CCICADA Research Group Urges Expanded Cyber Forensics Training Nationwide

As Cyber Security Legal Cases Soar, Rutgers Team Recommends Better Preparation for Judges, Prosecutors, District Attorneys, Defense Attorneys and Others

During the past two years, a Cyber Forensics Training Needs Assessment has been conducted by the Command Control and Interoperability Center for Advanced Data Analysis (CCICADA) at Rutgers University to explore the cyber forensics training needs of the U.S. Department of Homeland Security (DHS) and State/Local law enforcement officials. That has led the team to the need for cyber forensics training in unexpected places in the legal system.

An FBI Special Agent displays a cybercriminal website at a National Cyber-Forensics & Training Alliance event in Pittsburgh, PA. CCICADA’s recent cybersecurity study reveals a critical need for more cyber forensics training. (AP Photo/Gene J. Puskar)

With the support of DHS and the George Mason University Criminal Investigations & Network Analysis Center (CINA), CCICADA held extensive interviews that revealed a critical need for cyber forensics training among county prosecutors and district attorneys as well as judges and forensics experts engaged in civil and criminal proceedings. The project also highlighted the legal community’s growing volume of cases requiring detailed knowledge of cyber technology, cyber forensics standards, and information management.

CCICADA has long been exploring ways to achieve more effective communications and coordination between security-conscious agencies, judges, and other law enforcement professionals in states such as New Jersey.

Its 2020 white paper Cyber Forensics Training for Judges summarizes the challenges facing State and Local law enforcement officials and their partners in the judiciary. It also generated interest and feedback from outside experts.

Facing Up To Looming Cyber Forensics Challenges

Image: Pixabay

Cyber Forensics are used in civil and criminal investigations to obtain legally admissible evidence from digital devices such as cellphones, personal computers, and digital cameras. Information comes in a variety of forms, from emails and contact lists to location tracking data and browsing histories. All have become routine features of litigation.

Back in 1993, New Jersey adopted the U.S. Supreme Court’s 5 standards for judges to determine if evidence is admissible in a Federal Court (Daubert v. Merrell Dow Pharmaceuticals, Inc.): tests of the theory or technique; peer review and publication; acceptable error rates; maintenance of standards controlling the operation; and acceptance within the relevant scientific community.

Today in 2021, digital forensics are widely used not only by public law enforcement agencies, but by leading industry sectors and individual businesses as well. The result is an increased need for qualified forensics experts and examiners for both sides in civil and criminal trials, and a growing interest in providing more relevant education in the cyber field to judges and law enforcement officials.

Image: Pixabay

The rising demand for cyber forensics specialists in the United States reflects the rapid growth in cybercrime worldwide. A December 2020 report by the Center for Strategic & Inter0national Studies and computer security firm McAfee estimates global monetary losses nearly doubled from $500 billion in 2018 to just under $1 trillion in 2020.

Top challenges for cyber forensics professionals include:

  • Lack of standardized training rules
  • Rapidly evolving technologies impacting data access
  • National/International laws restricting information seizure
  • Increasing electronic data volume

Image: Pixabay

CCICADA Pursues 21st Century Training Solutions for New Jersey Judiciary

The CCICADA Cyber Forensics Training Assessment concludes that there is a genuine need to provide certain members of the New Jersey judiciary with new baseline training, applicable across all levels and types of courts.

The study recommends Orientation and training sessions for new judges: Provide at least a brief cyber forensics overview and pointers to resource materials during orientation and training sessions for new judges.  Depending on the training opportunities available, this could include:

  • a one-hour overview during orientation (which, for example, in New Jersey is a total of two and a half days);
  • a one-day session during basic training (which runs for two and a half weeks in New Jersey);
  • an appropriate time slot for federal “baby judge” training; and
  • subsequent deeper dives (perhaps on an elective basis) during future training sessions.

Creating consistent, standardized training content is an important step toward educating more state and local judges and law enforcement officials about cyber-related litigation.

Hon. Ron Hedges

“Courts are not going to create standards, as a general proposition”, observed Hon. Ron Hedges, a New Jersey District Court Magistrate Judge (ret.) and an adviser to CCICADA’s Cyber Forensics Training project. “The standardization is going to be done by accrediting agencies…. or some organization that is well regarded.”

National and international laws on information seizure are changing fast. More standardized cyber forensics training programs would help law professionals follow new cyber rulings at home and abroad. The United Kingdom and European Union, for instance, are pursuing ways to develop a single judicial standard and certification for cyber forensics experts.

Image: Pixabay

The United States prefers to emphasize certifying tools and processes that promote greater knowledge of digital forensics among the judiciary and law enforcement agencies. Both the National Institute of Standards and Technology (NIST) and the Scientific Working Group on Digital Evidence (SWDGE) are among the resources utilized by the Americans.

In the years ahead, effective Cyber Forensics Training programs will also need to adapt their curricula to reflect emerging topics. Changes in U.S. law and regulations impacting the Federal Rules of Civil Procedure (FRCP) in 2015 — and parts of 2017’s Federal Rule of Evidence 902 update – will continue to raise new issues about admissibility of Electronically Stored Information (ESI) evidence, future technology, and storage of U.S. data in other countries.

The CCICADA study also recommends an Online Cyber Forensics Database: Provide online access for all judges to a database of rulings related to cyber forensics that is continually updated. (See, for example, Arizona’s dynamic forensic science reference page: How Arizona Developed and Used a Needs Assessment to Guide Judicial Forensic Science Training.)

