Gardaí waiting 16 months for funds to set up six cyber-crime units

Garda HQ says that as well as being unable to set up the necessary technical infrastructure that “ongoing support for the existing cyber infrastructure is also at risk”.

Six regional cyber-crime units have been planned since 2016, but only two pilot units are operating, under the direction of the Garda National Cyber Crime Bureau (GNCCB).

The forensic examination of child abuse imagery is by far the biggest request for assistance to the bureau from local gardaí, followed by online fraud, child exploitation/grooming, and sexual assault/rape.

The bureau also assists in examining devices for investigations into murders, gangland activity and terrorism.

Cyber-crime policing has been dogged with staff and resource shortages for years, leading to ongoing criticism in the courts regarding delays in examining devices for online child abuse.

Proposals by Garda Commissioner Drew Harris for funding to set up six permanent regional cyber-crime units were submitted to the Government some 16 months ago – but he has not yet received a response.

The Commissioner’s latest report to the Policing Authority spells out a serious issue in relation to “regional Cybercrimes Hubs”. It said: “A business case to proceed to tender for Support Contract and Regionalisation Hubs was issued to the Department of Justice & Equality for review and forwarding to the Department of Public Expenditure & Reform in March 2019 and awaits a formal response.

“An Garda Síochána has been unable to proceed with procurement until this review is complete and sanction is received from the Department.” 

The report adds: “Delivery based on the necessary forensic technical infrastructure in 2020 is no longer feasible based on procurement timelines. Ongoing support for the existing cyber infrastructure is also at risk. Contingency plans are being developed.” 

Plans to boost the GNCCB and set up regional cyber-crime units were first detailed in the Garda’s Modernisation and Renewal Programme, launched in June 2016, which envisaged regional units being in place by the end of 2017.

The report of the Future of Policing in Ireland Commission, published in September 2018, said the cyber-crime and security capacity and expertise of the Garda needed to be “substantially expanded as a matter of urgency”.

Two pilot regional cyber-crime units have been operating in Ballincollig, Co Cork and New Ross, Co Wexford.

The Garda Annual Report 2018, published last December said the GNCCB dealt with a significant volume of requests for assistance with “248 child pornography enquiries”, accounting for the highest volume of new requests.

It said that while the GNCCB case backlog had reduced in recent years, it stood at 493 cases, and continued to be “a critical priority” for the bureau.

It said: “The introduction of Regional Cybercrime Units with forensic capability in 2019 will help reduce the backlog.” Last June, Commissioner Harris said that certain crimes, including cyber-crime and online abuse imagery had “increased exponentially”.

He said there had been a “startling and shocking” increase in referrals on online child abuse material during the lockdown, between March and May.

He said he was making investments into both the National Protective Services Bureau and the GNCCB.

Last October, officers in GNCCB said the bureau currently had 32 members, but that the commissioner had approved a plan to bring the number to 120 in the next two years, which would also include staffing new divisional cyber units.

The rollout of regional cyber-crime units is a key part of the Commissioner’s New Operating Model – the greatest restructuring ever of the force – which he launched a year ago.

A Department of Public Expenditure and Reform (DEPR) said: "The Digital Government Oversight Unit received the business case from the Department of Justice in August 2020. The business case is currently under consideration.” 

A Department of Justice spokesman said: “This business case is currently under review by DPER. The Department is expecting a preliminary response from DPER in the next number of weeks.

“The business case suggests an estimated 6 months tender implementation period. It is not possible to comment on the cost involved as this is commercially sensitive information.”