Assessing Law Enforcement’s Cybercrime Capacity and Capability
By Christopher J. Moloney, Ph.D., N. Prabha Unnithan, Ph.D., and Weiqi Zhang, Ph.D.
Cybercrime encompasses a spectrum of activities that occur within the virtual realm of cyberspace or are facilitated by digital or networked technologies.1 These activities include, among others, identity theft, financial fraud and scams, child pornography, drug and violent offenses, and espionage. Further, cybercrime is closely related to issues of digital evidence, technological innovation and infrastructure, and big data. It is one of the most rapidly evolving and exponentially growing emergent global social problems.2
Such crime disproportionately impacts children, women, and the elderly, demographics that comprise most local communities in the United States.3 These specific victim populations often fall prey to scams, fraud, and abuse in the forms of harassment, stalking, and sexual exploitation, all facilitated through digital technologies and cyberspace.
Local law enforcement agencies are at the front lines of responding to cybercrime. Addressing the issue relates directly to their ability to fulfill their missions and serve their local communities, including their most vulnerable populations.
Using a questionnaire and a series of semistructured interviews, the authors launched a national research project to solicit feedback from senior law enforcement administrators and frontline officers from both county and municipal agencies. The questions focused on five areas pertaining to their departments’ cybercrime capacity and capability.4
- Financial/technological resources
- Agency culture and leadership
- Communicative processes and procedures
- Relationships, partnerships, and collaboration
A total of 929 local law enforcement agencies participated in the quantitative assessment, and over two dozen of those agreed to a series of in-depth qualitative follow-up interviews during the spring and early summer of 2021.5
The project’s preliminary results underscore the significant, negative impacts that both external and internal factors have had on local law enforcement’s ability to respond to cybercrime incidents and calls for service.
Over one-third (35.5%) of all responding agencies noted that their cybercrime caseloads had risen since the COVID-19 pandemic began and described higher rates of online frauds, scams, and other types of cybercrime during the previous year.
Further, more than 70% of interviewees expressed concerns about how external forces such as police reform movements (e.g., “defund the police”) have compounded difficulties at their agencies in recruiting, retaining, and training personnel who can work complex investigations involving cybercrime and digital technology.
While most county and municipal departments indicated they partner with other law enforcement agencies in task forces and information or intelligence sharing relationships, upward of 90% of all agencies indicated no partnerships or relationships with the private sector. In fact, they described the lack of cooperation from private sector companies as one of the most significant challenges impacting their ability to handle their cybercrime caseload. Many senior administrators and frontline personnel indicated waiting months — sometimes six or more — for responses from private sector organizations about their search warrants and subpoenas; many more noted that in some cases, private sector organizations flatly refused to cooperate with legal requests for documents, records, or information, particularly if the organization was headquartered outside the United States.
Dr. Moloney is an instructor at Colorado State University in Fort Collins and the founder of an advisory services and solutions company serving the digital transformation needs of the public safety industry.
Dr. Unnithan is a distinguished professor of sociology at Colorado State University in Fort Collins and former president of the Academy of Criminal Justice Sciences.
Dr. Zhang is an assistant professor of political science and legal studies at Suffolk University in Boston.
Local law enforcement cybercrime investigators and senior administrators described having to rely on their federal partners — often via informal, personal relationships — to put pressure on these private sector companies to generate compliance. This delays the progress of investigations, adds to the backlog of cases (further straining personnel and creating logistical difficulties), and negatively affects victim and community relations as cybercrime victims often blame delays on their local law enforcement agencies and personnel.
The external setbacks add weight to other factors that collectively paint a bleak portrait of law enforcement’s current ability to combat cybercrime. For example, many local agencies had difficulty assessing whether their current cybercrime tactics, policies, and procedures aligned with emerging cybercrime best practices. This no doubt relates to a lack of clearly operationalized recommended actions but also reflects unclear priorities, poor communication, and a lack of resources among the responding agencies.
Moreover, while larger departments tended to have dedicated cybercrime units, more personnel and financial resources, and superior in-house technology and infrastructure, they were not necessarily better positioned to deal with cybercrime because of their much higher caseloads. Several very large agencies described receiving nearly 1,000 cybercrime calls for service per month and an equal number of cybercrime tips; many midsize departments described monthly caseloads and calls in the hundreds. Therefore, caution must be exercised when making assumptions about an agency’s ability to deal with cybercrime based on its size.
