What is the vulnerability and threat on the Information Systems of the Greater Manchester Police Force?

Greater Manchester Police

Greater Manchester Police Force (GMP) is the arm of the United Kingdom (UK) government armed with the responsibility of law enforcement. The Force’s mandate includes ensuring an all-round feeling of safety within the environs of the Manchester Metropolis. With its headquarters located at Central Park in Newton Heath, it is considered as the third largest force in England and Wales (Manchester Evening News, 2020). According to Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS, 2019), the Greater Manchester Police Force covers 493 square miles in the north west of England and oversees a population size of over 2.8 million residents.

According to Laudon & Laudon (2019), information system (IS) refers to interrelated components that collect, retrieve, process, store and distribute information to support decision making, coordination, and control in an organization. Hence, information systems to GMP is more than information technology (Laudon & Laudon, 2019). It includes senior police officers (management), other officers, police processes, politics within the system and the police culture. These attributes make up the police organization and form part of the information systems structure of GMP.

Relevance of Information Systems to GMP

First and foremost, information systems enable the senior officers in GMP to make quicker decisions by accessing the best information as quickly as possible through their collection of computers connected to the internet (Defence Science and Technology Laboratory, 2018). In GMP’s case, decision making in all aspects of their work is significant and the speed and accuracy with which these choices are made play major roles in the display of the force’s effectiveness. For instance, senior police officers in GMP have made reliable and quicker decisions on ways to improve the force through the adoption and usage of on-the-go online collaborations and social networking software. These collaborations done via information systems have led to knowledge sharing as well as learning from challenges faced by other forces in other jurisdictions. 

Secondly, information systems enable GMP to receive, process and solve large number of cases quicker and easier. According to the UK CrimeStats (2019), the Greater Manchester Police recorded a total of 32,058 cases in June 2019. This figure represents a minor drop from the 33,386 cases reported in May 2019. Statistically, the year-on-year figures saw a drop by 2,328 between June 2019 and June 2018 (i.e. 34,386). These statistics iterate the magnitude and coverage of reported cases dealt with by GMP and how their efficiency is relevant to the safety of residents. The number of cases being reported monthly to GMP stresses the fact that information systems is highly relevant and greatly affects the output of GMP in terms of the provision of excellent police services as well as the tackling of crime in the Manchester Metropolis.

Furthermore, information systems enhances the ability of Greater Manchester Police (GMP) to monitor, report and distribute data associated with crime better to ensure the safety of residents. On 22 May, 2017, the explosion in Manchester Arena left scores of people dead and injured with about Four Hundred (400) GMP officers working throughout that night (BBC, 2017). The role of GMP that night involved probing the city for information and monitoring and reporting any pending danger or suspicious attacks including finding out information about the culprits. This was mainly done through the use of technology which can include a flexible collection of computers used by the Force to perform tasks via the internet (Laudon & Laudon, 2019). GMP uses its information systems to obtain input from social networking platforms like Facebook, Twitter and Instagram to deepen interactions and provide feedback with force staff and residents.

The importance of information systems to GMP can therefore not be over-emphasised. It is critical to the success of the force. The magnitude of responsibility and the force’s ability to perform expected tasks satisfactorily in addition to ensuring the safety of residents will to a massive extent rely on the Force’s Information System’s capacity, its development and operation by staff, and the corresponding flexibility of management within the Force.

It was therefore worrying when it was reported by the British Broadcasting Corporation (BBC) that one in five computers, representing 20% of the total computers available for use in the Greater Manchester Police Force, was still running the archaic Windows XP operating software (Kelion, 2017).

