OnPolicing Blog

Welcome to the OnPolicing series.

PF On Policing logo final versionOnPolicing captures the thoughts of some of the country’s most important voices on contemporary policing. It is intended to stimulate debate about the state of policing and the myriad of challenges involved in controlling crime, disorder, and terrorism in a democracy like ours. The opinions are the authors’ own and may not represent the official position of the National Police Foundation. All comments are welcome—especially contrarian ones. We reserve the right to remove hateful or profane posts.

Please refer to the essay entitled “An Introduction to OnPolicing for an in-depth introduction to the series by the National Police Foundation’s former president and founder of the OnPolicing blog, Jim Bueermann. If you would like to contribute to the OnPolicing series, please send your 500-1000 word essay to info@policefoundation.org.

 

 

 

4August
2017

Documentary helps manage aftermath of shootings

By Patrick W. Shaver
Director, Officer Involved

My wife looked at me funny when I told her that I thought we could make a movie. I was a police officer in a big city and she was a nurse, but neither of us were filmmakers.

What she said next I’ve rebroadcast when we’ve shown our film across the country: “It’s probably not the most expensive idea you’ve ever had.”

I had watched one friend go through an officer-involved shooting and then had another friend ask me about shooting the tires off a car instead of having to shoot the driver. “Let me find a documentary and we’ll watch it together,” I told him. My intention was to find something on film that showed the reality of what officers experienced in the line of duty, offering to translate what I had seen in one friend to the next. Read More & Share

21July
2017

Give me a cup of coffee and a conversation over a new-fangled piece of fancy new equipment any day

By Dean M. Esserman
Police Foundation Senior Counselor

I keep reading about how drones, artificial intelligence and facial-recognition technologies are going to take our industry of policing to an entirely new level.

Technology will improve safety, they say. Cops will make quicker arrests, they argue. The world will be a better place for all, they assure.

That’s all well and swell, but from my perspective, the future of policing remains firmly in the able and quite human hands of the men and women in law enforcement who spend every day of their lives protecting their communities.

Want to know why I believe this? What better example of policing can take place than what happened this week? Across the country, officers celebrated National Coffee with a Cop Day on Wednesday by having a cup of joe with community members.

Read More & Share

14July
2017

Cyber threats against police

By Valarie Findlay
Research Fellow, Police Foundation

Law enforcement organizations, unlike any other, occupy a unique position in the consequences of cyber threats – often the forefront of investigative, interdiction or enforcement capacity, it’s becoming more common that they are the target.

From the operational experience, law enforcement comes into contact with various cyber technologies used for malicious and illegal means by relatively unsophisticated criminals to organized crime and terrorist groups. As part of facilitating other crimes or as a crime unto themselves, they run the gamut of theft of funds and data from individuals and large corporations, funds laundering and transfer illegal goods and services, and fundraising for other illegal  activities.

When turned on the organization, the impact can be catastrophic to public safety, privacy, integrity of evidence and the judicial process. As seen in recent years, several US law enforcement organizations and agencies have targeted by socio-political groups, as well as ransomware. Although most scenarios so far have spanned theft and destruction of information and data, the disruption of systems, including communications, and modification of evidence data can’t be ruled out as future targets.

In short, for law enforcement cyber threats are truly ‘glocal’; manifesting locally but originating or impacting globally. Whether viewed from the perspective of protecting organizational assets or investigating cyber crime, today’s cyber threats have become more asymmetric, surreptitious and persistent, and require countermeasures or means of interdiction that are very much the same. The axioms of cyber security present a challenge; remaining largely unchanged for decades, they undermine the robust technological capabilities seen in the new threat landscape.

Even old-school concepts, such as ‘shared responsibility’ between stakeholders or enforcement through pseudo-regulatory measures, have been outpaced by the speed of technology and are utterly ineffective against these threats. Although, security controls and risk management remain important as preventative measures in cyber security, we need to start looking across the many domains – policy, resource, intelligence, physical levels, etc. –  to physically and conceptually harden assets, securitize our systems and resources, and to share intelligence.

While the ‘white-hat’ technologists (the good guys) have made advancements in preventing and detecting cyber threats, it’s become clear that as long as there are assets deemed valuable by malicious actors, there will be threats and risks.

