There are only nine Australian Federal Police officers to cover the forensic investigation of cyber crimes countrywide, and local companies are still skimming off the cream of the crop in their own fight against data criminals.
Mark Walters, acting director international technical operations, Australian Federal Police (AFP), admitted that there are only nine forensic investigators spread across five Electronic Evidence Teams in the country. Whilst he wouldn’t say the nine investigators are over-worked, he did say they were “very, very actively employed”.
The AFP is looking to recruit more staff in this area, but “it’s a matter of resource priorities,” Walters said. ”The number of incidents requiring forensic support is increasing,” he said, adding that the private sector “can offer some very good dollars”.
A lot of forensic expertise has left law enforcement agencies to be hired by bigger agencies like accounting groups Ernst & Young and Deloitte Touche Tohmatsu, according to Adam Daniel, technical consultant for Forensic Data, who spoke at an australia.internet.com breakfast forum last week.
"They can offer a lot more money than what the government can," he said. However, “nine officers to cover all of Australia’s cybercrime just doesn’t seem enough.”
Neil Campbell, a senior security consultant with security specialist eSec left the federal police force’s Victorian Computer Crime Team after six years for accounting firm Arthur Anderson three years ago, where he worked in forensics and general IT consulting.
“I’d done my time,” Campbell said, adding that his move to the private sector “made a bit of a splash in the press at the time” as all three qualified members of the Victorian Computer Crime team left the force at the same time for Anderson.
The team’s move to the private sector grabbed the attention of other private organisations, which “aggressively went out and recruited from the ranks of the police force,” Campbell added.
At the time, the working conditions between the federal police force and the private sector were “180 degrees different” and salaries were “significantly” higher, according to Campbell. With a move from the force into the private field, ”it wasn’t unusual for someone to double their income,” he said.
However, whilst the promise of a salary hike was an element, it wasn’t the key factor that pushed most forensic investigators to jump ship, according to Campbell. “In the police force you feel as if you’re making a difference,” he said, adding that the lack of resources for equipment and training was usually the bigger push.
Campbell says that after he and his Computer Crime Team colleagues moved across to the private sector “conditions for forensic investigators changed”, however, he believes forensic investigators are still being taken from the ranks of the police force especially as now “more room in the market” for computer forensic specialists.
However, Walters denies this is the case, saying that whilst there was a high attrition rate a few years ago, in recent years the AFP has “maintained a very steady level of people”.
Walters admitted that measures were put in place to quell the level of attrition by forensic experts, with the AFP entering into a certified agreement which tightened up remuneration arrangements and terms and conditions, “making some areas of AFP more attractive,” he said.
According to Campbell, the move to performing in-house forensics is down to two major reasons: speed of response and control of situations.
When a company refers a matter to the police it is taken out of their control, he explained, adding that an in-house team can also jump on a security breach immediately “rather than when the police are ready to do it”.
Dean Kingsley, partner Deloitte Touche Tohmatsu, said the company’s drive to recruit IT forensic experts was driven by its clients. “Our clients are telling us they need help,” Kingsley said at the breakfast forum discussion. “Most organisations recognise that in terms of preventing, investigating and responding to incidents that they have to be able to do that themselves,” he said. “And there just aren’t enough skilled and trained people out there to help them do that.”