This module is a resource for lecturers

Knowledge management

Knowledge management has been promoted as a way to deal with the obstacles to cybercrime investigations that concern the human and technical resources, and the knowledge, skills, and abilities (KSAs) needed to conduct these investigations. Knowledge management (KM) seeks "to create, safeguard, and put to use a wide range of knowledge assets, such as people and information" to improve a process or outcome (Weiping and Chung, 2014, p. 8).

KM can be and has been applied to cybercrime investigations (Weiping and Chung, 2014, p. 10-11). When applied to cybercrime investigations, KM involves the identification and assessment of knowledge needs for general and specific cybercrime investigations. Once this identification and assessment occurs, the agency's cybercrime knowledge is identified and assessed. Comparing the knowledge needs and the current knowledge possessed by investigators, knowledge gaps are identified. After the knowledge gaps are identified, measures are proposed to fill these gaps. KM practices can be used to fill these knowledge gaps.

Knowledge management includes people who obtain, use, create, manage, and/or impart knowledge, and the processes and technology that facilitates these processes (Acharyulum 2011). Knowledge sharing (KS), an integral part of knowledge management in law enforcement (Hunton, 2012), includes both outside forces that push knowledge to others (e.g., education and awareness campaigns) and inside factors that drive others to seek knowledge ( pull factors), such as seeking out expertise or assistance on a matter (Dixon, 2000). Europol's Dark Web Team exemplifies this form of knowledge sharing. Particularly, the Dark Web Team

shar[es] information, provid[es] operational support and expertise in different crime areas [to those who request it] and …develop[s]… tools, tactics, and techniques to conduct dark web investigations and identify top threats and targets. The team also aims to enhance joint technical and investigative actions, organise training and capacity-building initiatives, together with prevention and awareness-raising campaigns - [creating a] a 360° strategy against criminality on the dark web (Europol, 2018b).

KS also seeks to make knowledge and sources of knowledge (e.g., people) available to those that need them. The U. Federal Bureau of Investigation, for example, has a Cyber Action Team (CAT), which consists of a group of cyber experts that can be rapidly deployed anywhere in the United States within 48 hours to provide support on cybercrime cases (FBI, n.d.).

There are two general forms of knowledge that are managed and shared: explicit knowledge and tacit knowledge (Dean, Filstad, and Gottschalk, 2006). Explicit knowledge is formal knowledge that is collated, documented, and easily defined (e.g., documents, cases, laws etc.). Content management systems, which have been created to house explicit knowledge, can manage cybercrime and cybercrime investigation knowledge by making it available via a website and/or searchable database. A case in point is UNODC's Sharing Electronic Resources and Laws on Crime ( SHERLOC ) knowledge management portal. This portal which includes a directory of competent national authorities (CNA directory) that can obtain, respond to and process mutual legal assistance treaties (MLATs) and extradition requests by countries (discussed in Cybercrime Module 3 on Legal Frameworks and Human Rights), case law, legislation, and a bibliographic database. UNODC also has a Cybercrime Repository that includes a repository of case law, legislation, and lessons learned in cybercrime investigations. National content management systems have also been created. For example, in Lithuania, the E-Service Portal of Lithuanian Courts was established to provide the judiciary with access to a searchable database with court resolutions and civil cases (Global Cyber Security Capacity Centre, 2017d). In Ukraine, the Unified State Register of Court Decisions has been providing the opportunity to access all court decisions and rulings that took place in the country since 2006 and is a searchable database with two types of access: public (for everyone) and full (for judiciary). National and international databases and repositories enable individuals to search and retrieve explicit knowledge housed within these databases, thereby facilitating explicit knowledge sharing.

By contrast, tacit knowledge is know-how, which cannot be easily defined and is based on experience (Brown and Duguid, 1998). Tacit knowledge sharing involves the sharing of this knowledge through socialization often in an unstructured manner. Tacit knowledge can be shared through mentoring, teaching, and networking, as well as training programmes and workshops. Several international efforts have focused on tacit knowledge sharing. For example, UNODC trains prosecutors, investigators, and law enforcement on digital evidence and cybercrime investigations. Moreover, INTERPOL's Global Complex for Innovations ( IGCI ) provides support for transnational cybercrime investigations (e.g., coordination of cybercrime investigations and operations), facilitates intelligence sharing between law enforcement agencies, and shares best practices in conducting cybercrime investigations (INTERPOL, n.d.). Like UNODC, INTERPOL's IGCI provides training courses on cybercrime investigations and cybercrime trends (e.g., advance training and curriculum development, such as training on Dark Web investigations) (INTERPOL, n.d.), and experts from Europol, Eurojust, INTERPOL and other agencies, share tacit knowledge about investigation tools, tactics, and techniques, such as those used for Dark Web investigations (Europol, 2018b). Nationally, tacit knowledge sharing is not yet a common practice.

Information and communication technology (ICT), such as synchronous (i.e., real-time) and asynchronous groupware (e.g., video conferencing and file sharing systems) and collaborative online workspaces (e.g., Google docs, where collaborators can share, edit and /or comment on uploaded documents), can be used to bring individuals together from different locations and capture tacit knowledge sharing. While efforts have been made to use ICT to facilitate tacit knowledge sharing, this is not a common practice internationally and nationally. For example, in 2017, Lithuania reported that "there is no existing mechanism to enable the exchange of information and good practices between prosecutors and judges to ensure efficient and effective prosecution of cybercrime cases" (Global Cyber Security Capacity Centre, 2017d, p. 47).

Next: Conclusion
Back to top