“They Weaponized Pikachu!”

It’s true. They did. Although the Pokemon malware was a low-level of technological sophistication that extracted credit card numbers and recorded data from unsuspecting Pokemon-Goers (and silently installed more viruses), the malware fed the coffers of who knows who.

Often paired with ransomware or crypto-viruses, the weaponization of technology remains one of the most serious advancements in recent decades and is a reflection of the sophistication of threats and their ability to leverage the various security domains: the more domains that are accessed to breach sensitive information, the more difficult to counter and respond to the threat.

In the “Art of War”, Sun Tzu said, “… if you know your enemies and know yourself, you can win a hundred battles without a single loss.” While lofty, it holds substantial truth. Knowledge is everything. And proficiency with various weapons doesn’t hurt either.

Sharing Worst Practices

Intelligence and attribution die a fast death when isolated or kept in a jurisdictional vacuum. Imagine if, in law enforcement, we refused to share lessons learned or intelligence with other levels of policing and the impact this would have on maintaining law and order and facilitating justice. In cyber security practices of many organizations, this has been the accepted but flawed logic.

Slowly changing, in 2014 we saw important lessons come out of the SONY Hack: never underestimate the attractiveness or leverage (blackmail) of an asset by malicious actors, one layer of anti-‘anything’ safeguards is not enough, security strategies and frameworks are exclusive not a ‘copy-paste-replace’ exercise, and that most security risk and responsibility cannot be avoided or transferred. The SONY Hack also underscored the importance of post-attack information sharing by exploited organizations to develop true threat intelligence, identify actors and improve practices.

Also recently, we’ve seen evidence of information sharing in the post-attack (response and recover) of WannaCry and then in the Massive Coordinated Cyber Invasion that shut-down key targets across the Ukraine: both seriously up-ending normal operational states. What was important with the Ukraine malware logic was how advance and surgically precise it was: it intercepted passwords, captured privileges, deleted logs, destroyed data and exercised exceptions through hash logic, leaving some assets intact. But even simple attacks, like email floods and denial of service attacks, have brought systems, cities and countries to a screeching halt.

Intelligence sharing in the above attacks, played a key part in slowing distribution of the malware across geographic expanses and shutting down of command and control. However, sharing the conditions that contribute to vulnerabilities to help mitigate threats in the prevention phase is entirely different; it’s a controversial proposition, making organizations nervous. But if all cyber exploits were treated as fundamental national security concerns, rather than individual breaches that affect single organizations or sectors, intelligence sharing would quickly be a mandatory strategic response. One that would drastically shorten the threat lifecycle.

Single Point of (Domain) Failure

Single domain vulnerability or failure is when only the most obvious domains are secured, such as an organization’s network or connected devices, and software updates, patch management, employee screening or access policies allowing unauthorized, uncredentialed access to sensitive assets, are weak or non-existent. Maintenance breaks down, security posture collapses and vulnerabilities creep in.

Several years ago, this wasn’t an issue as exploits occurred mainly through network vulnerabilities, but today threats are designed to capitalize and exploit multiple domains, finding many avenues of opportunity for information gathering and asset exploitation. A cross-domain, multi-layered approach balances the risk-stress over several domains to close gaps and to act as a fail-back. Anything less amounts to leaving the lights on and doors open for the malicious actors.

A crucial step in moving beyond ‘technology as a solution’ is the development and implementation of an effective, well-implemented, cross-domain cyber security framework, as well as instituting supportive processes and accurately identifying organizational assets and their value to threat actors. If the problem is anchored in exploiting multiple domains, the solution must address the vulnerabilities of all domains.

Although cross-domain (or multiple domain) and multi-layered security approaches will increase initial resource costs, the downstream benefits will make up for the upfront costs. Also, higher degrees of compartmentalization and isolation will improve countermeasure selection and increase ease of maintenance and agility of the environment. These some examples of domain categories that would be applied to assets through a framework and eventual security assessment:

  • Corporate security policies and procedures – documentation that makes the organization and its resources act and behave in a certain way;
  • Physical security – traditional hard-wall, room and building security;
  • Resource security – your people, their screening and their access to things;  
  • Device security – techy stuff;
  • Network security – more techy stuff;
  • Network and Application Development (as in OSI layers) security – really techy stuff;
  • … and more depending on the organization  

All Will Fail If You Don’t Think Like The Criminals

Now you’re ready to revitalize your cyber security framework and maybe your cyber or e-crime programs, right? Well, before all of this frame-working and planning starts, consider the three concepts below to create a shift in mindset.

