EU Agencies Target Cybercrime
ENISA and Europol to Collaborate on Crime-Fighting EffortsTo better prevent and investigate online crime that affects Europe, the European Union Agency for Network and Information Security, or ENISA, and the Europol police force - including its European Cybercrime Center - will work more closely together to combat everything from the latest malware attacks to organized crime syndicates.
See Also: The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience
The heads of the two agencies signed a strategic cooperation agreement June 26 in the Netherlands at Europol headquarters in the Hague.
"This agreement is an important step in the fight against ever more skilled cybercriminals who are investing more time, money and people on targeted attacks," say ENISA Executive Director Udo Helmbrecht and Europol Director Rob Wainwright in a joint statement. "By cooperating more closely together and sharing expertise, we [will] strengthen Europe's capacity to combat cybercriminals."
From a practical standpoint, both agencies plan to share more knowledge and expertise, including information relating to attack types and criminal groups, as well as to bolster information security training and awareness practices in Europe. "The agreement is aimed at enhancing both agencies' missions and to utilize knowledge held by both agencies on methods used by criminals, [including] malware types, penetration methods, new risks for consumers and businesses and preparing for the next generation of the Internet of Things, which ultimately will connect all we do via some kind of Internet-facilitated communication," Troels Oerting, head of the European Cybercrime Center, tells Information Security Media Group.
Linking Cybersecurity, Police
Established in 2004, ENISA, which is based in Heraklion, Greece, is charged - by the EU regulation founding it - with "ensuring a high level of network and information security within the [European] Union and developing a culture of network and information security for the benefit of citizens, consumers, enterprises and public administrations." The agency has already been working with Europol, which coordinates law enforcement cooperation between EU member states, as well as country-level computer emergency response teams, or CERTs. The agency's mission includes preventing and investigating organized crime, terrorism and other serious crimes that affect two or more EU member states.
Europol's "EC3" European Cybercrime Center, which launched in 2013, is further charged with helping both member states and EU government agencies increase their ability to investigate and share cybercrime-related information both within the EU as well as with international law enforcement agencies, for example, those in the United States. EC3 focuses on online payment fraud, online child sexual exploitation and crimes affecting EU critical infrastructure and government systems.
Already Working Together
"The aim of this agreement is to boost and codify our already well-established cooperation between EC3 and ENISA," Oerting says. "ENISA is already part of the EC3 Program Board, and we have already established frequent joint meetings with the CERT community in EU, as well as drafting shared reports on cybercrime and incidents.
"But the work can, of course, become even more focused and progress in various areas, like joint exercises, joint operations and more sharing of information on the criminal networks and their methods used to penetrate EU critical IT infrastructure in order to steal our ideas, information, identity and money."
ENISA spokesman Ulf Bergström summarizes the EU cybersecurity move: "ENISA has the technical expertise, [and we're] putting it together with the police expertise of Europol."
Goal: Bolster Defenses
One goal of having ENISA and EC3 work together more closely is to build more awareness and advocate for better information security defenses. "Cybercrime is picking up; organized crime and phishing attacks and targeted attacks are picking up," Bergström tells Information Security Media Group. And that leaves small and medium-size enterprises in Europe especially at risk of being hacked. "In the end, 98 percent of the European economy consists of SMEs, and clearly smaller [enterprises] don't have the skills, knowledge, and financing to secure themselves - especially in the manufacturing sectors," he says.
Bergström says the new agreement builds on last year's EU regulation number 526/2013, which expanded ENISA's scope and authority.
And the agencies have already been working together, Bergström says, for example to get "computer emergency response teams - the digital fire brigades - working together with law enforcement agencies to better fight cybercriminality, which is really picking up, and which damages citizens, as well as organizations and businesses in Europe."