ROCU - National Cyber Prevent Programme - ANME Blog

National Cyber Prevent Programme

Posted on: 18th Jun 2019 by: Andy Rawlinson

The UK has a problem. A large number of young people are committing criminal offences which are contrary to the Computer Misuse Act 1990. Estimates vary, but some figures estimate that 1 in 4 teenagers has attempted something which is illegal under that act. We know that the average age of arrest for cyber crime in the UK is just 17 years old – contrasting an average for all other offending of 37 years of age.

There is little space in the curriculum to teach the Computer Misuse Act, but few are telling our young people where the boundaries are. 

Many with talent are not challenged by computing lessons. Cyber security topics rarely feature and if they do they are constrained by time to the basics.

We know that coupled with this is the ready availability of tools and services for committing cyber crime for little to no cost. DDoS for hire is a reality that is here now. They are being educated as to the existence of these services by social media and forums which often portray themselves as legal services for professionals. A simple Google search will reveal a wealth of methods and tools, and YouTube and similar will show how to use them. None of these services flag that DDoS, RATs and hacking kits are quite probably illegal.

A report by CREST with the National Crime Agency also indicated a connection with online gaming… We know that not all online gamers are cyber criminals – far from it! But, we do know when we find the convicted cyber criminal and debrief them, a significant proportion started off by finding out how to cheat at online gaming. The natural pathway is to lose… find out how to cheat and mod the games (not illegal)… still lose… then learn how to ‘boot’ opponents using DDoS services or tools. Unfortunately this often leads to them being engaged in a world where other opportunities present themselves – RATs to steal loot boxes and game content.

At no stage in this process has anyone highlighted the legality of the activity and indeed the ‘sales’ techniques of many of these retailers purport some legality such as ‘stress testing’ a website… This blissfully ignores the reality that the massive bandwidth of a DDoS attack over the internet may have unintended consequences on other users of the same telecoms substations - or even hit the wrong target due to erroneous IP resolution. Law enforcement in the UK can deal practically with those DDoSing a friend over online gaming, but if a hospital, school or an SME that goes bust are the accidental Victim it can have real world consequences no-one ever taught these youngsters to think about.

The crying shame about this is the potential missed opportunity… Cyber security careers are numerous and growing. Reports abound about numbers, but an oft-quoted Global Information Security Workforce Survey suggests a gulf of 1.8 million unfilled jobs in cyber security by 2022. Average salaries in the UK are somewhere around £70,000, with graduate roles starting around £35,000.

It is not all about technical positions. Inspired Careers lists 87 different job roles in cyber security. Many are strategic, educational, response or coordination roles. These suit a diversity of individuals – especially problem solvers – but the industry continues to have an image that everyone sees the matrix and reads binary. Like all STEM subjects, women are massively under-represented despite often having all of the right skills.

There are also lots of different routes in which suit candidates with different ability. Apprenticeships and Degree Apprenticeships are now quite common and offer an alternative to the traditional degree which will not suit everybody. Industry partners we have met have told us that a degree in Computer Science or even Cyber Security specialisms are great – but knowledge may be out of date by the time they qualify and they may not show the practical skills. Industry wants continuing professional development and industry qualifications like Sec+ and OSCP.

There is plenty of anecdotal evidence that young people involved in cyber crime are often somewhere on the autistic spectrum. The National Crime Agency are funding research by Bath University into how true this is and the reasons why. What we do know is that these people will often be more vulnerable, may not succeed in some traditional academic routes but have plenty of talent perfect for these roles.

You – the specialists in educational networks – are in a perfect place to help. You know who in your school or college is consistently triggering alerts, trashing the boundaries and causing you a headache… You have the opportunity to help shape things.

The UK Government knows there is a problem and an obvious solution. The national Cyber Prevent network has been set up in UK Policing to deliver this, led by the National Crime Agency. We can deal practically and sensibly with students you are concerned about. The aim will be diversion rather than criminalisation, provided they are not responsible for the next WannaCry virus. We have access to resources and tools to steer schools and parents – and those involved – in the right direction. We can educate as to the boundaries and then point them towards the opportunity.

Speak with your safeguarding leads. Make them aware of the national Cyber Prevent programme. If there are people you think are heading down the wrong route, get them to make the referral to your nearest Cyber Prevent team and work with us to help them before it is too late.

In the meantime, consider what your organisation is doing and think about:

  • Do you treat pupils breaching school cyber security as a safeguarding issue?
  • How would you respond to a student breaching cyber defences?
  • Are there extra-curricular programmes to support cyber talent?
  • Can you utilise them to improve school cyber security?
  • Bug Bounty: would you pay a bug bounty – such as £20 Amazon vouchers – to a pupil if they report a vulnerability rather than abuse it

Find out more:

We can refer you to your local team if you are not in the South-East.

Andy Rawlinson
Police Cyber Prevent Officer & Cyber Security Advisor


Testimonials from Members & Partners

  • “Fantastic event, with interesting content and very well organised.”

    Alain Squiteri, Sales Director - InVentry

  • I thought the day was excellent. It was really good to have the companies there and invaluable for meeting and speaking with new contacts. I really hope this carries on as it was desperately needed in our field.

    Janet Cannell, Member

  • We’re really proud to be ANME’s platinum sponsor. It’s such a great platform for school network managers to get together and share ideas, plus it provides us the opportunity to speak directly to schools using our solutions and get their feedback and input into new features. Every event is always different, with fantastic speakers providing real insight and ideas on all things edtech.

    Al Kingsley, Group Managing Director, NetSupport Limited

  • ANME meetings provide valuable networking - being able to talk to other professionals doing the same role and understanding their approach and their context. This is a great way to challenge what you are doing in your own setting.

    Neil Limbrick, ANME Ambassador

  • A fantastic online resource of like-minded professionals that you can use to bounce ideas off, chat things through, get advice from. Invaluable.

    Ric Turner, Balshaws Church of England High School

  • The ANME is a priceless resource for anyone working in an IT support role in the education sector. The online forum is lively and informative and the regular meetings provide insight into new products and valuable networking opportunities with peers from other establishments. I've lost count of the number of valuable conversations and helpful tips that I've had since becoming a member. If you've not been to a meeting before then try to attend the next one in your area, you won't be disappointed.

    Dave Leonard, ANME Ambassador and ICT Manager at Matthew Moss High School

  • The ANME has been a great resource when you're a lone IT manager, now you have friends going through the same obstacles as you, with plenty of advice and guidance.

    Michael Frost, ANME Member & IT Network Manager at Parkwood Hall Co-operative Academy

  • Being part of the ANME is like being part of a large corporate IT department, there's always someone you can ask for advice

    Paul Gillon, ANME Member & Network Manager at West Hill School, Stalybridge

  • ANME is like having a team of IT experts at my fingertips. It helps me keep up to date with the latest trends in IT education.
    Rick and the ANME members have always helped when I've needed extra guidance to make great IT decisions

    Clifford Fernandes, ANME Member & IT Manager at Claremont High School

  • I attended my first ANME regional meeting recently which was great. It was Informative, relevant and useful! Unlike some meetings I attend where you get one or two useful nuggets of information, but other bits have been added to the agenda as fillers. Glad to be a member of this group of like-minded individuals.

    Adam Hall, ANME Member & IT Operations Manager at Four Oaks Learning Trust