NIELIT, Maharashtra Police Team up to Build StaffDepartment Needs Cyber Investigation and Forensic Skills
The National Institute of Electronics & Information Technology, the HRD arm of the Department of Electronics and Information Technology, has been directed to partner with the Maharashtra Police Department to build capacity of cybersecurity professionals.
See Also: 2016 State of Threat Intelligence Study
NIELT will train nearly 60,000 police personnel in cybersecurity and forensics, says Dr. Ashwini Sharma, managing director of NIELIT.
According to Sharma, NIELIT, spread across 32 locations in the country with 600 team members focusing on capacity building activities in the northeastern region, will now expand to other regions.
Experts say the decision to select the Maharashtra Police Department as a pilot follows the State Chief Minister Devendra Fadnavis's initiative to grant additional resources to the state police to tackle cybercrime. While setting up a regional CERT office in Mumbai and special courts to handle the state's cybercrime cases is a priority, enhancing the capacity of the cyber police station and cyber cell in Mumbai is a need.
However, law enforcement experts say that although there are good cyber laws to support investigations, there is a need for training and effective tools to handle forensics and some of the specifics of cyber investigations.
Lucknow-based Dr. Triveni Singh, additional superintendent of Police-Cybercrime Cell says, "As the number of cybercrime cases sees a ten-fold increase, police personnel lack hands on-experience in dealing with cybercrime due to lack of skills."
According to Sharma, NIELT will leverage its trained resources to take up skills-building. "We have five master trainers (trained by U.S. CERT) who have imparted training to over 1000 professionals across these locations," he says. "These trained professionals represent teams from police departments, security practitioners from various government organizations and other professionals working across various sectors."
Some areas identified for training the Maharashtra police include information security, cybersecurity, simple hacking methods and cybercrime investigation process using forensic tools, Sharma says.
"The training will be across three levels based on the background of the official and includes personnel from CBI, anti-corruption bureau, special crime branch and others," Sharma says.
Asked about the training modules and the structure of the training program, Sharma reiterates, "I have just got instruction from the IT secretary to roll out the program, and I will work out a mechanism to put a structure in place on the modus operandi of the training program."
NIELIT doesn't rule out leveraging the private public partnership model to impart critical training methods.
Dr. Singh says, "There are more generalists in the police department who lack knowledge about information security, as they are not from a computers background. Currently, NIELIT must focus on cyber forensic training capabilities, as police personnel struggle to carry out investigation process after the cybercrime is registered."
Thiruvananthapuram-based N Vinayakumaran Nair, Assistant Commandant of Police, Hi-Tech Crime Enquiry Cell, police headquarters says, "There is good support for cybercrime teams on cyber law, but cyber investigation skills must be strengthened, as [police] are not tech savvy."
What is Needed?
Singh says there must be three levels of training - at the sub inspector level, superintendent of Police cadre and at the IPS level, if the department is to develop the capabilities to tackle cybercrime and attacks.
"They training modules should include legal aspects including the IT Act, IP Act, and more important, establish a process of information sharing in real-time," maintains Singh.
Experts say each module should be designed to include two months' training to get a grip on the real skills needed.
Nair says police must be trained to understand the nuances of technology and its operations in tackling cyber threats.
Cyber experts stress that the police should be trained to understand that cybersecurity cannot be viewed in the same manner as other law enforcement activities, and this big push must be carefully planned.
"While it is too early to detail the exact plan of action, we will work out an effective public private partnership model to rope in trainers from the private sector and partner with bodies like NSDC and others to build skills," Sharma says.
"We will focus on three aspects of capacity building - designing the module, developing the necessary framework with effective tools and coming out with an implementation plan," Sharma says.