Cecilia Malmström, European Commissioner for Home Affairs, European Commission
Criminal ac"vi"es in cyberspace are an increasingly common threat for individuals, organisa"ons and countries. TheV of web account details, online banking fraud, credit card scams, hacking of smartphones or social media profiles and large-scale, coordinated a#acks on public services or infrastructures are beginning to affect each and every one of us.
A recent Eurobarometer survey shows that internet users across Europe are very concerned about cyber-security: 89% avoid disclosing personal informa"on online and 74%
agree that the risk of becoming a vic"m of cybercrime has increased in the past year.
It is es"mated that more than one million people worldwide become vic"ms of cybercrime every day. Some calcula"ons suggest that vic"ms lose around €290 billion a year as a result of cybercrime. Yet, only a few cases are reported to the police and even fewer are solved.
Criminals are finding new methods, and we need to respond to that. Our legisla"on has to keep pace with new technological developments. In September 2010, I presented a proposal for an EU direc"ve to counteract the growing threat of large-scale a#acks against informa"on systems. The direc"ve received wide support from the European Parliament and the EU Interior Ministers, and is now on the brink of being adopted.
The direc"ve will introduce new aggrava"ng circumstances and higher criminal sanc"ons, in par"cular for the use of so-called ‘botnets’ – networks of infected computers that serve as the universal tool for the cyber-criminal and can be remotely controlled for a wide variety of ac"vi"es, such as staging coordinated a#acks, dissemina"ng spam or malware, or commiWng online banking fraud.
Legisla"on alone will not suffice. We are also seWng up a European Cybercrime Centre, or EC3, that will begin opera"ons in early 2013. The EC3 will become the focal point for the asylum and migra"on. She is in charge of the EU's fight against serious interna"onal crime and human trafficking. She is also preparatory work and the implementa"on of the Swedish Presidency of the EU in 2009.
Interna!onal coopera!on on cyber-security
OP-ED
42
informa"on and coordina"on. It will also serve as a knowledge repository for na"onal law enforcement authori"es.
Among its tasks will be figh"ng the lucra"ve online fraud schemes of organised crime. In addi"on, the centre will analyse and map criminal ac"vi"es, for example by iden"fying pa#erns in virus a#acks and then dissemina"ng this informa"on to both authori"es and ci"zens.
We now have a strong set of measures to prevent and respond to cybercrime. But the "me has come for the EU to set out a vision of how security can be enhanced in cyberspace from a wider perspec"ve. We need everyone – governments, businesses and individuals – to work together and share this responsibility. The Commission and the EU’s European External Ac"on Service (EEAS) are therefore defining a strategy to enable a step-change in how we ensure cyber-security. This is s"ll work in progress, but the priori"es are clear.
First, we need to communicate the key message that freedom and security in cyberspace are not mutually exclusive: the virtue of an open cyberspace has to be maintained while providing the right level of security.
Second, we need to enhance our cyber-security resilience and response capability. For instance, we must enhance our resilience against cyber-a#acks on cri"cal infrastructures and basic services. This includes making the EU and its member states be#er at coopera"ng when cyber-a#acks occur. External aspects such as the role of cyberspace in democra"c movements, as well as capacity building in countries outside the EU should also be addressed.
Third, we must improve at sharing cri"cal informa"on within and between public and private sectors in EU member states. The private sector, which owns and operates the vast majority of the cyber-infrastructures, must be given the incen"ves to improve their own security and to coordinate more effec"vely. An approach, in which governments simply try to mandate be#er cyber-security is bound to fail. Hence, we need to seek out ways to create trust, improve coordina"on and increase the joint handling of incidents.
Without being alarmist, we must remain very alert. Coopera"on and awareness raising are crucial for an effec"ve response. For us as ci"zens to embrace our online opportuni"es, cyber-criminals must not be allowed to spread fear. That is why law enforcement, government agencies and the private sector must work together to defend an internet that is free, open and safe.
SECURITY & DEFENCE AGENDA
Where cyber-security is heading
43
Interna!onal coopera!on on cyber-security: a perspec!ve
Noboru Nakatani, Execu"ve Director, INTERPOL Global Complex of Innova"on
The internet has become an economic driver for many countries, with 2.3 billion users expected to raise the value of global e-commerce to $1.4 trillion by 2015. But it also offers criminals unprecedented opportuni"es to obtain enormous illicit wealth, and may yet cause untold damage to cri"cal na"onal infrastructures.
