Source: Radio New Zealand
Police Commissioner Richard Chambers ordered a “rapid review” of police’s information security controls after the McSkimming case came to light. RNZ / Samuel Rillstone
Twenty police staff are under investigation in relation to “misuse and inappropriate content”, police have now confirmed.
Police say they cannot rule out criminal investigations into the staff.
RNZ earlier revealed several police staff were under investigation, including an officer who has been stood down after inappropriate material was found on a police-issued device.
It follows an audit of staff internet usage sparked by the resignation of former Deputy Police Commissioner Jevon McSkimming who recently pleaded guilty to possessing objectionable publications, including child sexual exploitation and bestiality over a four-year period.
Do you know more? Email sam.sherwood@rnz.co.nz
Acting Deputy Police Commissioner Jill Rogers earlier told RNZ a “small number of users of concern” were under investigation.
RNZ asked for clarification but did not receive a response from police.
On Wednesday, Rogers said police continued to progress investigations into about 20 cases of misuse and inappropriate content as part of the ongoing audit of staff use of police devices.
“Employment processes are underway in some of these cases while others are still at the preliminary stages of investigation.
“We can assure the public appropriate action will be taken in every case and cannot rule out charges if the Solicitor General’s guidelines for prosecution are met.
“We are unable to comment further while these processes take their course.”
Rogers earlier confirmed to RNZ a police officer had been stood down from duty for “inappropriate content on a police device”.
“The officer is under employment investigation for serious misconduct, relating to inappropriate, but not objectionable, material on a police-issued device. The alleged misconduct was uncovered through following recent audits of staff internet usage.”
Police Commissioner Richard Chambers earlier told RNZ the misconduct being investigated was uncovered as a result of the new monitoring measures introduced following the Rapid Review of the settings for police devices, launched after McSkimming’s resignation.
“I sought that review because of my concern that such conduct was not being detected. This offers some reassurance that we now have the necessary tools to detect potentially inappropriate behaviour.”
Police Minister Mark Mitchell earlier told RNZ he had not been briefed on the allegations, but expected police to “take action on any matters that involve inappropriate behaviour”.
The investigation into McSkimming led to concerns that staff could bypass internal controls and “exploit vulnerabilities to access inappropriate content”.
The concerns prompted Chambers to order a “rapid review” of police’s information security (INFOSEC) controls to ensure police had sufficiently strong controls to prevent or detect the misuse of police technology and equipment for non-work-related purposes.
A summary of the review said the main risks were; weaknesses in technology configuration, lack of visibility over user activity and gaps in governance.
The report included key findings and recommendations in relation to each of the risks.
There was “inconsistent application” of internet access policies across different workgroups as well as a “lack of robust filtering mechanisms” to consistently prevent access to unauthorised websites.
The review also found there was “insufficient monitoring of internet usage to detect and respond to potential security threats and inappropriate usage”.
Other findings included unmanaged devices being used for operational activities and inadequate monitoring of user activity and network traffic.
There was an absence of centralised logging and analysis tools to detect anomalies and potential issues and “insufficient resources allocated to continuous monitoring and incident response”.
The review also said there was a lack of “clear governance structures and accountability” for INFOSEC controls, with “inconsistent enforcement” of security policies and procedures.
The report called for “improved oversight and coordination among different workgroups”.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