Frequent changes in information technology, social media and electronically stored information (ESI) make easy access to online data a critical resource for law enforcement officials and courts.  One concern is that new techniques or tools will be introduced without adequate scientific review, raising questions about their reliability.

Some observers suggest that judges need some understanding of the technologies — as well as using their own discretion — to assess how much confidence to place in them on a case by case basis.

Meanwhile, the volume of electronic data is surging and the pandemic changes everything.

Image: Pixabay

Many of the judges and law enforcement staff interviewed for CCICADA’s Cyber Forensics Training Assessment noted the significant rise in cases involving cyber forensics issues. They expressed concerns that current personnel could not keep pace with either the increase in electronic volume or the fast-changing technology.

Surprisingly, the COVID-19 crisis may be leading the courts to quickly embrace a new array of electronic solutions. As described in the National Center for State Courts’ recent article Judicial Perspectives on ODR and Other Virtual Court Processes:

“The COVID-19 pandemic crisis has forced courts to be innovative and creative in real time, including forcing judicial officials to push through any personal aversion to technology and/or work to remedy deficits in technology abilities.  What the courts have accomplished in 6-8 weeks in Q1 2020 provides a stunning view of the possibilities.”

The CCICADA study also recommends In-Depth Advanced Training: Beyond brief introductions to key topics in training sessions for new judges, states should develop related in-depth courses for advanced training. The advanced training courses would ideally include presentations from science and technology experts as well as legal experts.

Key topics for training include:

Image: Pixabay

  • Cyber forensics standards and procedures
  • How technological advancements affect standards
  • Electronically stored information (ESI)
  • Evolving legislation
  • Encryption and passwords

Image: Pixabay

With cyber-related litigation on the rise, law enforcement agencies will need more skilled personnel to present expert testimony in court, and meet standards for submitting scientific evidence under the long-standing Daubert ruling. The fact that any form of cyber forensic evidence – such as software, proprietary technology or database content – can be challenged in court guarantees that the workload will continue to grow for jurists, prosecutors and technical experts alike.

Moving Forward With Advanced Cyber Forensics Training

Judges do not play a lead role in preparing evidence, managing pre-trial challenges or

Image: Pixabay

determining the volume of evidence to be submitted to the court. Instead, these are the responsibilities of prosecutors, public defenders, other law enforcement officials and outside expert players.

As a result, New Jersey and other states see a substantial need in the coming years for “Cyber Forensics Training for Law Enforcement Officials”, not just judges. A major part of the CCICADA Cyber Forensics Training Needs Assessment project is concerned with that issue.

In Judge Ron Hedges’ view, expanding Cyber Forensics Training programs can boost a state’s ability to limit cybercrime, especially if they “focus on qualified people who submit affidavits and have the confidence to provide detailed testimony in court on the key issues in question.”

States Taking The Lead In Expanded Cyber Forensics Training

New Jersey’s advocacy of more Cyber Forensics Training opportunities is shared by the Massachusetts Attorney General’s Office and its Cyber Crime Unit, where legal cases increasingly involve cyber manipulations and hacking.  Extending cyber forensic training beyond judges to encompass county prosecutors, district attorneys and other law enforcement officials is already a significant priority.

The office first created Massachusetts’ Strategic Plan for Cyber Crime back in 2007.  Since 2016, an estimated 40-50 cases on digital evidence have come before the state’s appeals courts.

Image: Pixabay

The unit has now held training for close to 25,000 state and local personnel, and runs one of the largest, if not the largest, conference for law enforcement (non-case specific) in the country every year: the National Cyber Crime Conference.

CCICADA: Training Is Critical To Countering The Surge In Cybercrime

In 2021, the CCICADA research team is reaching out to concerned jurists, policymakers and law officials who recognize that the dramatic increase in cybercrime is on track to impact state courts, law enforcement personnel, the public sector, and businesses as well.

Cybercrime costs are projected to reach $6 trillion this year, and $10.5 trillion by 2025. Cybersecurity statistics show that data breaches, hacking, and phishing are on the rise and threaten organizations of all sizes.  The public sector, healthcare, finance and media technology are said to be the targets most likely to face significant growth in their cybersecurity spending.

Security specialists at the state and federal levels increasingly point to staff training as an important part of any cybercrime strategy.  Fortinet, a leading cybersecurity and networking firm, calls it “absolutely vital” for employees to understand cyber threats, and urges organizations to “implement training processes that build awareness, prevention and best practices into their culture.”  McAfee’s recent report on The Hidden Cost of Cybercrime also highlights the importance of “providing cybersecurity awareness training for employees.”

Image: Pexels

One of the strongest endorsements the CCICADA staff found for enhanced Cyber Forensic Training for judges and law enforcement professionals came from Maggie Brunner’s 2020 cybercrime enforcement article in the Journal of National Security Law & Policy. She made a strong case for providing state judges, prosecutors, defense attorneys, litigators and other law enforcement officials with a working technical knowledge of cybercrime issues throughout the justice system. She also advised states to develop specific strategies for handling digital evidence, and build the capacity for judicial and law enforcement personnel at all levels to have access to cyber training, executive management and outside partnerships.

According to CCICADA Director Dr. Fred Roberts, “As CCICADA moves ahead on ways to build upon the findings of the Cyber Forensics Training Needs Assessment, it welcomes new partners in the continuing effort to implement more effective strategies for cybercrime enforcement.”

Download pdf of report

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.