Protecting networked information means that biometrics can be embedded in thumb drives.

For the City of London Police, information leakage isn’t just business critical, it is a matter of life or death. Loss of life could be the ultimate price to pay should sensitive data being transported by police officers be mislaid. That’s why the City of London Police has taken industry-leading steps to make sure that an electronic data breach remains unlikely.

With its Wood Street headquarters just steps from the financial heart of the City of London, and a beat covering the Square Mile, the City of London Police is hardly an average police force. Focused on white-collar crime such as fraud, and in combating terrorist attacks within the City, the City of London Police (established in 1829) is today the UK’s lead force in countering fraud.

The City of London Police is also involved in implementing the Home Office IMPACT program, designed to improve the ability of the UK police service to manage and share information between police forces to prevent crime and provide safer communities.

Best Practices

Defining best practice in this field has also required the City of London Police to develop a model IT governance policy in order to protect information within and from outside its own network. Over the last five years, the force has taken sweeping measures to protect its electronic borders and defend the integrity of its information. In addition to a comprehensive and rigorous IT security policy, all potential points for electronic data leakage have been systematically identified and secured.

As well as safeguards against unauthorized electronic transmission of data, the City of has taken steps to prevent “thumbsucking” – the unauthorized copying of data on to portable storage devices. To achieve this it has locked down USB computer ports on all computers – and not with superglue.

However, the force also recognized that a complete system lockdown would be counterproductive, as officers and administrative staff still need to physically move data around during investigations and operations, and when interchanging intelligence with other forces, such as the neighboring Metropolitan Police.

In the field, police officers gathering information from external sources – such as other police forces and court services – use Stealth MXP devices for secure transportation of this information to the three City of London Police main police stations, where intelligence data is consolidated.

Hard Drive Protection

The force also has hard drive based units – offering the same biometric authentication benefits but larger data storage capacities. These units are reserved for special operations, commented Gary Brailsford-Hart, including a now-completed “multi-agency anti-terrorism exercise.”

“The deployment of Stealth MXP has given us an additional level of accessibility to transfer data that we did not have before,” said Brailsford-Hart, who himself uses a device for transporting all files relating to the City of ’s IT security strategy. When I talked with Brailsford, CIO, head of information management at the City of London Police, he discussed benefits. “Non-repudiation of information storage. High confidence in end-point security. Proportionate to the perceived risk to the information. If biometric access is to succeed, the workforce needs to be behind it. In the case of the biometric USB devices the workforce understood the risks, accepted the higher level of security and has embraced the technology as proportionate to safeguarding the information.”

In the future, he sees automatic pass-through encryption on information transfer to removable media while looking at a number of technical solutions. Also: integration of smartcards with certificate role based access across enterprise to support full national access to emerging police systems. Continued development of “security-hub” for improvements to single point of access to all electronic security information. And delivery of services beyond physical boundaries to support officers and the citizen, a multi-layered security architecture design.