New security architecture of Antwerp Police Departement provides more security on the street
Protecting freedom in a safe urban environment. That is the mission of Antwerp Police Department and also the core business of every other police force in the world. Yet, the Antwerp police is slightly different from other police districts because they are a pioneer in digitalization. This enables them to be faster, more efficient, and more flexible in maintaining order in the city.
From a strategic point of view, it was decided a few years ago to focus on ‘more blue on the streets’, in other words: more police officers. This makes officers more visible in the streets and easily approachable for citizens. Previously, intervention shifts were 8 hours long, but intervention officers often came to the police office after 6 or 7 hours to process their administrative work. The police management now decided, among other things, to work in 12-hour shifts during which officers do not have to come to the office for their administration. “That objective looks easy on paper, but then you must ensure that those people in the field can carry out their duties on site. That is why we have started a ‘mobile office’ project”, says Stijn Haemhouts, Deputy Director of ICT at Politiezone Antwerpen. The project includes setting up police vehicles as a digital workplace where officers can perform all their work: requesting data, entering official reports, etc.
One of the major challenges is getting the information to intervention teams on time and in a user-friendly way. “As police, we use a differentiated application landscape on multiple platforms and systems. As a local police force, we have our own information but also receive information from the federal police, state security, city services, and other emergency services. The intervention officer sometimes had to search for information about a person in 20, 30 or 40 search sources. For example, in application 1 he had to check whether this person was listed, in application 2 whether the vehicle was registered to his name, in application 3 whether he was registered as a firearms owner, and so on”, says Stijn Haemhouts. To facilitate this, the IT department developed the FOCUS platform and app. This gives the police officer all the necessary information about the intervention with one search in an app.
The biggest challenge here is the security and protection of the data. Stijn: “All the underlying search sources that are queried by the FOCUS platform contain highly confidential data. It involves, for example, police reports, people who are signaled, number plates and crime data. It goes without saying that this information should not be accessible to unauthorized persons. But at the same time, they must be readily available to the colleague who is driving to an intervention. Because then every second counts.”
Antwerp Police Department has therefore invested heavily in IT security. The older version of FOCUS was completely reworked and it soon became clear that a new security architecture was needed. For this, the police force worked together with Orange Cyberdefense. The process started with a brainstorming session in which experts of Orange Cyberdefense discussed their ideas with the IT department of Antwerp Police Department. “Before we started, we also had Orange Cyberdefense perform a risk assessment. Their experts thoroughly tested the proposed architecture from an ethical hacking context and looked for potential vulnerabilities and threats. The final design was made only after their advice”, says Stijn Haemhouts.
The collaboration eventually resulted in a new security architecture. “We have built and strengthened our security on different levels: around the perimeter, around the application landscape itself, the user and the endpoints. We now work with a mix of web application firewalls, classic firewalls and awareness training for the users. Because security is obviously much more than technology. Security is also about the underlying processes and the people who use them. The user often remains the weakest link because they do not always follow the imposed procedures or unintentionally share data with unauthorized people.”
The extra risk assessment turned out to be a big plus because solving possible vulnerabilities in the design phase is easier than having to do this with a finished product. In addition, Orange Cyberdefense regularly performs new penetration tests to check the platform for vulnerabilities. “The great added value of Orange Cyberdefense is mainly their enormous competence in security combined with the affinity that they have developed with our business. It is a close partnership as they understand the confidentiality of some of our data and the sensitivities they need to take into account. In this respect as well, you notice that Orange Cyberdefense is an appropriate party to make the right suggestions and proposals”, says Stijn.
The new security architecture of FOCUS is ready and the application is currently being reworked so that it can also go live through this new security architecture. Stijn: “The first signals are very positive. Our users particularly appreciate the increased user-friendliness.”
The advantages of the security architecture are mainly found in the work field. With the new architecture, they not only receive information faster and in a more user-friendly way than with the previous version of FOCUS, they now also know that the data is even better protected. For citizens, this means that patrols arrive on site much faster and are much better informed, allowing them to efficiently assess the situation and risks. This should make for a safer city.
For the employees, it is a giant leap in terms of authentication and extra security combined with increased user-friendliness. Stijn: “It was already possible to perform multifactor authentication before, but thanks to a single sign-on protocol, they now have direct access to multiple applications by logging in once. We have simplified and strengthened this further by integrating certain federal police services in the security architecture.”
For his own IT team, Stijn also sees advantages in the new security architecture: “The architecture itself has not become simpler. But it used to contain certain components that made it difficult to upgrade, update and maintain those systems. That complexity has been removed in the new security architecture, which facilitates its management for our teams.”
In the short term, the focus will be on putting the renewed system into operation. In the long term, Stijn sees other possibilities. “The architecture is designed to make this renewed digital platform scalable and exportable. This can be done for other interested police districts home and abroad. The police forces of New York and Singapore have already shown interest. When other local police districts see our system, we also notice that they are amazed by its possibilities. The first question they ask is: when can you implement this for us? Of course, it is not that simple. But it is a great compliment for everybody who worked on this project”, concludes Stijn.