Inadequate Funding for the Greater Manchester Police Force

In the 2019 audit report to GMP, the audit firm Mazars identified poor Information Technology infrastructure as a major deficiency to GMP and further stated that “the present level of demand hampers GMP’s ability to plan for meetings beyond the short term (GMCA, 2019). GMP responded by saying that “the force recognizes rising levels from criminal use of technology so it has therefore reviewed its digital investigation unit and understands its IT infrastructure is not fit for purpose”. Mazar’s observation and GMP’s response lends credence to the report by BBC about GMP’s infrastructural deficiency and usage of Windows XP. Microsoft ended all support for the operating system in 2014 and as such the use of Windows XP can be classified as high risk (Microsoft, 2014).

From an initial investigation of the matter, there is a drawn justification that inadequate funding is a major vulnerability for the Greater Manchester Police Force. This vulnerability can lead to attacks on their Information Systems Infrastructure thereby impeding service flow within the metropolis.

According to the National Audit Office (2018, pp.5), Police and Crime Commissioners (PCCs) are responsible for allocating funds needed to achieve the objectives of the police force. Importantly, the report found out that there had been funding pressures which had led to commissioners being allocated 30% less of what was received in 2010-11 (pp.7). It further indicated that the greatest cuts were experienced by Police Forces who relied extensively on government funding. Coincidentally, Greater Manchester Police was the fourth highest, i.e. 73%, in terms of reliance on government spending (National Audit Office, 2018, pp.17) out of a total of 42 Police Forces which were looked at. The audit further observed that these cuts had led to emerging signs of difficulty in delivering efficient services (pp.8) in addition to the observation that the forces had largely underspent on information and communications technology (pp.26). The above assertions were re-iterated by both the current Mayor of Manchester, Andy Burnham (GMCA, 2020) and his predecessor, Tony Lloyd (GMPCC, 2017) in their respective yearly PCC reports.

The continuous cut in GMP’s budget has therefore led to further inadequate support for improvements in Information Systems for the Force. The table below shows the fall in government funding for GMP since 2015 (Police Funding for England and Wales, 2018, pp.15). Although, Home Office has increased the overall grant to GMP for the 2020/21, the additional funds are primarily meant for the recruitment of additional police staff (Home Office, 2020).

PCCs are allowed to raise additional revenue often referred to as precepts from local council tax (Allen, 2019). PCCs can raise the precept but cannot increase it at a rate that is excessive unless authorized by a ‘yes’ vote in a local referendum. The vulnerability with regards to Information systems was clearly identified by the immediate past Greater Manchester Police Mayor and Police and Crime Commissioner (Tony Lloyd) who stated that “the budget for 2017/18 had been slashed by ￡5.7 million” (Lloyd, 2017) but he was still bent on improving capital investment in Information services transformation programme in order to remove the significant risk of information technology failure. This simply meant that the Force did not have adequate funds even from the allocation released to them by the Home Office to tackle crime, police and information systems related issues. 

The vulnerability of inadequate funding is applicable to other forces besides GMP. An earlier response to a Freedom of information enquiry in 2015 by Kelion revealed that about 35,640 desktop and laptop computers utilized by the London Metropolitan Police were running Windows XP. In a subsequent request for information on the same topic, Kelion (2017) reported that although there had been improvements, about ten thousand (10,000) desktop computers utilized by the London Metropolitan Police were still running Windows XP. This meant that the situation was not peculiar to only Manchester Police but constituted a wider phenomenon. This also adds credibly to the report by the National Audit Office (2018, pp.5) that there has been funding pressure on the various forces in England and Wales and specifically GMP. The inadequacy of funding to GMP can lead to a run-on on their information systems in diverse ways because funds are not available to upgrade or improve their information systems.

Malware Invasion

It must be recalled that the famous cyber-attack of the malware “Wannacry” on the National Health Service (NHS) was through an outdated software which had not been upgraded or replaced. Therefore the focus of this section is on the threat posed by the diffusion of malwares to GMP’s information systems because of lack of funds to upgrade or replace the information system available. Malwares are developed by cyber attackers and used intentionally to gain access or cause damage to a computer or network usually without the victim’s knowledge (Norton, 2020). 