Because of the exponential growth of cybercrime incidents, the agencies that serve large populations were no better off in dealing with cybercrime despite being, on paper, more capable of doing so when compared with smaller departments. Indeed, several cybercrime unit supervisors at midsize and large agencies noted that even if they doubled their personnel, they would still be unable to keep up with the volume of their agency’s cybercrime cases or the demand for technological analysis in other criminal incidents.
Notably, results from the questionnaire and interviews indicated that strengthening law enforcement’s cybercrime and technology capacity must take on a higher priority. Most responding agencies, as well as those that participated in the interview process, described challenges to achieving this goal. These difficulties were linked to their size, geographic location, lack of personnel and financial resources, inability to access technology (e.g., hardware, software, apps) and infrastructure, COVID-19, anti-police and police reform movements, and new legislation.
This project was revelatory in many regards and produced meaningful data that fills in several research gaps. More important, the results indicated numerous opportunities for strengthening local law enforcement’s readiness to deal with cybercrime and technology-related issues.
Some recommendations represent low-hanging fruit, such as developing and disseminating clear and operationalizable cybercrime best practices, creating more networks for investigators and administrators to share knowledge, and developing more low-cost training to help upskill and continuously educate department members. Other opportunities may require greater collaboration and, in some cases, even policy intervention.
There may be a model for dealing with cybercrime that is more efficient than the piecemeal approach that currently exists in which every agency tackles the issue independently, even though law enforcement departments at the federal, state, and local levels all play a role in cybercrime response.
Local law enforcement administrators and frontline personnel believe the current division of responsibilities and level of collaboration among all agencies is unclear and problematic. In some locales, regional task forces or working groups serve as centralized nodes within a cybercrime response network. A more expansive and robust version of this model may be more efficient and alleviate pressure on smaller local departments to acquire the resources and talent to handle cybercrime incidents in-house.
“The project’s preliminary results underscore the significant, negative impacts that both external and internal factors have had on local law enforcement’s ability to respond to cybercrime incidents and calls for service.”
Given the rapid, exponential growth of cybercrime and similarly fast evolution of digital technologies, the cybercrime response model should be analyzed and reimagined on a national, regional, and statewide basis.
Expanded Cybercrime Insurance
Agencies are challenged by the victim-switching that often occurs in financial fraud and scam cases. Victim-switching happens when a victim of a cybercrime fraud or scam loses interest in pursuing charges upon being reimbursed or compensated.
The financial institution or business that reimburses the victim also becomes a victim of the same criminal act, yet they too may have little interest in pursuing a criminal investigation, especially if the monetary amount does not reach a specific threshold. The financial institution or business may simply write off the incident as a cost of doing business.
In these instances, local law enforcement agencies, which may have already expended significant time and resources pursing the incident, are often left with a case that cannot be cleared. This problem is compounded when the perpetrator is outside the United States.
This issue might be improvable, if not completely fixable, through expanded cybercrime insurance programs for individuals, banks, and businesses.
Enhanced Strategy and Collaboration
Resolving the private sector cooperation issue and ensuring uniform policy for the preservation of user data and records may require legislation at the state and/or federal level. However, these concerns should be priorities given how much knowledge, skill, and intelligence about cybercrime is contained in the private sector.
Leadership can engage in future visioning and horizon scanning exercises, like those conducted by businesses and organizations seeking to develop adaptive transformational and strategic plans. Agencies would clarify their digital or technological cybercrime needs and then set the pace for their transformative journey.
Local departments are also stymied by the borderless and international components of many cybercrimes as well as the significant technological challenges and skills needed to track down perpetrators who benefit from technologies that enable them to mask their location and identity. Confronted with cases that cross state or international borders, most agencies are at a loss on how to resolve them, leading to frustration for personnel and victims. Developing stronger international collaboration efforts could mitigate this concern.
Additional Training and Resources
The health and well-being of frontline officers and investigators — whom the project’s data showed were experiencing fatigue, frustration, and burnout linked to the high volume of cybercrime cases and limited resources — should be prioritized along with efforts to upskill and continuously educate them through timely and relevant training sessions.
