EC report: Cyber-crime demands a new approach to law enforcement

Combating cyber-crime is one of the top three priorities in ‘The European Agenda on Security' framework, published by the European Commission yesterday.

“In the coming five years, this framework for working better and more closely together should be deployed to address three main priorities for European security, while it is adaptable to other major threats that might evolve in future,” the report said.

Identifying cyber-crime as an ever-growing threat to citizens' fundamental rights and to the economy, the EC said it was one of three core priorities for immediate action.

The other two priorities are terrorism and serious organised cross-border crime. The report makes clear that the three priorities overlap in a number of areas as terrorists and organised crime are well versed in the techniques of cyber-crime.

The report identifies cyber-security as the first line of defence against cyber-crime. It calls for the adoption of a Directive on network and information security as proposed in the 2013 EU Cybersecurity Strategy.

“The implementation of this Directive would not only promote better cooperation between law enforcement and cyber-security authorities, but also provide for cyber-security capacity building of competent Member States' authorities and cross-border incident notification,” the report said.

The first step in combating cyber-crime is the full implementation of existing legislation. The 2013 Directive criminalised the use of malicious software and strengthened the framework for information sharing around attacks. The 2011 Directive addressed legislation around child sexual exploitation.

But the report said that a 2001 framework decision combating fraud and counterfeiting of non-cash payment systems is out of date and must be reworked for virtual currencies and mobile payment.

The report concedes that currently cyber-criminals are much more agile than law enforcement, both in terms of legislation and operations. The criminal justice system (CJS) must become more collaborative with their colleagues in other jurisdictions, otherwise they will have no hope of keeping up with technological advances such as cloud computing and the Internet of things.

And police need further skills and education in gathering cyber-evidence in a way that's useful for investigations and admissible in court.

The report calls for closer cooperation with the private sector to fight online crime, observing that the response to phishing attacks, for instance, requires the involvement of the entire security chain, from Europol's European Cybercrime Centre (EC3) and Computer Emergency Response Teams (CERTs) in the member states to internet service providers and end-users.

Underscoring the relationship between cyber-crime and terrorism and the need to involve the private sector, the EC announced that it will launch in 2015 an EU-level Forum with IT companies, focused on deploying the best tools to counter terrorist propaganda on the web and in social media.

Patrick Peterson, CEO and founder, Agari, commenting on the news, welcomed the report, saying that information sharing is the key to a coordinated cyber-security defence.

"Whilst we can never completely eradicate cyber-attacks,  the new forums are a step in the right direction by the European Commission. Not only will it catapult our ability to share data even more effectively across the public and private sector so that we can finally gain the upper hand against cyber-criminals but it will help restore trust in a digital economy following the myriad of attacks against well-known organisations.”