“Cybercrime, by its very nature, is the kind of crime that goes undetected.”
Shortly after its launch, the new system was already 540 times faster than its predecessor, which even then consisted of powerful servers and hard drives. Today, up to one petabyte is copied in the morning – an amount of data that would fit on 213 DVDs. Thus, data from the last 24 hours is fully available at the start of work at seven o’clock. The system is fully compliant with the Federal Office for Information Security’s IT baseline protection approach. A key module of HiPoS is a Big Data enhanced analytics system (or B.E.A.S.T.) − a fast, highly secure, and powerful cybercrime forensics and analysis system commissioned by the State Criminal Police Office in 2016. The new evaluation process with B.E.A.S.T. allows queries to be run through a “database of six billion data sets in about one to three seconds”. At this speed, the forensic methods of the experienced investigators now produce results every second that previously required weeks or months.
Since 2016, B.E.A.S.T. has been almost completely virtualized and transferred to a NRW police cloud. That the NRW police now has a storage capacity in the double-digit petabyte range is only one of its advantages. Today, the agency can carry out high-performance, innovative analyses, particularly in the field of cognitive services. For example, they use artificial intelligence to meaningfully analyze the written and spoken languages of criminals (up to 40 different languages) to understand certain police issues and to apply them to communication of perpetrators.
Another advantage for Helmut Picko is that “today, on a large, uniform infrastructure, we can set up almost any number of IT applications on short notice as a proof of concept and then, if necessary, quickly put them into operation.” This is an aspect that is not unimportant for the police, since police are testing new applications for attack detection and defense constantly to keep up with the pace of hackers and the state of development of their tools. But many products fail in the test phase because the tough police requirements on IT forensics – in image recognition, for example - are significantly higher than usual on the market. “As a result, today we have the forensic analysis tools and resources needed to parse the amount of data that was possible before virtualization many times over,” explains Helmut Picko. “Acquiring up to 55 terabytes of cleaned data in a single investigation, that was impossible for us in the past – today it’s no longer a problem.”
B.E.A.S.T. and HiPoS – essentially the core of the NRW police cloud – go far beyond the C5 requirements of the Federal Office for Information Security for cloud providers. This makes the system something of a trendsetter for authorities with comparable structures and duties in Germany.