To begin with, GMP’s failure to heed the warning of the developers of Windows XP of the vulnerability in using Windows XP is an inherent risk. According to Microsoft (2020), personal computers running Windows XP will not be secure and will be at risk of infection, and the continuous usage of Windows XP will make systems more vulnerable to security risks and viruses. Microsoft ended support for Windows XP in 2014 and its continuous usage by GMP makes it vulnerable to malicious attacks. According to Kaspersky (2020), WannaCry, a type of malware, targets computers using Microsoft Windows operating system, however, computer users became victims of the WannaCry attack in 2017 because they had not updated their Microsoft Windows operating system. Approximately 9.9 billion malware attacks were recorded in 2019 and any of these could affect GMP’s systems if a solution is not found to their archaic operating systems (Security, 2020).

Personnel at GMP rely on data and information to perform their duties. GMP’s information systems rely on data to church out sensitive information which will be used for decision making. Data is therefore an expensive and vital resource to GMP. According to Security (2020), more than 15.1 billion records were exposed to malware attacks in 2019. Hence, exposed and stolen data from GMP will be priceless information in the custody of cyber-criminals. It might also be very expensive on the dark web and a lot of cyber criminals will pay to get such information. Cyber-criminals who might gain access to GMP’s information will thus be very powerful in the crime world.

Malwares like WannaCry demand payment of a ransom before releasing their control of information. The threat to GMP’s data being compromised with the Force not having access to it will be terrible and brand damaging. The occurrence of an attack similar to the attack on NHS on the information systems of the Greater Manchester Police will therefore provide the platform and intensify the malware to spread quickly to other areas of the third largest force in England and Wales. According to The Telegraph, WannaCry attack cost the NHS ￡92 million, meaning the perceived risk and damage of malware invasion to GMP can be unquantifiable considering the fact that even computers with updated operating software and anti-viruses are not immune to some malware attacks (Kaspersky, 2020).

According to Norton (2020), malwares gain access to systems usually without the victim’s knowledge. In this case, knowing that GMP’s systems have been infiltrated is damaging enough, however, not knowing that it has been compromised until extensive damage is done will be unpardonable. GMPs use of Windows XP to perform tasks via the internet paves the way for their systems to be compromised with malicious attacks without their knowledge because computer programs will run normally whiles the malware is saving the original codes. Extra sensitive data could be leaked out there to cyber criminals because malwares in general are difficult to detect (Norton, 2020).

The impacts of the above will be an inefficient rendering of police services and lower satisfaction rating with regards to safety. For instance for the 2018/19 year, GMP was rated 50% in terms of keeping people safe by HMICFRS (HMCIFRS, 2019). The threat of malware invasion on GMP’s information system and the impact thereof requires that protections are set in place to mitigate the attacks and vulnerability.

Upgrade GMP’s Windows XP System from Funds allocated

Grooten (2017) strongly suggests that for Greater Manchester Police, the case for moving away from Windows XP is stronger because apart from the many opportunistic attacks to be experienced from malware invasion, they will have reasons to be worried about more directed attacks such as criminals using malwares to obtain information on ongoing investigations. Against such attacks, XP is simply not good enough. Grooten (2017) further alludes that “running XP is like building a house next to a volcano that has not erupted in many years: it may seem cheap and actually quite safe, but when things turn bad, they turn really bad”. It may be a cheaper option for the Force considering its financial weakness but the damage thereof can be irreparable.

The observation by Grooten of additional potential attacks and the funding vulnerability of GMP therefore suggests that a cost effective mechanism will be the best option in the immediate. Therefore, upgrading the information system infrastructure will be more cost efficient than replacement with reference to inadequate funding for GMP. The 20% of computers running Windows XP must be upgraded to Windows 8.1 which is relatively cheaper and can efficiently process with minimal disruption (Marcus, 2019). According to Microsoft (2017), the minimum requirements for operating Windows 8.1 is a 1GHz processor, 1GB RAM and a 20GB hard disk. This means that all the old computers in GMP should be able to cope with this minimum requirement. According to Microsoft (2020), after an upgrade to Windows 8.1, all files and most softwares that work in XP should also work. Any challenge encountered in running an application in Windows 8.1 should be fixed in compatibility mode.