  1. Think and plan like the ‘bad guys’ — Face it, the ‘bad guys’ are winning, mostly because it’s their full-time job and it’s lucrative. With technology outpacing our efforts to implement countermeasures, cyber security approaches must mirror the approaches of the actors behind cyber threats; they must be cross-domain, target and asset-focused and differentiated by committed, skilled resources. This becomes even more important where electronic assets – such as telemetry, biometrics and evidentiary records – require a higher level of integrity due to its applied value.
  2. Targets are as important as assets No one puts a lock on a door to prevent the theft of the door. Often we forget to securitize targets along with assets. Not unlike a property crime, there is the thing you want to get and the things you have to break to get it. Targets are the things that need to be broken, such as laptops, devices and databases that store information assets, device firmware that stores configuration values, electronically-locked rooms that store documentation, controlled substances ammunition, evidence, etc. or network connections that transmit asset data. Assets are the Holy Grail for your threat actors and vary in criticality, classification, integrity and availability.
  3. Threat actors are less important than threat scenarios — As much as profiling a threat actor is important to downstream intelligence, in the earlier stages of prevention and detection the focus needs to be on actual threat scenarios: theft, modification, destruction, disruption and, in some instances, planning and executing (surveillance, etc.). This considers the possibility and probability of damages should the asset be breached and forces the valuation of the asset from the perspective of the malicious actor.

Lastly, There Is No End Game

Not unlike countering any other criminal activities, communication and collaboration remain effective methods to help ‘close command and control’ of an active threat. Mastering a dialogue and means to share preventative information will make cyber security a part of the daily conversation of law enforcement organizations and their partners.

For now, behind every malicious threat is a human, so cementing a proven cyber security framework will be easier under current conditions than when the Internet of Things, machine-to-machine learning and custom cipher technology bear down on our systems. Right now, the focus needs to be on agile, continuous improvement, instead of a non-existent end game.

 

Valarie Findlay is an IACP and CACP eCrimes Committee member and research fellow for the Police Foundation, with two decades of expertise in cyber security and technology initiatives. She holds a master’s degree in terrorism studies from the University of St. Andrew’s. She also writes often for various security and law enforcement magazines on the organizational aspects of law enforcement and their impact on society, and on strategic initiatives in cyber security.

7July
2017

How do cops feel about the American flag?

By Craig W. Floyd
President of the National Law Enforcement Officer Memorial Fund

There is no question that the American flag is intrinsically linked to the men and women who make up the various police forces sprinkled across the United States.

Seems only natural, right? Well, consider this. The United States does not have a national police force, which was intentional because the Founding Fathers made sure that our national government did not control a law enforcement agency that had such widespread power. The Founding Fathers wanted to be sure that police officers would enforce local- and state-enacted laws.

And yet, right there on the shoulder or chest of so many officers, are patches or decals of Old Glory. Some departments do issue medals that end up on an officer’s uniform, but those instances are pretty rare, and often are only worn in official settings, not while out working the streets. Read More & Share

30June
2017

Social media has become a critical part of law enforcement

By Kaitlyn Perez
Sarasota County (Fla.) Sheriff’s Office Community Affairs Director

More than ever these days, people want transparency out of their policing agencies.

Here at the Sarasota County Sheriff’s Office, we have found that being active on social media by showing the good – and the bad – is a great place to start.

That means showcasing the outstanding work that our deputies do on a daily basis. Just recently, we posted a YouTube video and Facebook photos of a deputy helping to corral an alligator found in a citizen’s swimming pool. The video went viral and recently passed 1.3 million views.  Read More & Share

23June
2017

The barbershop: where real conversations take place

By Chief Mark Holtzman
Greenville (NC) Police Department

What police department in America is not looking for a way to bridge the gap between the police and the community we serve?  Skipping right to the issue at hand, the trust and relationships between our police and the African American community is an equation we [Chiefs and Commanders] are trying to solve.

