Tackling cybercrime
across
By Victoria White,
First Secretary (Cyber),
British High Commission
Pretoria and Peter Goodman,
Strategic Advisor to the UK
Digital Access Programme
The UK and South Africa working together to
tackle a global threat to make citizens safer online
C
yberspace continues to
revolutionise the way we all live,
work and play and with it comes
great opportunity for economic prosperity,
job creation and technological innovation
to solve some of the world’s greatest
challenges such as tackling COVID-19,
which has been a shared challenge across
the world. With these great opportunities
we must all be alive to the threat that
accompanies it, namely cybercrime. Much
like the coronavirus, cybercrime does not
recognise or respect geographical borders
which it is why it is crucial that countries
work together to tackle it, but also to learn
from one another. The Transnet attack on
the Port of Durban during July 2021 is a
stark and shocking reminder of the havoc a
cyberattack can wreak on a piece of critical
national infrastructure with huge
ramifications for the economy. These
crimes are not victimless - they cause real
harm to people and businesses which are
often profound and lasting.
32
Servamus Community-based Safety & Security Magazine
Cybercrime is an evolving threat that
is growing in complexity. It spans state
and state-sponsored actors, serious
organised crime groups and criminals see-
king to profit by defrauding citizens and
businesses online.
In May 2021, Dominic Raab, the UK
Foreign Secretary and Dr Naledi Pandor,
South Africa’s Minister of International
Relations and Cooperation, agreed that
the UK and South Africa should foster a
closer partnership which included working
together to tackle cybercrime. Through the
UK’s flagship Digital Access Programme
(cybilportal.org), the UK plans to build
capacity, teach and share investigative
techniques and capability with the South
African Police Service (SAPS) and
Directorate of Priority Crime Investigation
(DPCI). But, most importantly it wishes to
learn from the mistakes that the UK has
made along the way so that South Africa
can benefit from this shared knowledge as
Oktober 2021
borders
it begins the task of operationalising the
Cybercrimes Act 19 of 2020.
Peter Goodman, the United Kingdom’s
ex-National Chief Lead on Cybercrime
for law enforcement, outlines the UK
journey to building the cybercrime fighting
capability that it now has, and encourages
South Africa to learn from some of the
mistakes the UK made along the way.
“It was a marathon and a war of attrition,
this work does not happen overnight but
with clear strategic vision and using inter-
national best practise, South Africa can
achieve a credible cybercrime fighting
capability,” he said.
The UK’s cyber journey
The UK’s journey began in 2010 when
cybercrime was established as a Tier One
National Security Threat. As such, it
became a standing agenda item at the
National Security Council chaired by the
Prime Minister; this, in turn, meant that UK
law enforcement would have access to enabled crime which is all encom - to empower the new unit to lead across
some of the resources and funding passing. Nation states need skills, technol- many agencies including UK police forces
required to tackle their greatest national ogy and people that can transfer between and international law enforcement such as
security threats (https://www.gov.uk/gov- all types of investigation. In 2011, the UK Europol, the FBI and US Secret Service.
ernment/groups/national-security-coun- had 135 people dedicated to cybercrime. Simultaneously, regional capability was
cil). In 2011, the UK published its first ever Fast forward to 2021, a total of +/-1450 spe- built with a broad reach across England
National Cyber Security Strategy (UK cialists are working within law enforcement and Wales in ten separate geographical
Cabinet Office, 2011). This was the first across the whole of the UK. Although the UK regions with Regional Cyber Crime Units
time that cybercrime featured as part of rates cybercrime as a tier 1 national security (RCCU) which were established within
any UK national strategy. The response to risk, the investment received is dwarfed by existing Regional Organised Crime Units
cybercrime was focused around the same resourcing counter-terrorism. (ROCU). These ROCUs have a range of spe-
four “Ps” that had underpinned the count- cialist policing capabilities set against all
er-terrorism (CONTEST) strategy, namely In 2013, the UK created the National Cyber serious and organised crime and it was
Pursue, Prevent, Protect, Prepare Crime Unit (NCCU), a command of the UK’s intended that cybercriminals would be tar-
(https://www.gov.uk/government/publica- National Crime Agency (NCA). The aim was geted using these established resources.
tions/counter-terrorism-strategy-contest).
This led to the UK’s first mistake as UK law
enforcement looked at the threat of
cybercrime in its purest sense as a
c y b e r -d
d e p e n d e n t c r i m e , namely a
computer required to attack other com-
puters. Take as an example a piece of mali-
cious software (malware) that infects
information stored on a computer or serv-
er that is then only released upon payment
of a ransom, commonly known as a ran-
somware attack. The UK’s Crown
Prosecution Service (equivalent to South
Africa’s National Prosecuting Authority)
defines these types of crimes in two main
categories, namely:
 Illicit intrusions into computer net-
works, such as hacking; and
 the disruption or downgrading of com-
puter functionality and network space,
such as malware and Denial of Service
(DOS) or Distributed Denial of Service
(DDOS) attacks (UK Cabinet Office, 2011).