Every day there are an es"mated one million digital crime vic"ms, and it is a challenge for law enforcement to coordinate inves"ga"ons effec"vely, in large part because of the profoundly different nature of digital crime to more tradi"onal crimes. The usual inves"ga"on techniques of connec"ng the dots at a na"onal level and gradually linking
criminal ac"vity with a suspect are no longer sufficient.
In the past, when somebody robbed a bank, the pool of suspects was limited to the number of people who may have had physical access to the bank. Today when a bank is robbed digitally, the pool of suspects is the number of people with a computer and an internet connec"on. In the virtual world, anyone could be poten"ally connected to a crime and be able to erase traces of their ac"vity in a way that is almost impossible in the physical world.
To fight effec"vely, one must be innova"ve and collaborate on a global level so as to close the gap and improve cyber-security. It is essen"al that cyberspace is secured while maintaining its openness – a key vision for a strategy to improve cyber-security. In 2014, INTERPOL will open its Global Complex for Innova"on (IGCI) in Singapore, enhancing the Organisa"on’s capacity to tackle the crime threats of the 21st century. One principal focus of the IGCI will be innova"on linked to digital crime and its cornerstone will be the development facility for the iden"fica"on of crimes and criminals, will provide innova"ve training and opera"onal support for law enforcement across the globe.
During the building’s ongoing construc"on, Nakatani is overseeing and coordina"ng the crea"on and development of the programmes and services that will be delivered from the IGCI by INTERPOL to its 190 member countries.
He previously held the post of Director of Informa"on Systems and Technology at INTERPOL’s General Secretariat Headquarters (2008-2010), overseeing the development of
innova"ve IT services for the global law enforcement community. He also served as
INTERPOL has laid out what it believes to be a model for interna"onal law enforcement coopera"on on cyber-security around the following three key processes:
Networking
INTERPOL will seek to create global networks between na"onal cybercrime inves"gators and other stakeholders from both the public and private sectors to improve the opera"onal capacity of law enforcement when dealing with digital crime. By engaging in real-"me informa"on sharing, supported by the Cyber-Fusion Task Force, a comprehensive analysis of the cyber-threat landscape will allow the IDCC to iden"fy current criminal ac"vi"es and risks, as well as gaps in law enforcement’s ability to prevent, inves"gate and mi"gate digital crime. Analysis generated will enable INTERPOL to provide inves"ga"ve support to digital crime cases, gathering ac"onable intelligence and assis"ng na"onal law enforcement authori"es turn it into successful inves"ga"ons and prosecu"ons.
Leveraging
With a holis"c approach essen"al to effec"vely tackling digital crime, INTERPOL seeks to draw on the strengths of its member countries and strategic partners in the public and private sectors in order to best leverage informa"on, knowledge and exper"se in digital forensics. The IDCC will iden"fy emerging technical developments, inves"ga"ve techniques and forensic analy"cal capability. It will subsequently test-bed solu"ons and develop cri"cal capacity building and training programmes to strengthen the global network of cybercrime law enforcement units, providing them with the latest informa"on, knowledge and exper"se in digital forensics – a component which is key to the success of cybercrime inves"ga"ons.
Harmonising
Efforts to fight digital crime need to be harmonised on a global level to ensure a coherent response with minimal duplica"on of ac"vi"es and maximum legal compa"bility. It is essen"al that a global response to digital crime is developed in a way that engages all strategic stakeholders and not simply law enforcement agencies. By learning from the exper"se and experience of other regional and interna"onal organisa"ons, as well as the private sector, the IDCC will develop a global law enforcement cyber-strategy that dovetails with other na"onal approaches, complemen"ng ac"vi"es rather than duplica"ng them, and empowering law enforcement officials to take effec"ve ac"on.
The internet is a vital resource which also has its inherent dangers. Rather than taking a nihilist approach with regards to these dangers, and trying to hold back the "de, we must embrace the internet and proac"vely reinforce cyber-security so that ci"zens are provided with an environment where they can freely conduct their daily online lives, safely and securely. Law enforcement’s primary responsibility remains that of ensuring ci"zens’ safety regardless of whether it is on the street or in cyberspace. INTERPOL and its Global Complex for Innova"on will therefore help empower na"onal law enforcement bodies to be#er ensure cyber-security by networking stakeholders, leveraging current and future exper"se, and harmonising legal and opera"onal efforts. It is by using this model that INTERPOL
SECURITY & DEFENCE AGENDA
Where cyber-security is heading
45
believes that it will be able to best harness interna"onal police coopera"on and best ensure the integrity of the internet and the security of its users.
SECURITY & DEFENCE AGENDA
Interna!onal coopera!on on cyber-security
46
Original Photo Source: 123RF