Like most, after doing a thorough review of our current community-policing outreach initiatives, we recognized that something was still missing.  We still weren’t bridging the gap.

But could the Barbershop really be the answer?   Read More & Share

16June
2017

As mass casualty attacks proliferate, new model to prevent them emerges

Professor John D. Cohen
Rutgers University

On June 14 a lone gunman open fired on a group of Congressmen practicing for an upcoming softball game, wounding six, one critically.

The shooter was stopped when two Capitol Hill Police Officers engaged the gunman, killing him.

That same day, a disgruntled employee open fired on co-workers at a San Francisco UPS facility killing three and wounding two other people.

As a nation we are experiencing a significant increase in mass casualty attacks by individuals using guns, knives, motor vehicles and even bombs.

Some of these attackers have self-connected to a terrorist or other ideological cause while others are motivated by some other perceived grievance.

Extensive research and analysis have revealed that many of these attackers share common behavioral and psychological characteristics, and this is important because understanding the dynamics of this offender population allows us to develop strategies to prevent these attacks in the future. Read More & Share

9June
2017

Making time for yourself when there is no time

By Tammy McCoy Arballo
Counseling Team International Clinical Psychologist

Time is unkind.
The days are not long enough to meet the never-ending demands of law enforcement careers and family life. It feels like we have never been busier or more accessible than we are at this point in human history. With the dinging from a text message, our focus automatically shifts from dinner with our family to the sudden demand of a sensitive work matter.
High achievers, (which is to say, 99 percent of the law enforcement officials I’ve ever met) are not comfortable saying No when asked to take on additional duties or see things certain things need to get done right and take on the task for the betterment of the organization.
This can result in feeling overwhelmed at work, reduced time at home with the family and less opportunity to decompress, and have fun.
So, how can we steal a few minutes for ourselves? Here are a few ideas:

  • Use the commute to and from work to your advantage

During the drive, turn off or mute your cell phone during the drive (yes, you can do it for a few minutes.) Make a playlist of your favorite tunes and crank up the music. This gives you a chance to clear your mind and lift your mood.

Listen to podcasts that you love and escape into a great story. This gives you the opportunity to take a mental break and engage in something relaxing and fun. (Fun matters, folks!)

  • Go to the gym first thing in the morning

There is an abundance of scientific data attesting to the physical and mental health benefits of working out regularly, even if it is only for 15 to 20 minutes. A workout will help reduce stress, improve mood and overall health.
You also get the feeling of accomplishment early in the day. It is automatic “me time” that you can spend watching a movie on your phone, listening to music, ESPN podcasts or the like.

  • Sit in your car before you leave the station parking lot or before you walk through the front door of your home

Give yourself five minutes to prepare yourself to re-enter your home after a long and stressful day. The transition from work to home is an important one. We work so hard to provide for our family. Seemingly everything we do is to make the world a little better for the people we love.
Giving yourself a few minutes to switch from law enforcement official to father, mother, husband, wife is a gift to both them and us.
If we walk through the door with the angst of the day still swirling through our minds, we are not going to be able to be present for them and enjoy them. Take a few deep breaths and focus on where you are and why you want to be there.
Remember that we can control how we spend our time. We have the power to decide how we use our time. Life feels more demanding than ever and law enforcement officials are under more stress than ever before. There has never been a more important time to take care of yourself. Please spend your time wisely and invest in yourself at some point during each day.
Be safe and take care

Read More & Share

2June
2017

Officer’s fentanyl crisis discussed

Photo credit to CBC/Radio-Canada

A Q&A with Chief John Lane
East Liverpool (Ohio) Police Department

The opioid epidemic continues to stretch across the United States, just as it has been doing in Canada and the United Kingdom. Last month, an East Liverpool (Ohio) police officer accidentally came into contact with fentanyl and overdosed.

He was treated with one dose of Narcan at the station and three more at the local hospital to save his life.

We spoke to Chief John Lane, whose department of 17 officers has had multiple run-ins with fentanyl-related incidents, and asked him five questions about the impacts of the epidemic on the community of 11,000 people along Ohio’s eastern border with Pennsylvania.

How is the officer now?

He is doing well. He is back to work. He is a bulldog, he is always chasing drugs. It took him a few days before he started feeling better but he is doing well now. He had some chest pains afterward. They say the drug slows your heart way down, and the Narcan gives a shock to the system to revive you.

