On 16 and 17 October 2017, the EU Cybersecurity Agency (ENISA) and the EU Agency for Law Enforcement Cooperation (Europol) organised the sixth edition of their annual workshop. This year’s headline was cooperation between European Computer Security Incident Response Teams (CSIRTs) and law enforcement.
Fighting attacks on information systems, preventing harm and protecting critical infrastructure are part of a security continuum, which has grown in scope and influence, evolving into an ecosystem composed of many different entities that all partake in and impact operations and the development of the field. It is increasingly evident that these parties need to join forces, work together and collaborate on cyber security issues.
The ultimate goal is to consolidate trust among the various sectors involved in the ecosystem in order to enable a meaningful exchange of data, intelligence and information on threats: law enforcement, private-sector partners and CSIRTs are key elements of this ecosystem and they require a workable collaboration framework that empowers them to collectively face the ever-increasing threats from cyber-attacks.
The workshop took place at Europol’s headquarters in The Hague, the Netherlands, and brought together the CSIRTs from EU Member States, EFTA countries and their national law enforcement counterparts. It focused on the need for improved cooperation and for an effective and concerted response to the growing attacks against information systems.
The participants addressed very important topics in the current cyber landscape: information sharing and operational cooperation. They were also presented with the key findings of two flagship reports, ENISA’s Threat Landscape and Europol’s Internet Organised Crime Threat Assessment (IOCTA).
Other subjects discussed included the NIS Directive, CSIRTs network, the renewed EU Cybersecurity Strategy, the role of encryption, forensic and investigative techniques, as well as legal, practical and technical challenges that specialists face and how to better overcome them.
Through this workshop, participants were given the opportunity to constructively discuss the strengths and challenges of their cooperation and to share best practices, with the aim of improving cross-sector cooperation to the face the growing challenges in the cyber security ecosystem.
The 2017 Wannacry and NotPetya attacks have been the largest and the fastest-spreading ransomware attacks observed so far. Their unprecedented level of reach and potential harm to the victims highlighted the need for effective mechanisms to be in place to efficiently respond to the attacks and identify the culprits. There is therefore a need to strengthen the coordinated CSIRT and law enforcement response to cybercrime in the EU and thus to help protect European citizens, businesses and governments from online crime.