Cyber Police Superintendent Describes Training InitiativesBalsing Rajput, Superintendent of Maharashtra Cyber Police, Outlines New Efforts
Cybercriminals are getting more organized, and law enforcement agencies are inadequately equipped to tackle the rise in cybercrime, says Balsing Rajput, superintendent of police, cyber, Maharashtra Police.
So the police have taken steps to empower officers with appropriate training, he explains in an interview with Information Security Media Group.
Given the new forms of cybercrimes, it is imperative to get the police trained in forensics and analytics for effective investigation purposes, he says.
In this interview (see edited transcript below) Rajput discusses:
- New training methods to tackle cybercrimes;
- The development of cyber labs;
- Tackling online breaches and data leaks with effective programs.
Rajput has strategic and technical expertise in the field of cybersecurity of critical infrastructures, government information systems and cyber defence. He is a Chevening Cyber Security Fellow of UK. During his fellowship he has presented research paper on "Identifying Emerging Cyber Security Challenges from National Security Perspectives." He is pursuing Ph.D. on the subject "Cyber Crimes in India."
SUPARNA GOSWAMI: As cybercriminals are getting more organized and innovative in their attacks, how prepared are law enforcement agents for handling this change?
BALSING RAJPUT: Unlike earlier days, where hacking was an unorganized crime carried out mainly to test one's skills, it has now evolved to become a sophisticated crime with focused targets.
In today's world, there are different agents to carry out a cybercrime. They are nation-states, sponsor agents of the state, organized crime hackers and then amateurish hackers. These attackers are designing different kinds of malware, platforms and security breaching systems to carrying out the crime.
Therefore, law enforcement agents, or LEAs, have no choice but to sharpen their skills and recalibrate themselves to face sophisticated and targeted online organized crime. Unfortunately, the LEAs are not at a par with the sophistication that the cybercriminals showcase. They aren't equipped to handle such cases due to lack of appropriate training, and there are certain deficits in skill upgrades due to appropriate tools and wherewithal.
GOSWAMI: Against such challenges are there any proactive measures being taken by Maharashtra cyber police to train staff to handle the ever-increasing crime?
RAJPUT: Things are changing for good. Starting last year, the Maharashtra cyber police has operationalized 47 cyber labs across districts in the state to provide technical and forensic investigation support to the cyber police. The labs have digital software and hardware facilities to analyze tools used in crimes. These labs will be connected to a central processing lab [which will get operationalized soon], where the evidence will be processed and analyzed in order to draw correlations between various cybercrimes. (See: Maharashtra Plans Cyber Cell Expansion)
Furthermore, in order to bring a crime to its logical conclusion, we require to put the law into motion. For this, we have started around 44 cybercrime police stations. Then there is the Maharashtra CERT established recently, which notes all cybercrimes to have taken place in the state.
Our aim is to train 1,000 state staff over a period of five years. So far we have managed to train 155 officers in various capacities, especially in digital forensics and analysis. We are also in the process of having a Center of Cyber Security Excellence and Capacity Building for educating our officers on cyber courses. We are in touch with academia and practitioners from the industry to impart the necessary training to us.
In addition to this, we will soon devise methods to deploy training in predictive analytics, where we will make use of data available in open source to predict crimes and take intelligence inputs so that pre-emptive measures can be taken.
Besides, the department is creating training modules for the police force in coordination with the Central Bureau of Investigation for cyber forensics, investigation and telecom interception, and they are also trained under CBI. (See: A Collaborative Approach Needed to Tackle Cybercrime)
Handling Breaches and Piracy
GOSWAMI: Industry has witnessed many data breaches. Recently, the Indian entertainment industry saw the online leak of an episode of HBO's Game of Thrones and films such as "Udta Punjab" and "Manjhi: The Mountain Man" getting leaked online days before the release. I understand the Maharashtra police took control of the investigation and put up certain best practices to prevent such leaks. Can you throw some light?
RAJPUT: Since these activities caused lot of damage and disruption, the Maharashtra police took control of the situation and initiated a multistakeholder model to look into online IP theft, online piracy etc.
We are in talks with relevant people to help us in technical training, including the Motion Films Association, and we're starting an anti-piracy unit along with the training. Though we have laws to deal with online piracy and theft, more often than not people don't register a complaint with us. We also need to generate awareness on having good security practices to protect content online.
The unit will have 10 people - five from the association and five from the cyber department - to delve into the technical aspect and then hand over the case to local police station. It should get operationalized before next year.