Nearly Three Quarters Of UK Police Websites Are Insecure

Nearly three quarters of UK police websites lack a secure connection for their visitors, despite the such security measures being touted as a means to curtail cyber crime.

The Centre for Public Safety found that 73 percent of 71 police and affiliated websites it scanned lacked a secure connection, usually indicated by a small padlock icon in the browser, or a robust implementation of such security.

This means that data being sent to and from visitors to these sites is unencrypted and vulnerable to being intercepted and stolen by hackers. Given these sites ask for personal information, the sites appear to be exposing the public to unnecessary cyber risks.

Policing the police

The scans were based on checking the sites for SSL/TLS security implementation, despite this being a relatively simple approach to making websites secure.

As such, the lack of robust SSL/TLS paints a rather damming picture for the online security the police and linked agencies are providing to citizens accessing their websites.

The Centre for Public Safety noted that the use of digital technology is being championed across the public sector and called upon police forces to follow the more cyber security conscious examples set by a quarter of police websites the organisation deemed to have appropriate security.

“Public services are undergoing a digital transformation and much has been made of the need and potential for such transformation within UK policing,” the organisation said.

“We call on those forces that fell short to demonstrate the best practice observed in other forces.

“Just as wider society and business must ensure they are not complacent to the cyber threat, the police service should also proactively manage and maintain its online infrastructure, especially as it, like other public services, seeks to embrace a digital-by-default strategy in relation to public contact.”

The report also noted that one in 10 websites were found to have a significant vulnerability, ironically including the website for the National Crime Agency’s Child Exploitation and Online Protection Centre.

While the Centre for Public Safety noted that there is an argument the likelihood of communications between citizens and police websites being intercepted is potentially small, if it was to happen it could put people at risk.

For example, if someone was trying to report a crime anonymously, their communications could be intercepted and they may then be identified, opening them up to retaliation from a criminal gang or abusive individual.

The police forces do not always have an easy ride when it comes to technology, and given they still have 27,000 police PCs still running the defunct Windows XP, that may come as no surprise.

What do you know about cybersecurity in 2016?