“[Agencies] described the lack of cooperation from private sector companies as one of the most significant challenges impacting their ability to handle their cybercrime caseload.”
For many local police departments, the ability to combat cybercrime will come down to financial resources; leadership might consider enlisting outside expertise as thought partners to help with the value proposition for expanded funding and resources.
Certain programs and technologies help supplement or strengthen cybercrime capacity, capability, and agency resiliency, though much work is still needed. For example, the FBI maintains cyber task forces that some state and local agencies are utilizing to reduce cybercrime-related challenges.
The FBI’s InfraGard program is also positioned to help address a major challenge noted in this research — namely, private sector engagement and collaboration with law enforcement. InfraGard is a partnership between the FBI and members of the private sector for the protection of U.S. critical infrastructure.6 Also, the U. S. Secret Service maintains the National Computer Forensics Institute, which provides training for state and local law enforcement officers.7
Private companies are developing digital and technological solutions to assist law enforcement agencies as they confront cybercrime problems and challenges. However, during this research process, the authors cited the cost of adopting these solutions as an obstacle among many smaller and rural local departments.
Recommendations for strengthening an agency’s ability to combat cybercrime include additional training, improved communication and collaboration, enhanced networks for sharing information, an updated cybercrime model, expanded insurance programs for cybercrime victims, requests for more funding, and the use of federal and public programs and technologies.
Given the current climate, some of these suggestions may be a significant challenge because of a lack of time and resources, and they may require policy intervention and a great deal of effort and cooperation. However, local law enforcement agencies occupy the front lines of most criminal and social problems; strengthening their capacity and capability of dealing with emergent and significantly harmful problems like cybercrime should be a high priority.
Additional results, findings, and recommendations from this project are forthcoming.
“[M]any local agencies had difficulty assessing whether their current cybercrime tactics, policies, and procedures aligned with emerging cybercrime best practices.”
Dr. Moloney can be reached at firstname.lastname@example.org, Dr. Unnithan at email@example.com, and Dr. Zhang at firstname.lastname@example.org.
1 Sarah Gordon and Richard Ford, “On the Definition and Classification of Cybercrime,” Journal in Computer Virology 2 (August 2006): 13-20, https://doi.org/10.1007/s11416-006-0015-z; and K. Jaishankar, ed., Cyber Criminology: Exploring Internet Crimes and Criminal Behavior (Boca Raton, FL: CRC Press, 2011).
2 For instance, Linn F. Freedman, “C-Suites: Cybercrime Damages Expected to Reach $6 Trillion by 2021,” National Law Review, November 12, 2020, https://www.natlawreview.com/article/c-suites-cybercrime-damages-expected-to-reach-6-trillion-2021.
3 For example, Debarati Halder and K. Jaishankar, “Cyber Gender Harassment and Secondary Victimization: A Comparative Analysis of the United States, the UK, and India,” Victims and Offenders 6, no. 4 (October 2011): 386-398, https://doi.org/10.1080/15564886.2011.607402; Michael Pittaro, “Cyber Stalking: An Analysis of Online Harassment and Intimidation,” International Journal of Cyber Criminology 1, no. 2 (July 2007): 180-197, https://doi.org/10.5281/ZENODO.18794; and Albert Munanga, “Cybercrime: A New and Growing Problem for Older Adults,” Journal of Gerontological Nursing 45, no. 2 (February 2019): 3-5, https://doi.org/10.3928/00989134-20190111-01.
4 The research project assessed both agency capacity and capability. The term capacity refers to an agency’s technological, personnel, and financial resources and infrastructure, while the term capability refers to agency personnel’s existing or accessible competency, expertise, education, and training.
5 Christopher J. Moloney, “Exploring the Cybercrime and Technological Capacity and Capability of County and Municipal Law Enforcement Agencies in the United States” (Ph.D. diss., Colorado State University, 2021).
6 For additional information, see InfraGard, accessed March 31, 2022, https://www.infragard.org/.
7 For additional information, see National Computer Forensics Institute, accessed March 31, 2022, https://www.ncfi.usss.gov/ncfi/index.xhtml?dswid=-1826.