Key Recommendations

Prevention - Awareness

• Law enforcement should increase its visibility and presence online to address the phenomenon of minimisation of authority in cyberspace in order to increase public confidence in the security of the internet and offer a credible deterrent to criminals.
• Law enforcement should co-operate with third parties, including industry, in running awareness campaigns about cyber threats. This should involve measures highlighting the importance of ‘digital hygiene’ and endpoint security, the importance of security by design , and providing more online resources for victims to report crime and seek help and support.
• In this context, law enforcement should support the development of communication programmes to help the general public manage and maintain their privacy online and to establish the norms of social conduct in cyberspace. Particular focus should be given to children at a young age, stressing the need for safe behaviour online.
• Law enforcement should establish a channel through which details of compromised financial data discovered in the course of an investigation can be relayed to the financial sector in order to mitigate potential or further fraud.

Prevention - Capacity Building & Training

• Law enforcement needs to invest in capacity building with a view to acquiring the necessary skills, expertise, knowledge and tools to perform cybercrime investigations, Big Data analysis and Internet of Everything (IoE) related digital forensics. This should range from first responder training on the basic principles of cybercrime, to team leaders managing international cybercrime investigations and ideally be coordinated at an EU level to ensure harmonization. Synergies with the public and private sector and academia should be considered when developing new training courses.
• Law enforcement should urgently develop its understanding of how virtual currencies operate , and how to recognise the wide variety of digital accounts which may hold a suspect’s digital assets as a key means to seize the proceeds of crime.

Partnerships

• As cybercrime investigations and electronic evidence often span multiple jurisdictions , it is essential that law enforcement efforts in combating cybercrime are sufficiently supported at the legal and policy levels. Together with Eurojust and other relevant stakeholders, this will require developing more efficient and effective legal tools , taking into account the current limitations of the Mutual Legal Assistance Treaty (MLAT) process, and further harmonisation of legislation across the EU where appropriate.
• The dynamic, evolving and trans-national nature of cybercrime demands an equally diverse and flexible response by law enforcement in close international strategic and operational partnership with all relevant stakeholders. Public-private partnerships and co-operation and co-ordination with all relevant stakeholders, including the academic community, will play an increasingly important role.
• As a number of cyber threats emanate from non-EU states , law enforcement needs to explore strategic and operational cooperation and capacity building possibilities with law enforcement in states that criminals operate from. This must be intelligence led and coordinated with relevant stakeholders to prevent overlaps and duplication of effort.

Protection

• In the context of the proposed EU Directive on Network and Information Security , there is a need for a balanced and harmonised approach to information sharing and reporting from national and international stakeholder communities. This should include reporting of certain suspicious activities to national cybercrime centres and the European Cybercrime Centre at Europol.
• Legislators in the EU need to provide law enforcement with the legal instruments it requires to allow it to disrupt and investigate criminal activity, and to access the information it needs in order to apprehend criminals that undermine public safety and economic interests.
• Law enforcement should prepare for the transition period from IPv4 to IPv6 and the potential abuse of ICANN’s new generic top-level domains. This should include acquiring the necessary knowledge, skills and forensic tools.

Investigation

• Law enforcement should concentrate on pro-active, intelligence-led approaches to combating cybercrime in a prioritised manner, focusing on high impact areas. This will require leveraging existing platforms, such as the European Cybercrime Centre and its respective Focal Points and Interpol’s Global Complex for Innovation , to allow for the pooling of intelligence to better co-ordinate activity and make best use of limited resources.
• In order to measure the scale and scope of cybercrime in a consistent way, there is a need for improved monitoring, reporting and sharing of cybercrime-related data in a standardised EU-wide manner. Law enforcement should work with all relevant stakeholders on developing the necessary processes, protocols and trust relationships, considering the tools and services provided by the European Cybercrime Centre and the centre’s potential role as an information and intelligence sharing hub.
• Common digital forensics standards and procedures , including tools and data formats, to facilitate cross-border investigations and the exchange of electronic evidence should be developed and implemented.
• Law enforcement should focus its activities on the top identified criminal forums and marketplaces and on targeting individuals with the highest reputations on these platforms. Given the present predominant use of the Russian language, many law enforcement services will need to increase or adapt their language capabilities.
• Law enforcement should focus with priority on dismantling criminal infrastructure , disrupting the key services that support or enable cybercrime and prosecuting those responsible for malware development, as the numbers of highly skilled cybercriminals are limited and their skills are hard to replace.
• Law enforcement should target for apprehension and prosecution the developers of malware. Many of the more pernicious variants are controlled by closed criminal circles, the disruption of which would have considerable impact.
• Following the successful operations against airline sector fraud other areas of Internet facilitated payment card abuse should be identified and addressed on a global, European or national level.
• The increase of both cyber-enabled and facilitated crime should be met with a proportionate increase of relevant resources and skills within law enforcement.
• In the context of relevant EU legal frameworks and regulations, law enforcement needs to be equipped with the tools and techniques necessary to address the increase in and further sophistication of encryption and anonymisation .