HITB 2016: Zorko calls for greater cooperation in cyber-crime fight

One of the Netherland's Cyber-security chiefs opened today's 7th annual Hack in the Box with a call to bring the private, public and communities closer together.

Patricia Zorko, head of cyber-crime at the Dutch National Crime Squad
Patricia Zorko, head of cyber-crime at the Dutch National Crime Squad

Patricia Zorko, head of cyber-crime at the Dutch National Crime Squad, opened the 7th Hack in the Box conference on a humble note. Proclaiming herself “the least technical person in the room”, Zorko said, “I really want to emphasise that you are really a very important community.”

Her 34 years in policing have seen her don a number of hats. She's been a district commander, a policy adviser and a member of the riot squad.

These days a lot of her work focuses on “cyber-security and violent jihadism”, and taking that to a supra-state level.

Although she holds the lofty title of the Dutch National Crime Squad's deputy national coordinator for security and counter-terrorism and director of cyber-security, she admits that much of this is new for her.

Her world of traditional physical security is still learning how to breach its boundaries and more fully break into the digital world, one without “any columns or structures”.

But, added Zorko, flattering the crowd yet again, “the importance of your work moves beyond technical knowledge”.

“Our homes and cars are built on it, our homes depend on it, our nation's infrastructure runs on it,” she said. The same technology that makes our lives so very easy and efficient also provides a vast fleshy underbelly for the criminal world to prod.

“The same technology that helps us, threatens because not only has cyber become mainstream, but so has cyber-crime and cyber-espionage,” she said.

Then, pointing to another no-longer-latent threat which keeps security professionals up into the wee hours of the night, Zorko raised the point that “our critical infrastructure - railroads, telecom, energy, etc. run on ICT systems”.

A major power cut, for example, “means we cannot make payments, it means no more transport, no more water”. Simply, the physical and security worlds are no longer walled off in the way they once were.

With that binary opposition comes another that those on one side of the law will rue and another will celebrate: borders. Simply, how do you arrest a criminal who stole money whilst sitting in country A, exfiltrated it to country B, sent it to an account in country C and left dozens of victims in countries D, E, F, G, H, I, J, K, L, N, M, O and P?

Carbanak is just such an example of this headache-inducing problem. The infamous APT group, while primarily targeting Russian financial institutions, wormed its way into systems on both sides of the Atlantic and the Eurasian continent. Upper estimates of Carbanak's winnings go as high as $1 billion (£685 million). So which vengeful police force gets to arrest these guys?

This question must weigh on Zorko's mind. In the last few years a major part of her job has been to better integrate the workings of the Dutch national crime squad with international policing efforts.

Her solution is to double down on that cooperation: “The only way to strengthen our digital security is to work together - governments, companies and hacking communities - nationally and internationally.”

She added: “We have been in a cyber-arms race since the beginning of the internet,” said Zorko. "To stop the cycle we must employ the wisdom of the crowd.”

She concluded as she had begun: "We need you, we need your wisdom, we need your expertise.”