New report on how to reinforce cooperation between EU Computer Emergency Response Teams (CERTs) and Law Enforcement Authorities
November 2012 by ENISA
The EU Agency ENISA has launched a new Good Practice Guide on co-operation and coordination between Computer Emergency Response Teams (CERTs) and Law Enforcement Authorities (LEAs). The report establishes that such cooperation is essential in the fight against cybercrime. The study focuses on identifying the current gaps and possible synergies, and provides five recommendations on how to improve cooperation.
Europe’s society and digital economy are increasingly dependent upon cyber-space. Simultaneously, cyber-attacks on Critical Infrastructure such as energy, water and transportation systems, cyber-incidents, and cybercrime, such as botnet attacks and hacking, put the information society at risk. Moreover, most citizens - 59% - do not feel informed about cyber-crime risks.
ENISA’s new study finds that collaboration between CERTs and LEAs is hindered by their inherent cultural differences. CERTs are typically technical, informal and focused on addressing information system issues. LEAs, by comparison, act when they suspect that a crime has been committed. The report also identifies a number of legal and regulatory barriers. Specifically, it identified a discrepancy between a bigger awareness of national laws, compared to a smaller awareness of international legal frameworks (EU directives or the Council of Europe Cybercrime Convention). A number of operational factors were also identified as playing a role in hindering information exchange and collaboration. Experts who participated in the study recognised that information on roles and parameters for cooperation were the most important issues. These were followed by concerns over bureaucracy, different or unknown policies and procedures, lack of common standards, lack of clarity on what the other party will do with information and insufficient or inappropriate detail.
The report makes five key recommendations to overcome these barriers:
improving structures to support information sharing,
facilitation of collaboration,
good practice development and
harmonisation and clarification of legal and regulatory aspects.
These recommendations cover the expansion of training between CERTs and LEAs, establishing each stakeholder’s core competencies, capabilities and procedures, good practice on writing Memoranda of Understanding (MoUs) and evidence sharing agreements, and further clarification for CERTs on tackling data protection issues.
The Executive Director of ENISA Professor Udo Helmbrecht commented:
“Computer Emergency Response Teams and Law Enforcement Agencies cover crucial but different aspects of cyber security. Cooperation between them is vital to properly protect our digital citizens and economy. However, until now little research was done on how to connect these two areas. This study contributes to better fighting cybercrime by identifying the collaboration challenges, and ways to overcome them.”