EU initiative on how to tackle cybercrime
The European Union Agency for Cybersecurity (ENISA) explores how CSIRTs, law enforcement agencies and the judiciary cooperate and how they can train together to better tackle cyber incidents and respond to cybercrime.
The report published today facilitates the cooperation between CSIRTs and law enforcement agencies (LEAs) and looks into their interaction with the judiciary (judges and prosecutors). This updated and extended version of the report comes along with an updated version of the training material delivered by ENISA in 2020 in the form of a handbook and a toolset.
ENISA is presenting these newly published report and training material at the Regional Cybercrime Cooperation Exercise and Conference of Law Enforcement/CSIRT Cooperation organised by the Council of Europe and the European Commission taking place from 7-11 March in Athens, Greece.
Why is this cooperation needed?
While CSIRTs mitigate incidents, law enforcement agencies conduct investigations. Although each community has a specific role, they often deal with the same cases. In doing so, the activities of one of them can sometimes overlap and/or could also possibly interfere with the goals and the activities of the others. In addition, other factors are at play which may have an impact on the cooperation and these include technical, legal, organisational challenges and at times even behavioural differences between the communities.
What is the purpose of the report?
This report addresses the legal and organisational framework, roles and duties of CSIRTs, LEAs and the judiciary. It also analyses their required competences, as well as synergies and potential interferences in their respective activities. By facilitating the cooperation between the CSIRT and the LE communities and their interaction with the judiciary, this work has the final aim to contribute to a better response to cybercrime.
Key conclusions and next steps
Conclusions from the analysis of sixteen different EU/EEA Member States include:
- the structure and organisation of the different communities vary by country;
- CSIRT-LEA cooperation help decrease the risk of evidence being compromised and of interferences in each other’s activities;
- CSIRTs play an important role in informing (potential) victims of cybercrime and in providing them with information on how to report a crime to the Police.
Next steps suggested include:
- the extension of the analysis to additional countries;
- the development of a catalogue of competences in incident handling and cybercrime investigations;
- the organisation of joint training and exercises.
You must be logged in to post a comment Login