The rationale for this was that a broader

perspective that included cyber-enabled
crimes such as fraud or child sexual abuse
that can be perpetrated online, would sim-
ply drown the limited resources available.
The UK did not spot how investigative tech-
niques for cyber-dependent crime such as
digital forensics could be transferable to The UK’s single biggest success factor was part of the UK Intelligence Community)
other areas of investigation such as child the creation of the National Cyber Security much closer to law enforcement so that all
sexual abuse, where evidence can be found Centre (NCSC) in 2016. Its mission is to these agencies were now working collec-
on a multitude of computers and cell- make the UK a safe place to live and work tively together as “Team Cyber UK”
phones. The first lesson the UK learned was online (https://www.ncsc.gov.uk/). It also (https://www.gchq.gov.uk/). The NCCU
that it had to think of cybercrime as brought UK government and Government and RCCUs are trusted partners of the
part of that broader picture; digitally Communications Head Quarters (GCHQ NCSC. Traditional silos were being broken
October 2021 33
Servamus Community-based Safety & Security Magazine
down and now had a shared vision, aim
and task to tackle this type of criminality.
The UK had a credible ecosystem of
agencies and government with the skills,
capability and direction to investigate cyber-
crime. But it was not failproof as it led to the
next mistake. The UK did not think about
the end-tto-eend investigative chain and
Investigation of local
criminals and groups
involved in cyber-
crime and disrupting
their activities
Stop individuals,
particularly youth
from becoming
involved in
cybercrime
PREPARE was unfortunately the area
that received the least attention which
hampered efforts to help the UK and indi-
vidual businesses develop resilience in the
face of increasing threat.
It is important to note that public private
partnerships are at the centre of a good
cyber strategy. At a tactical level, the best
post-iincident responses have been
where the victim, the cybersecurity
34
Servamus Community-based Safety & Security Magazine
the whole of the criminal justice sys -
tem: failing to equip prosecutors,
defence counsel or the courts with
the ability to deal with these technical
reports landing on their desks. Since
this shortcoming was addressed, there are
now specialist prosecutors and specialist
courts, but not before some high-profile
cases had failed to progress.
PRO
R S UE TEC
P U T
PRE E
VEN
E P AR
T P R
industry and the police have worked
together to common goals. On a more
strategic level, ongoing partnership
between business, academia and law
enforcement has been key. Police
CyberAlarm is a great example of and reit-
erates the importance of public and private
partnerships. It is a free tool to help mem-
bers understand and monitor malicious
cyber activity. This service consists of two
parts: monitoring and vulnerability
Oktober 2021
In 2018, the UK was able to build local cyber
capability in each local force area, which
was to be focused on the most vulnerable
victims. A unit was created in all 43 police
forces in England and Wales. This capability
again followed the “4 Ps” strategy, as
explained earlier.
Enabling citizens
to protect them-
selves from cyber
criminality
Strategic under-
standing of the
current and
emerging threats
and when crime
occurs;
victim support
scanning (https://cyberalarm.police.uk/).
Police CyberAlarm acts as a “CCTV camera”
monitoring the traffic seen by a member's
connection to the Internet. It will detect
and provide regular reports of suspected
malicious activity, enabling organisations
to minimise their vulnerabilities. The data
collected by the system does not contain
any content of the traffic. The system is
designed to protect personal data, trade
secrets and intellectual property.
Underreporting of cybercrime meant that
Chief Constables of all police forces were
often not motivated to take the threat seri-
ously. (Chief Constables are senior police
