Policing the cyber-physical space
| Published date | 01 December 2016 |
| Author | Sari Kajantie,Timo Kiravuo,Anna Leppänen |
| DOI | 10.1177/0032258X16647420 |
| Date | 01 December 2016 |
| Subject Matter | Articles |
Article
Policing the cyber-physical
space
Anna Leppa
¨nen
JKK School of Management, University of Tampere, Tampere, Finland;
Police University College, Tampere, Finland
Timo Kiravuo and Sari Kajantie
Aalto University, Helsinki, Finland
Abstract
In this paper we study how the cyber-physical space of a small nation is policed. Our
qualitative study is based on content analysis of expert interviews. We found that the
country is protected and daily incidents solved by a network of government agencies and
private companies, forming a loose public–private partnership network. However, at the
time of the study (Winter 2013), we were able to detect two problems. First, it was not
clear that sufficient focus would be available to resolve several simultaneous large inci-
dents. Second, cybercrimes are still under-reported, which may hinder the police in
building investigation capacity.
Keywords
Policing, cybercrime, cyberspace, networks
Introduction
Digital systems of different types make many kinds of processes more efficient and
reliable. Manufacturing, logistics, finance, power, water and other areas of critical infra-
structure are relying on computers, automation and networks. Use of the Internet for
controlling physical systems is a growing trend, known by terms such as ‘Industrial
Internet’ or ‘Internet of Things’. This networked digitalisation creates an invisible
dimension, a cyberspace that is starting to permeate the physical world, opening a route
to harming and disrupting the critical infrastructure of a society in new ways. Previously
Corresponding author:
Anna Leppa
¨nen, Police University College, PO BOX 123, Vaajakatu 2, FI-33721, Tampere, Finland.
Email: leppanen.anna.r@student.uta.fi
The Police Journal:
Theory, Practice and Principles
2016, Vol. 89(4) 290–310
ªThe Author(s) 2016
Reprints and permission:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0032258X16647420
pjx.sagepub.com
a perpetrator would have to gain physical access to the system to disturb it, and geo-
graphically broad malevolent action would have required a large conspiracy. Now mis-
deeds can be committed remotely in ways that are difficult to observe.
Policing this new territory started when cybercrimes emerged and is becoming more
important with the connection to physical systems. We have seen the first serious
physical damage done over computer networks (BSI, 2014; Falliere et al., 2010) and
it is reasonable to assume that there will be an ‘Internet homicide’ in the near future.
Studies (Kiravuo et al., 2015) show that even heavy industrial processes are being
controlled using devices that can be reached over the Internet. This issue is made even
more significant by the way the critical infrastructure consists of public and private
organisations providing interdependent and connected services. There is the potential
for massive disruption due to the complexity of dependencies in the system, and
electricity and communications (themselves interdependent) are especially critical
(Lewis, 2006).
Traditional security categories, such as infrastructure sectors or divisions of domestic
and international security, can lead to fragmentation of security policy (Harknett and
Stever, 2011: 456). These categories may not have significance to the attacker, while the
differences in sector policies may leave gaps in defences and dissimilarities in responses.
In particular, the law enforcement organisations have faced criticism when trying to
build a plausible response to cybercrimes, for example, under-reporting of cybercrime
and the fact that only a few cybercrimes are prosecuted may imply that crimes are not
trusted to be solved (Wall 2007a: 165, 158). Cybercrimes are considered to be a form of
crime that challenges police investigation at several levels. Physical world offences, the
crime type that the police organisation is originally created for, are usually one-to-one
crimes tied to a certain location and the perpetrator is exposed to public view and thus
faces the risk of being identified (Brenner, 2007: 14-17). However, most traces of
cybercrimes are visible only to profession als, and both perpetrators and victims are
scattered – or appear scattered – in several jurisdictions. The framework for policing
cybercrime has been suggested to be nodal networks (e.g. Nahn and Huey, 2008) or
public–private partnerships (OJ C115, 4.5.2010: 1–38).
In order to understand the various roles of organisations when a serious cyber-attack
is targeted to critical infrastructure, this qualitative study sought answer to the research
question, ‘Who is policing our cyber-physical space when a severe cyber-incident tar-
geted at critical infrastructure occurs?’. We performed expert interviews in Winter 2013
to gain an overview on cyber-incident handling from detection to criminal investigation
prior to publication of Finland’s Cyber Security Strategy and the establishment of
National Cyber Security Centre Finland. The starting point of this study was to recognise
the relevant organisations since there is no single institution in Finland responsible for
cyber-incident handling; jurisdiction is distributed to several authorities and supported
by public–private partnerships. This article concentrates on operative work at the grass-
roots level inside Finland and the dimension of international politics is excluded. The
results will increase knowledge of various actors’ basic work and roles during handling a
cyber-incident and provide a baseline for later studies as the field develops. The findings
and analysis from one small nation should also be beneficial in policymaking and
strategy planning for other countries.
Leppa¨nen et al. 291
To continue reading
Request your trial