Interview: Simon Parr, deputy director of the National Enabling Programmes for policing, talks about a uniform Windows 10 build, flipping the trust model and better information sharing
It’s a few days after Prime Minister Boris Johnson has promised to recruit another 20,000 police officers for England and Wales, and Simon Parr says it will need more than extra numbers to raise the levels of policing
“However many cops you have, they need accurate and up-to-date information, access to all they need and don’t want to waste time double or triple handling it,” he says when meeting with UKAuthority. “Increased efficiency does not equate with the number of police officers; it increases with increased capability, giving them the right information.”
Which is what the National Enabling Programmes (NEPs), of which Parr is deputy director, are about. Created by the National Police Chiefs Council (NPCC), it is a core element of fulfilling the Policing Vision 2025 and involves the programme team working with the Police ICT Company on national approaches to technology investment and developing data standards.
There are three inter-related programmes: Productivity Services, based on a nationwide deal with Microsoft to utilise Office 365 productivity tools; Identity and Access Management (IAM), for police officers and staff to access appropriate systems from anywhere; and the National Management Centre as a centralised cyber security facility. They are being delivered under contracts with Deloitte and BT awarded last year.
It combines with the efforts of the Police ICT Company for a more cohesive national approach to tech in policing, marking a break with the traditional pattern of local forces doing things in their own, and often very disparate ways.
Evergreen infrastructure
A crucial element of this is what Parr describes as “a single evergreen infrastructure where the technology is automatically updated”, involving a common build on Windows 10, using the various Office 365 tools, with twice-yearly updates and an emphasis on using cloud systems. Despite the change in approach he says there is an appetite for it among police forces.
“It is a single blueprint design, every force on exactly the same Windows 10 build with exactly the same security model. That means you develop technical trust, so individual forces will talk to each other as they have that handshake.
“The thing about the build is that you then allow the same things to happen with information across different forces, and when you buy a new licence we become a single customer for exactly the same build. This makes it easier for policing, as there is no issue of not being able to send anything between forces as they have different builds of Windows.”
Progress has been encouraging. He says nearly all police forces now have some licences, amounting to 186,000 in total, and that the stragglers are saying it is down to infrastructure issues rather than any resistance. Also, the NEP hopes have 25-30 forces using the same Office build, or at least be running pilots, by the end of this financial year.
“Although there is a big technical change for a lot of forces, it is by and large fairly straightforward because it is off-the-shelf technology,” Parr says. “It’s one of the pluses of what we are trying to deliver.
“The big change is getting people to think differently about access to data and how it is handled. In most policing processes information is handed off manually, emailed or copied to someone.
“Cloud technology allows you to automate a lot of that transactional stuff. It doesn’t hand off the data, it hands off access.”
Five minute gains
Within this he highlights a handful of elements, including Flow, which makes it possible to automate a lot of processes that are currently handled manually. This can provide “five minute gains” which, when multiplied a million times or more over year, saves a lot of time.
He describes the Teams cloud conferencing facility as a big game changer, with its ability to invite guests into online groups and provide the sharing and co-authoring of documents with a high level of security. This can do a lot support multi-agency efforts in areas such as child protection.
There is also capacity for differentiated access within Office 365. This makes it possible to impose controls that enable some people to read material and others to write to it, while preventing anyone from downloading or cutting and pasting. This makes the collaboration a lot more secure than the traditional emailing of reports.
“We’ve done a lot of work as a programme trying to develop a general understanding of cloud, so that people are more at ease about what it means, with the controls on it, rather than just being an enormous amount of storage,” Parr says. “There is a sea change in people understanding and wanting to use it, which is why the programme has been so successful.”
The NEP team is supporting this with the creation of a catalogue of use cases for the common build, focused on generic processes such as the handling of meetings, and extending into frontline operations such as planning for major events or managing firearms teams.
'As is' to 'to be'
It involves the identification of an ‘as is’ process then working with experts from a force on how it can be improved into a ‘to be’ process. This is then used for building a wireframe on the Microsoft stack and taken back to the force for an iterative development, until it is robust and can be configured inside the systems. This is followed by a business pilot.
Along with all this is the switch to a new trust model which he says can make a big difference in giving police officers swift access to information.
“People are trusted to do all sorts of difficult things in their job in policing, but still have go through hoops to access data to help with a decision. So the idea is we’ll flip the trust model and assume that people are trustworthy, then you monitor what you are doing with it and audit.”
This goes with one of the functions of the National Management Centre, which will cover all access points to the systems and learn over time how to spot aberrations in how people use it. In other words, give the officers access as a default, then keep an eye open for any patterns that could suggest misuse or create weak points in cyber security.
Cumbria Constabulary became the first force to begin using the centre last month and Parr says there is a plan to have 25 onboard by the end of the year, acknowledging that there is some variation in attitudes.
Unease and unification
“It’s really challenging; for some it’s relatively easy, while others have a lot of work to do. There’s some professional unease about something being done to them. It’s all the things you expect when you’re trying to unify something that has had 43 radically different versions.
“So there’s a lot of hearts and minds work going on; lots of work in IT departments, with chief officers and change leads. But the prize at the end of this is that their information can go to whoever needs it to keep the public safe and can do so in a cost-effective and efficient way.”
The NPCC is looking for a pretty quick take-up of the NEP products, aiming for every force to be active on it by the end of 2021. Parr says that, while nobody is saying no to the common build or security model, there are issues to resolve with some forces around costs and business cases.
“We’re helping them build that case, acknowledging that it is going to cost, but there are things they will be able to stop doing, and it’s going to protect them against the risk of a data breach and all the potential damage.”
Internationally unique
He sees it all as ambitious but achievable, and an approach to the use of technology that is internationally unique for policing. And he reiterates the opening point that the key to effective policing is in access to information.
“We don’t see anything quite like this in the rest of the world. Finland has always been forward thinking, but as far as Microsoft is concerned nobody is doing it as we are by taking a commercial model of what works with the Office 365 suite.
“As far as policing is concerned, the risks might be different but it’s crucial that the data gets out. My view is that there is a big risk to us not using the data; people suffer and lose their lives because the data is not shared quickly enough.”
