Regional organised crime units (ROCU) form a critical part of the national policing network. They provide a range of specialist policing capabilities to police forces which help them to tackle serious and organised crime effectively. These capabilities include undercover policing, specialist surveillance, and cyber-crime investigation.
The South East Regional Organised Crime Unit (SEROCU) is made up of Police officers from the 4 South East Police Forces, Hampshire & Isle of Wight Constabulary, Surrey, Sussex, and Thames Valley Police.
The SEROCU Police Cyber Crime team are working with private industry, academia, and other law enforcement partners in developing a free, innovative, and proactive network vulnerability notification service branded - Operation Configured.
The South East region involved in this pilot phase is Hampshire, Isle of Wight, Surrey, West Sussex, East Sussex, Berkshire, Oxfordshire, and Buckinghamshire.
However, due to inaccuracies in open source data with establishing the geographic location of organisations on the internet, it is possible those outside these counties may be contacted.
Operation Configured is a programme of identifying those organisations within the region who have a known cyber vulnerability or risk, and notifying those organisations so that they can mitigate that risk.
The aim is to prevent cyber criminals from exploiting these vulnerabilities, reducing the likelihood of attack or impact of a cyber-attack.
While SEROCU are notifying organisations of these vulnerabilities, officers from the team will NOT be asking for any information or other details. They will only be providing information.
Any unsolicited contact claiming to be from the Police should always be treated with caution.
For more information read about verifying authenticity.
All modern software/systems contain vulnerabilities, either software defects that require patches to remedy, or configuration issues that require administrative activity to resolve.
For this reason, organisations should have a vulnerability management process, which enables them to know what vulnerabilities are present, within their IT estate on a regular basis.
Executive staff should ideally be as aware of the major vulnerabilities in their IT estate, as they are of their financial status.
Should you receive a notification from the police:
Check the authenticity of the information.
Speak with your IT lead to confirm the vulnerability and ways to fix it.
If further information is needed, get in touch with the police operation configured team.
If you would like practical guidance and assistance with the fix, get in touch with us.
Further information on vulnerability management is also available from the National Cyber Security Centre.