In a joint statement released earlier today, ENISA ( European Union Agency for Network and Information Security) and Europol – the EU law enforcement agency - said that the agreement would “enhance cooperation between Europol, its European Cybercrime Centre (EC3), and ENISA to support the EU Member States and the EU institutions in preventing and combating cybercrime.”
The cooperation will cover the exchange of knowledge and expertise, elaboration on situational reports, reports from strategic analysis and best practises, and will also look to “capacity building” through training and awareness training.
The agreement confirms that the two establishments are working together, as has been the case for several months. ENISA is already part of the EC3 Programme Board, while EC3 is in ENISA's Permanent Stakeholders Group – which advises the ENISA Director on the yearly Work programme and priorities.
The two bodies have already worked on EU-level cyber security, producing joint paper on Botnet mitigation, taking part in Cyber Security Month and cyber exercises like Cyber Europe 2014. It has also worked with national CERTs and provided cyber security workshops.
ENISA executive director Professor Udo Helmbrecht, and Europol director Rob Wainwright issued a joint statement: “This agreement is an important step in the fight against ever more skilled cyber-criminals who are investing more time, money and people on targeted attacks. Our agreement demonstrates that we are highly committed to jointly contributing within our respective areas of expertise, and to support each other's work in the quest to make Europe a safer place online.
"Cyber-crime is estimated to cost the global economy more than US$ 400 billion annually, by cooperating more closely together and sharing expertise, we strengthen Europe's capacity to combat cyber criminals.”
Alan Woodward, a visiting professor at the department of computing at the University of Surrey and academic adviser to EC3, said that the agreement was a ‘very natural' step, and suggested that the two parties would already be working together on some level. “It's probably been happening on an operational level for some time,” he told SCMagazineUK.com. “Tackling internet crime is a cross-border effort.”
He added that Europol was a ‘natural focus' as it's already acting as a hub for cross-border collaboration, and cited EC3 as an example of ‘physically driving operation', as various officers actually sit in the same room, as they did for the recent ‘Operation Tovar' takedown of Gameover Zeus/CryptoLocker botnets.
Asked if further agreements like these could improve local policing of cyber-crime, much in the same way governments have helped corporates to learn about cyber threats, Woodward was forthright. “I think it already has – the UK CISP (Cyber Security Information Sharing Partnership) has more people joining and I think what we're seeing across borders is an ‘enemy of my enemy' approach.”
Raj Samani, McAfee Labs CTO and a member of ENISA, pointed to the recent Cyber Europe experiment as an example how beneficial sharing and working together to “correct or rectify issues before they happen” can be, while BH Consulting founder and analyst Brian Honan said that the announcement could have wider repercussions for cyber-crime policing.
“This is a welcome move as it further solidifies the cooperation between the two organisations. Hopefully, this partnership should help Europol and ENISA identify and develop workable solutions that member states, and by extension law enforcement agencies in those member states, can implement to tackle cyber-crime,” he told SCMagazineUK.com.