This protection mechanism is relevant for GMP because funding has been an issue, and also because the end of life for Windows 8.1 according to Microsoft is January 2023 (Microsoft, 2019). This implies it will discontinue all support, including paid support, and all updates in January 2023. This represents a good time frame for enough funds to be allocated to GMP to run a total overhaul or update further in order to utilize a more robust information system. Importantly, the threat of being attacked by malwares will be resolved because Microsoft will continue to provide security updates for Windows 8.1 till January 2023 as already highlighted (Marcus, 2019).

Just as Allen (2019) highlighted, GMP’s PCC needs to raise precepts to undertake the upgrade of GMPs information system. The precept should be specifically raised for the purpose of upgrading the information system infrastructure. Allocation of funds thereafter should not be arbitrary as was observed to be the case in the administration of previous PCCs (Lloyd, 2017, pp.22). For instance, The 2019/20 capital programme for GMP which is expected to replace key operational policing systems and ageing infrastructure was allocated ￡37 million by the PCC. He then forecasted it to be slashed to ￡23.82 million and subsequently to ￡16.48 million in 2020/21 and 2021/22 respectively (GMP Budget, 2019) with no reason(s) as to why. This seems to suggest some form of arbitrary decision making with regards to allocation of funds for projects.

Conclusion

In terms of information systems robustness, GMP has struggled mostly because of inadequate funds allocated them by the Home Office and from local precepts. They have therefore relied on archaic operating systems in approximately 20% of their operational computers. Although issues relating to GMP’s information system infrastructure have been raised by their external auditors (Mazars) and the National Audit Office, they have been unable to either replace or upgrade these old systems because of the lack of funds. This deficiency can open them up to undetected malware invasion which will represent a breach of security controls. The role of Manchester’s PCC in ensuring GMP works with a resilient information system is thus extremely relevant. GMP’s PCC must therefore increase precepts, if funding from Home Office continues to be a challenge, to upgrade and update the archaic information system in GMP. By so doing, GMP can continue to make quicker decisions, access information easier, offer valuable resident satisfaction to ensure it obtains more than the 50% rating it obtained from the inspection carried out by HMICFRS in 2018.

References

Allen, G. (2019). House of Commons Library. How our local police forces are funded. Retrieved from https://commonslibrary.parliament.uk/insights/how-our-local-police-forces-are-funded/

British Broadcasting Corporation. (2020). Greater Manchester Police using paper after computer glitch. Retrieved from https://www.bbc.co.uk/news/uk-england-manchester-51388824               

British Broadcasting Corporation. (2019). Met Police hacked with bizarre tweets and emails posted. Retrieved from https://www.bbc.co.uk/news/uk-england-london-49054332

British Broadcasting Corporation. (2017). Manchester Arena attack: What happened? Retrieved from https://www.bbc.co.uk/newsround/40009766

Defence Science and Technology Laboratory. (2018). Information Systems Programme. Retrieved from https://www.gov.uk/guidance/information-systems-programme

Greater Manchester Combined Authority. (2020). Police Funding 2020/21. Retrieved from https://www.gmconsult.org/police-and-crime-team/police-funding-2020/

Greater Manchester Police Fund. (2019). Revenue Budget and Capital Programme 2019/20. Retrieved from https://www.greatermanchester-ca.gov.uk/media/2292/gmca-police-fund-budget-report-1920.pdf

Greater Manchester Police. (2019). From Greater Manchester Police. Retrieved from https://www.gmp.police.uk/

