Bogdan, and Kenneth Watson, "Ransomware Incident Preparations with Ethical Considerations and Command System Framework Proposal," Journal of Leadership, Accountability and Ethics 19, no. 2 (2022). Jump back to footnote 4 in the text.

Stan Mierzwa is Managing Assistant Director and lecturer for the Center for Cybersecurity, Kean University.

© 2023 Stan Mierzwa. The text of this work is licensed under a Creative Commons BY 4.0 International License.