By Rob Wainwright, Director of Europol, The Hague
“As cybercriminals are constantly changing the rules of the game, complementarity, flexibility and innovation are paramount to the successful implementation of the Union’s blueprint for ensuring cybersecurity.”
Combatting cybercrime is often depicted as a battle betweenthe police and the cybercriminals. The exponential growth of cyber-enabled and cyber-facilitated crime in the past decade, coupled with the global, borderless and asymmetric nature of these threats, makes it easy to identify who is the David and who is the Goliath in this scenario, considering also already strained public resources. A flexible and innovative strategy, one that focuses on leveraging the same technologies that the criminals misuse to conduct their illicit activities and avoid detection, is therefore at the heart of winning, not least by ensuring equality of arms. But as the saying goes, “One should never innovate to compete; one should innovate to change the rules of the game.”1 Hence, a truly effective European strategy should look beyond the institutional responses
that each agency could provide individually by addressing only a particular dimension of the problem2 and should aim at pioneering new tactics and exploiting powerful synergies by adopting a more holistic approach.
Cybercrime is a major threat
On European level, a roadmap for achieving an open, safe and secure cyberspace3 has already laid the foundations for developing an overarching strategy to defeat the “cyber Goliath”.
Furthermore, cybercrime has already been identified as one of the three top threats to the security of the European Union (EU) and a key obstacle to the development of a successful
Digital Single Market.4 But as cybercriminals are constantly changing the rules of the game,5 complementarity, flexibility and innovation are paramount to the successful implementation of the Union’s blueprint for ensuring cybersecurity. The 2013 EU Cybersecurity Strategy specifies the key elements in achieving this by promoting the development of strong cyberresilience capabilities, ideally in the context of nationalcybersecurity strategies.
Europol’s multifaceted response Europol, with its dedicated European Cybercrime Centre (EC3) launched in 2013 and its EU partners, is uniquely positioned to lead the way in tackling cybercrime. Europol’s technology- enabled platform connects over 750 law enforcement agencies from Europe and beyond and facilitates a level of secure information exchange between those partners that has tripled in less than five years. Operating on the basis that “it takes a network to defeat a network” and cognisant that in today’s interdependent world no country or agency is island or is immune to cyberthreats, EC3 leverages its network of public, private and academic partners to support EU Member States in effectively countering the hybrid threats posed bycybercrime to our collective security.
The multifaceted response to cybercrime adopted by the Centre, which includes not only operational action but also prevention, awareness raising and capacity building, draws upon the EU Policy Cycle,6 and a multi-stakeholder governance model that includes the European Union Cybercrime Task Force (EUCTF)7, the EC3 Programme Board8, and its partnership networks with non-law enforcement actors.9 This model underlines the shift away from a strictly institutional and limited response strategy and exemplifies its collaborative and inclusive nature.
Successful operations supported by EC3
An operational example of EC3’s impact, is the Joint Cybercrime Action Taskforce (J-CAT),10 an innovative framework for strengthened operational cooperation against transnational cybercrime. The Taskforce is actively supported by EC3 and has already jointly executed more than 20 successful largescale operations.
The latest joint action in December 2016 targeted users of Distributed Denial of Service (DDoS) cyberattack tools spread across 13 countries worldwide.11 In addition to the 34 arrests, 101 suspects were interviewed, and a multi-language prevention campaign raised awareness of the risk of getting involved in cybercrime.12 As outlined by EC3’s Cybercrime Trichotomy model,13 such high-volume crimes can be contained by increasing the level of cyberawareness and the baseline cybersecurity.
Therefore, defeating the proverbial Goliath calls for complementing the joint cyber detection and disruption activities with deterrence and prevention.
New possibilities to forge synergies The increasing “corporatisation of cybercrime”
14 calls for an equally inventive and holistic network-based response strategy – a collaborative approach to policing
15, which includes among other things the efficient and effective use of resources.
In light of the reviewed priorities of the EU Policy Cycle and the new Europol Regulation16 which present new possibilities to forge effective synergies with a wider array of public and private partners worldwide, Europol’s and EC3’s focus is on increasing information flows, building greater levels of trust and utilising the digital revolution to derive new value from the use of technology and data in countering cybercrime.
Rob Wainright has been Director of Europol since 2009. Born in 1967 in Carmarthen, Wales, he graduated from the London School of Economics with a BSc.
Mr Wainwright worked for the following 10 years as an intelligence analyst in the fields of counter-terrorism and organised crime. Between 2000 and 2003, he was the Head of the UK Liaison Bureau at Europol. In 2003, Mr Wainwright was promoted to the position of Director International of the National Criminal Intelligence Service. Prior to his current position, he was Chief of the International Department of the UK Serious Organised Crime Agency. He is currently a member of the World Economic Forum’s Cybercrime Steering Committee.
1. David O. Adeife ↩
2. For instance, at EU level – network and information security (ENISA), cyber
defence (EDA), cybercrime (Europol), cybersecurity of institutions (CERT-EU),
large-scale IT systems (EU-LISA), etc.↩
3. Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, JOIN (2013) 1, https://eeas.europa.eu/archives/docs/policies/eu-cyber-security/cybsec_comm_en.pdf↩
4. The European Agenda on Security, COM (2015) 185, https://www.cepol.
europa.eu/sites/default/files/european-agenda-security.pdf↩
5. Such as the growing criminal abuse of current and emerging technologies (encryption, cryptocurrencies, Internet of Things, cloud computing, etc.) and the progressive convergence between cybercrime, traditional serious and organised crimes and even terrorism↩
6. https://www.europol.europa.eu/crime-areas-and-trends/eu-policy-cycle-
empact↩
7. EUCTF is composed of the Heads of the EU National Cybercrime Units (incl. Iceland, Norway, and Switzerland), which meet biannually to discuss strategic and operational matters and aim at developing a harmonised approach to address the criminal misuse of information and communication technology and the fight against cybercrime↩
8. The EC3 Programme Board is composed of a number of key agencies and institutions who play a role in the fight against cybercrime and plays an advisory
role to EC3; it also serves as a platform for de-confliction and identifying synergies and possibilities to maximise resources and avoiding duplications;
https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3/ec3-programme-board↩
9. EC3 coordinates a number of partnership networks with private sector representatives of key industries (financial sector, internet security, telecoms and ISPs), academia, as well as cybercrime prevention and awareness national contact points and a forum for forensic experts. It also works closely with the CIRT/CERT community.↩
10. T/CERT community. https://www.europol.europa.eu/activities-services/services-support/joint-cybercrime-action-taskforce↩
11. https://www.europol.europa.eu/newsroom/news/joint-international-operation-targets-young-users-of-ddos-cyber-attack-tools↩
12. https://www.europol.europa.eu/publications-documents/cyber-crime-vscyber-security-what-will-you-choose-poster↩
13. https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2015 and https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2016↩
14. Cybercrime groups are increasingly operating like traditional businesses,
with similar structure, business models, their own communication system,
and event its own preferred currency for transactions, http://ww2.cfo.com/cyber-security-technology/2017/02/corporatization-cyber-crime↩
15. Allowing competent authorities together with trusted third parties to develop
the competitive advantage necessary to address the proliferation of cybercrime by using the combined power of the network↩
16. Applicable as of 1 May 2017, https://www.europol.europa.eu/publications-documents/regulation-eu-2016/794-of-european-parliament-and-ofcouncil-of-11-may-2016↩