[ad_1]
It audited the activities of the Attorney General, the Police Department, the National Defense Ministries and the Ministry of Justice in this area.
The activities of these institutions in 2015-2019 were inspected in the planning and implementation of the prevention of cybercrime, ensuring the investigation of these crimes and creating conditions for the improvement of research in this area.
“As the scale of cybercrime grows, society must be prepared to recognize and protect against cybercrime threats. Forces capable of preventing and investigating cybercrime must be formed, but shortcomings have been identified in the processes of cyber crime prevention and investigation and the public is still not guaranteed a safe environment in cyberspace, ”says the audit report.
Lack of coherence and cooperation.
Police, the National Center for Cyber Security, the Communications Regulatory Authority, the State Inspectorate for Data Protection, the State Service for the Protection of Consumer Rights, the Office of the Journalist Ethics Inspector and other institutions carry out preventive activities in this area, but do not coordinate or carry out impact evaluations. Existing planning and coordination systems.
According to the State Audit Office, five institutions carried out educational activities on the subject of electronic fraud, but without their communication, this measure does not generate the desired result.
Last year, the country was 16 percent. An increase in the number of people who feel unable to protect themselves from cyber crime.
The practice of blocking sites is not effective enough, for example, 297 of the 397 sites blocked by the Gaming Authority were reflected, so the blocking is temporary and the illegal content is not actually removed. Citizens continue to be at risk of being harmed by malicious websites and institutions facing a higher administrative burden.
It has also been observed that blocking authorities do this differently, applying different legislation that does not coincide with the blocking procedure, the procedural steps, the deadlines and the choice of blocking methods.
Police do not manage information on cybercrime
According to the State Audit Office, the police not only do not receive all the information about cyber security incidents that can be crimes, but they also do not dedicate human resources to their monitoring and analysis.
19 of the 143 cyber security entities interviewed by the auditors do not report cyber incidents to the police. The State Data Protection Inspectorate never provided such information during the period under review. The National Cyber Security Center instructs security entities to contact the police, and there is no data exchange on incidents and incidents in the electronic space between the two institutions.
According to the auditors, this situation is due to the fact that there are no common criteria to identify cyber crime and it is unclear which authority should be reported, the police or the National Center for Cyber Security.
Nearly two-thirds of cybersecurity entities interviewed by auditors are unclear on how to assess the harm caused by crime, and more than half on how to properly collect and store electronic evidence. 27 percent Respondents are unclear on how to respond to a possible cybercrime.
The Lithuanian Criminal Police Office employs an officer with cyber incidents, who conducted nine investigations into such incidents during the audited period. There is no active monitoring in the office.
It has also been discovered that the proportion of pre-trial investigations transmitted to court by specialized cybercrime units operating in the county’s major police stations has steadily declined in the past three years.
In 2016, this share reached 38 percent, and last year – 29 percent.
Among other things, 11 percent. Decisions to suspend, end, or not open a pretrial investigation were later overturned.
Incomplete units, heavy workload
Since 2015, there have been specialized units in the main county police stations investigating cybercrime, but there is a lack of cooperation between them and with the Criminal Police Office.
The Attorney General’s Office identifies pre-trial investigations at different police stations that are not identified as part of a systemic crime and are not linked. In the six months to mid-February of this year, there were almost 70 such surveys.
The Criminal Police Office also does not manage all the information on systemic crimes. In nearly two years, the Vilnius County Police reported about 11 such crimes, and other counties never did.
State Controllers found that the workload of officers in specialized police units exceeded acceptable standards, and the units themselves were incomplete: Last year, on average, more than a fifth of their positions were vacant.
In the four units that investigate most crimes, the workload of officials exceeds the standards (up to six pre-trial investigations at one time) up to three times. In Vilnius County, an officer conducted 16-20 pre-trial investigations simultaneously, in Kaunas-14.
To redistribute the workload, some investigations are released to intelligence officers, but this affects the scope of the intelligence.
Pre-trial investigations also suffer from a lack of experience in this area due to their lack of experience. In the past four years, unskilled officers performed an average of 62 percent. investigations into all computer crimes. More than a tenth of these studies should be assigned to specialized units.
Long lines of information technology research are also an obstacle to ensuring high-quality research: the Vilna County Forensic Research Center has to wait for such research for over a year and a half, and the Forensic Research Center for about ten months.
Not enough attention paid to training
The audit found that there is no training program for cybercrime officials, but only as needed.
During the audit period, almost a third of officials never attended the training and 70% did not. He indicated to the auditors that the training was insufficient. Nearly two-thirds of prosecutors and officials indicated the lack of new guidance documents in the area.
According to the report, the network of prosecutors and specialized officials is not fully operational and there is no scope for a systematic exchange of good practices and experiences.
Insufficiently effective training does not allow officials to increase their competence and increase their performance.
According to state auditors, the measures provided for in the Public Security Development Program and the National Cyber Security Strategy do not solve the identified problems of preventive activities. It is emphasized that without sufficient attention to this, the effectiveness of these studies can be further reduced.
It is also noted that the Cyber Crime Profile does not cover some of the crimes covered by the Cyber Crime Convention, such as computer fraud, copyright and related rights infringements, racist and xenophobic crimes.
Attention is drawn to the fact that police records do not collect or analyze all the information on these crimes, the extent of their threats and trends. Lack of systematization of this information may undermine strategic decisions and the appropriate response to changes in the field, according to the audit material.
After evaluating these deficiencies, recommendations were provided to the institutions on how to eliminate them in the coming years, and deadlines and goals were formed.
[ad_2]
