Just over a year ago the federal government announced it would beef up the RCMP’s e-crime capabilities with the creation of a National Cyber Crime Co-ordination Unit (NC3).
The budget set aside $116 million over five years to create the unit, sought after for several years by the Mounties and police forces across the country who want a hub for cybercrime investigations, as well as a prominent place where residents and businesses can report cyber crime.
However, IT World Canada has learned that it will be another year before it will even have initial operating capacity, and from a temporary facility. Even then the national public reporting mechanism won’t be running until March, 2022. The unit won’t be fully operational until March, 2023.
The schedule comes from the RCMP in response to questions about the timing of the unit’s debut following the release last month of the proposed federal budget for the upcoming fiscal year.
The timing means it will be five years before the RCMP can compile more detailed national data on cyber crime than it has now.
The federal privacy commissioner is expected to release annual figures on data breaches now that organizations are forced to report breaches of security controls where there is a risk of significant harm to individuals. However, data breaches are only a part of cyber crime. For example, they don’t include attacks such as business email compromise, where a staffer is tricked into wiring money to a phony account or successful ransomware attacks, where data is destroyed.
The NC3 would include the RCMP’s Integrated Technological Crime Unit (ITCU), which started in 1988.
The RCMP told us that to create the NC3 it has to
- establish a governance framework as well as reporting relationships to law enforcement agencies across the country and to government security committees;
- hire and train an interdisciplinary team of various cyber specialists;
- equip an interim facility;
- lease and equip space for a permanent office;
- develop new operational processes and procedures in collaboration with local law enforcement forces, the Canadian Anti-Fraud Centre (which is managed by the RCMP), and the Canadian Centre for Cyber Security;
- develop or leverage existing domestic and international partnerships;
- and plan and design new IT solutions that will allow cybercrime investigators to share and analyze information, and enable Canadians to report cybercrimes.
For the time being Canadians can report cybercrimes to their local police departments, while frauds should also be reported to the Canadian Anti-Fraud Centre.
Cyber security best practices and advice can be found at the newly-formed Canadian Centre for Cyber Security. The Centre was announced at the same time as NC3 but has been quicker to get off the mark — although still not fully-functional — opening last October. The Centre comes under the Communications Security Establishment (CSE), the country’s cryptographic agency charged with protecting federal networks. The new Centre also pulls in security functions from Shared Services Canada and Public Safety Canada. CSE reports to the minister of defence.
In addition to its network protection functions the Centre is also an advisory resource to individuals and Canadian businesses. Operating now out of a temporary facility it will get a new and more secure headquarters set to open this summer. In that building businesses will be able to bring in solutions for security testing.
Police have been eagerly looking forward for some time to the creation of the NC3. At a 2017 e-crime conference in Ottawa, Scott Doran, at the time director general for federal policing for criminal operations including online crime, admitted, “We’re probably not doing a great job” when it came to fighting e-crime. “The reality is we don’t have the resources. We ‘re so busy responding that to get out ahead of the thing is very, very difficult.”
“We do a good job when we get our hands on a ‘meaty file’ and are able to pursue it,’ but we have to select highest priority files.” Doran is now director general of international policing.
Yet, as expected, the number of reports of e-crime keep going up. In 2014 the RCMP fielded 7,965 complaints of cyber crime. That rose to 9,217 a year later and 11,518 in 2016.
At that 2017 e-crime conference attendees were told a key goal of the NC3 is to enable law enforcement across the country to form partnerships take action to fight cyber crime. Efforts would include intelligence sharing, advising police on which tools to buy, effective techniques. Trends would be spotted through statistical analysis.