How does a police chief lead under these types of conditions?

I have to try to think ahead of ways to protect my guys. They are trying to protect the city and sometimes you have to protect them from themselves because these guys are hard charges, and they have to think about themselves. They think they are invincible, and all it takes is just touching touch it. In this case, the officer just brushed some power off his shirt. It’s hard to get them to slow down, and this didn’t even happen out on the streets. It’s also important that they have to think about them bringing it home to their families, their kids, or anyone around them. This stuff is that strong, that dangerous.

What changes in protocol have you made?

It is hard with a small department. We don’t have a lot of people or a lot of money. You need the gloves, the masks, the protective gear. You need to have Narcan. You can touch fentanyl or inhale it, and just like that, it’s got you. It is scary to think about. Our guys don’t carry Narcan, we leave that to the ambulance paramedics. They are the professionals, and really, how much can we carry in our cars? How much is enough? I’d rather the paramedics are dealing with that. If we were a rural county, it might be a different story.

In a small town like this, we run out of Narcan. The ambulances carry it, and when they get there to the scene to use, they are counting it out, saying how many cans they have left. They were down to their last one on one case.

The big changes are when we do evidence collection. There are no more field tests. We want two guys back at the station, together, gloved up, double bags, everything we can possibly do so we aren’t leaving a trail of it. Even if we think it is cocaine, and sometime people tell us it is and they are lying but they are already getting arrested. They don’t care.

How does the opioid crisis compare with previous narcotics-driven epidemics?

As far as the officers or people innocent of it being overcome by it, there’s never been anything like it in my career. The danger is incredible. I worry about it being used as a weapon. If people sprinkled it somewhere above where you had a lot of people, you could have a mass casualty situation. Get it in the air. Spread it on doorknobs. It is that strong. It is a terrorist’s dream. I have never heard of anyone worrying about it being used as a weapon. But it is so simple, just touching it will take you down. Someone could just sprinkle it on door knobs. My goodness, the possibilities are endless.

In September 2016, the department released images of an overdosed couple passed out with a 4-year-old child. The department received some criticism for it but you were adamant that it was the right move. You spoke to a reporter and said, “Enough already. People need to know what is happening. This picture is graphic, it’s disturbing. I need people to get upset and help us take back the streets. I need the presidential candidates to look at this and tell me what they will do to fix it.” Three quarters of a year later, do you still feel the same way?

People even today don’t want to realize how dangerous these things are. In that particular picture, the kid is in the back seat. What do kids do? Touch everything. It can kill everybody. I don’t think people realize how dangerous it is. And that was just fentanyl, not carfentanil, which is so much stronger.

I will tell you what, the laws are going to have to change when it comes to this stuff simply because of how dangerous it is.

I have talked to some people who say they haven’t had to deal with it. I tell them, it’s there. They just haven’t had to experience it. Be glad that’s the case, but it won’t last. All of that stuff is around. It’s in just about every community. And if they ain’t got it yet, it is coming.

 

Chief John Lane has been with the East Liverpool Police Department for 22 years where he started his career as a patrolman. He was promoted to captain in 2000 and then took over as chief in 2013. He graduated from Ohio State with a Bachelor of Arts degree in criminal justice.

26May
2017

There is no such thing as a free body camera

By Chief Brandon del Pozo
Burlington (VT) Police Department

In the early days of police body cameras, the few companies that served the market relied on an emergency procurement model: Pioneering police departments would buy the cameras in response to crises to show the public they were engaging in the reforms necessary to keep their trust.

This typically followed an ugly use-of-force incident or a corruption scandal. Other forward-thinking chiefs paid high prices for body cameras to keep ahead of these crises, knowing they were purchasing a technology in its earliest stages of its development, when it was likely to be the most expensive.

Police body cameras have evolved since then. They are quickly becoming a standard piece of police equipment, but in doing so they are also becoming a standard piece of consumer electronics.

Body cameras are not especially complicated devices – they comprise a camera, battery, a microphone, a button or two and a processor in a rugged case. They are like a smartphone without a screen.

It follows that, as with these phones, the profits won’t come from the devices themselves, which will be basically given away for free. Read More & Share