How to protect your digital video evidence from a cyberattack
The odds of data being corrupted, stolen and held ransom are greater than ever before, necessitating the protection of critical information
Few forces are impacting law enforcement like video. Policing in the Video Age, P1's yearlong special editorial focus on video in law enforcement, aims to address all facets of the topic with expanded analysis and reporting.
In the second installment of this four-part signature coverage effort, Solving the Evidence Management Challenge, we address the issues police departments currently face when it comes to managing digital video evidence, including data storage costs, cybersecurity, data retention, and data extraction. Click here to learn more about the project.
Navigating the complexity of BWCs is a challenge police departments continue to face. If you’re in need of BWC training for your department, PoliceOne Academy has several online courses available, including “How to Implement a BWC Program.” Start your path to becoming an expert by visiting PoliceOneAcademy.com and submitting a request to learn more.
There is no question the cyber threat is real for state, local and federal law enforcement agencies. According to a report by the University of San Diego, in addition to “hackers” looking to profit through the theft of critical data, “entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure.”
With the advent of on-officer video cameras, law enforcement agencies are dealing with an explosion of data that needs to be stored, managed, secured and safely shared with criminal justice partners and defense attorneys. This data is a top target for so-called “hacktivists,” state actors, terrorist organizations, international criminal organizations and others.
Certainly, digital evidence had existed before body-worn cameras – everything from dash-camera footage to computer files to mobile phone records – but the growth in volume over the past decade has been exponential.
While departments face the same challenges any entity faces regarding the protection of critical information, the odds of data being corrupted, stolen and held ransom are greater than ever before. Here are some questions agencies should address to assess risks:
- What are some of the threats departments face in regard to protecting digital evidence?
- What are some of the safeguards departments need to use to preserve chain of custody for digital evidence?
- What other issues should departments consider as they add body camera files to their already massive databases of evidence?
Meeting cyber threats with force
One of the most dangerous cyber threats to police agencies is ransomware, a malicious software that attempts to break into as many storage systems as it can, steal (or copy) the data, and then shut down the original servers so the data cannot be accessed until a ransom is paid.
Malcolm Palmore – who serves as Assistant Special Agent in Charge, Cyber Branch, at San Francisco Office of the FBI – says that the challenge for any business or public sector entity is making investments in their digital or networked environments and prioritizing security.
“Departments must prioritize their digital posture – their protection against cyber threats in particular – as a priority and then hire professionals capable of building an architecture or delivering solutions that answer the mail on business operations,” Palmore said. “This is hard when you don’t properly prioritize the risks associated with diving into the digital arena. There is a cost to operate at these increasingly digitized levels. If a department takes steps early on to ensure adherence to information security fundamentals they will be in good shape.”
When it comes to safeguards departments can use to protect digital evidence and ensure chain of custody is maintained, Palmore says that forensic chain of custody practices can be adapted to the digital environment. These long-standing procedures and protocols generally work well with digital evidence like body camera footage.
“The key is being able to attest to the integrity of the data being presented. The information security triangle, comprised of Confidentiality-Integrity-Availability, holds true for law enforcement in this realm as well. Typical practices include the capture or imaging of data/information in a format that allows it to remain in its original state and preserved as such for the purposes of future testimony,” Palmore said.
Leveraging the cloud and security professionals to prevent a cyber attack
Palmore explained that one of the ways agencies are protecting digital evidence is by leveraging the services of companies that provide secure cloud storage. A variety of body camera companies offer their own in-house cloud storage solution or work with a third-party vendor like Amazon Web Services that provides cloud services to myriad private enterprises and public safety entities.
“Cloud solutions are becoming increasingly the path of choice for simplification of data storage, and it’s a money saver that allows for expandability while transferring infrastructure responsibilities to the vendor,” Palmore said. “It can be a game changer.”
Palmore explained that there are differences in protecting against cyberattack for on-premises storage versus cloud storage. Cloud storage adds a viable solution to most entities because it transfers the action of creating a protected environment to a third-party vendor. However, the cloud does not alleviate the data owner of the responsibility to ensure the data is protected.
For on-premises data storage, Palmore said that agencies should consider hiring cybersecurity professionals to handle risk assessment and to deploy solutions.
“Departments should ensure the individuals or companies engaged in developing their information security apparatus are properly trained with a proven track record of success in the digital technologies or cyber security arena. Some departments may think they can accomplish these tasks in-house and ‘on the cheap.’ I would advise against it.”
Doing a cyber threat self-assessment
Agencies can leverage a program called the Cyber Resilience Review, offered by the United States Computer Emergency Readiness Team within the Department of Homeland Security. DHS says that the Cyber Resilience Review is a “no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.”
The Cyber Resilience Review may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.
Whether or not you elect to go with a Cyber Resilience Review, or a security professional from a company specializing in cyber security, it behooves any agency with digital evidence to double check its vulnerability sooner rather than later to prevent an exposure.