officers who sit within the operational
decision-making body for the National
Police Chiefs’ Council created to help polic-
ing coordinate operations, reform,
improve and provide value for money.)
CyberAlarm provided the evidence of the
types of attack being faced in each area
and encouraged action to tackle issues
such as online child sexual abuse and
online gender-based violence.
Regional Cyber Resilience Centres (RCRC)
have now also been created in every area
of the country, which is another unique
partnership between law enforcement,
academia and industry. It uses students
who are studying towards obtaining ethical
hacking degrees for example, to provide
cybersecurity advice to Small and Medium-
sized Enterprises (SMEs) and do not have
the know-how to protect themselves. It is
funded by a government grant, but
increasingly by big corporates that want to
see their supply chains protected and do
the right thing for the UK economy.
Ensuring that the public know how to pro-
tect themselves online, in a simple and
easy way to understand, is absolutely vital
in driving down the occurrence of cyber-
crime. The National Cyber Security Centre
(Nd) provides very easy to follow guidance
for absolutely anyone to practice good
cyber hygiene. By taking only a few action
steps, the public can significantly improve
their online security, they are:
 Using a strong and separate password
for your e-mail;
 creating strong passwords using three
random words (for example,
DeskSharkTree);
 turning on two-factor authentication
(2FA) (for example when you enter
your password and a code are sent to
your cellphone);
 regularly updating your devices; and
 backing up your data (either on an
external device or in the cloud).
Cyberspace is an increasingly contested
domain, used by state and non-state actors.
Proliferation of cyber capability in countries
and organised crime groups, along with the
growing everyday reliance on digital infra-
structure, will increase the risks of direct and
collateral damage to the UK and its interna-
tional partners. The UK is very open about
its ambitions in cyberspace and it heavily
referred to its recent 2021 Integrated
Review of Security, Defence, Development
and Foreign Policy (https://www.gov.uk/
government/collections/the-integrated-
review-2021). It wants to be a responsible,
democratic cyber power meaning the ability
to protect and promote its national interest
in and through cyberspace: to realise the
benefits that cyberspace offers to citizens
and the economy, to work with partners,
including South Africa, towards a cyberspace
that reflects the UK’s values, and to use
cyber capabilities to influence events in the
real world. The United Kingdom and South
Africa working together to tackle cybercrime
will make a vital difference and give us the
upper hand against those who would wish
to do our citizens harm.
Editor’s note
The list of references is published on p78.

About the authors

Victoria White spent ten years serving as a British diplomat
with the Foreign and Commonwealth Office (FCO). Her career
focused on protecting British Nationals overseas from serious
harm such as forced marriage and death penalty and then spe-
cialised in crisis management; responding to terror incidents,
natural disaster and political instability affecting British nationals
overseas. She then moved to the UK Ministry of Defence where
she began to specialise in policy governance for cyber opera-
tions.

Peter Goodman has served as a British police officer for

32 years, 12 of which were as a Chief Constable. He was also the
UK’s National Policing Lead for Cybercrime. He now provides
specialist advice in relation to cybercrime investigation, intelli-
gence and prevention as an ex-UK law enforcement specialist.
He is also an expert in the field of international cybercrime
partnerships and an integral part of the UK Digital Access
Programme Team providing strategic engagement with
partner countries.

October 2021 35
Servamus Community-based Safety & Security Magazine