Greater Manchester Combined Authority. (2019). Greater Manchester Joint Audit Panel (Police and Crime). Retrieved from https://www.gmp.police.uk/SysSiteAssets/foi-media/greater-manchester/how_we_make_decisions/joint_audit_panel/greater-manchester-joint-audit-panel---30th-july-agenda.pdf

Greater Manchester Police & Crime Commissioner. (2017). GMPCC: Budget. Retrieved from https://www.gmpcc.org.uk/down-to-business/money/budget/

Grooten, M. (2017). The case against running Windows XP is more subtle than we think it is. Retrieved from https://www.virusbulletin.com/blog/2017/09/case-against-running-windows-xp-more-subtle-we-think-it/

Home Office (2020). Home Office in the media. Factsheet: Police Funding Settlement 2020-21. [Blog post]. Retrieved from https://homeofficemedia.blog.gov.uk/2020/01/22/factsheet-police-funding-settlement-2020-21/

Home Office. (2020). Police Grant. The Police Grant Report (England and Wales) 2020/21. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/860046/CCS0120839654-001_The_Police_Grant_Report_England_and_Wales-2020-21_Web_Accessible.pdf

Home Office. (2019). Police Grant. The Police Grant Report (England and Wales) 2019/20. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/773083/CCS207_CCS1218246368-001_Police_Settlement_Web_Accessable.pdf

HMICFRS. (2019). Greater Manchester Police. Retrieved from https://www.justiceinspectorates.gov.uk/hmicfrs/police-forces/greater-manchester/

HMICFRS. (2018). Role of police and crime commissioners. Retrieved from https://www.justiceinspectorates.gov.uk/hmicfrs/police-forces/working-with-others/pcc/role-of-police-and-crime-commissioners/

Johnston, N., & Politowski, B. (2016). House of Commons Library. Police Funding. Briefing Paper. Number 7279. Pp.44 – 52. Retrieved from https://researchbriefings.files.parliament.uk/documents/CBP-7279/CBP-7279.pdf

Kelion, Leo. (2017). British Broadcasting Corporation. Manchester Police still relies on Windows XP. Retrieved from https://www.bbc.co.uk/news/technology-41306321 

Laudon, K., C. & Laudon, J., P. (2019). Essentials of MIS, Global Edition (13th edn). Retrieved from https://ebookcentral.proquest.com/lib/shu/reader.action?docID=5573684

Lloyd, T. (2017). Police and Crime Commissioner for Greater Manchester. Revenue Budget and Capital Programme 2017-2018. Retrieved from https://www.gmpcc.org.uk/wp-content/uploads/2016/02/Budget-report-1718-final-Revised-at-Forum-2.pdf

Manchester Evening News. (2019). Greater Manchester Police. Retrieved from https://www.manchestereveningnews.co.uk/all-about/greater-manchester-police

Microsoft (2020). Windows XP Support has ended. Retrieved from https://support.microsoft.com/en-gb/help/14223/windows-xp-end-of-support

Microsoft (2014). Support for Windows XP ended. Retrieved from https://www.microsoft.com/en-gb/microsoft-365/windows/end-of-windows-xp-support

National Audit Office. (2018). Financial Sustainability of police forces in England and Wales 2018. (Report by the Controller and Auditor General, HC 1501). Retrieved from https://www.nao.org.uk/wp-content/uploads/2018/09/Financial-sustainability-of-police-forces-in-England-and-Wales-2018.pdf#page=6

Police Funding for England & Wales. (2018). Statistical Bulletin. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/725767/police-funding-england-and-wales-2015-to-2019-hosb1318.pdf

Williams, J. & Britton, P. (2020). Manchester Evening News. How GMP’s new computer system fell over again – just a week after senior commander hailed it a success. Retrieved from https://www.manchestereveningnews.co.uk/news/greater-manchester-news/how-gmps-new-computer-system-17697235

UK CrimeStats (2019). The leading crime and postcode data research and analysis platform. Retrieved from https://www.ukcrimestats.com/Police_Force/Greater_Manchester_Police