Untitled

Welcome to the EC3
Photographs/Graphics: Shutterstock
Copyright Europol 2012
E
E
C
Dear all,
With so much of our everyday communication and commercial
activities now taking place via the Internet, the threat from
cybercrime is increasing, targeting citizens, businesses and
governments at a rapidly growing rate. The EU in particular
is a key target because of its advanced Internet infrastructure
and increasingly Internet-based economies and payment
systems.
The scale of cybercriminal activity represents a considerable
challenge to law enforcement agencies. Organised crime
groups, terrorist groups and other criminals are quick to
exploit the opportunities afforded by developments in
technology, and the time has come for the authorities to
get one step ahead. No crime is as borderless as cybercrime,
requiring law enforcement agencies to adopt a coordinated
and collaborative approach across borders, together with
public and private stakeholders alike.
In order to ‘tackle crime in the digital age’ the Council of the
EU has endorsed the European Commission’s proposal to
create a new European Cybercrime Centre (EC3) at Europol in
The Hague, which will become the focal point in the EU’s fight
against cybercrime. The Centre, which will be operational by
1 January 2013, will pool expertise and information, support
criminal investigations and promote EU-wide solutions, while
raising awareness of cybercrime issues across the Union.
In a climate of austerity, the proposal draws on Europol’s
unique set of existing services, including its information
exchange infrastructure, cybercrime and online child abuse
expertise and liaison officer network. Operations of this
magnitude cannot be successfully concluded by national
police forces alone. It is here that the European Cybercrime
Centre will add significant value.Europol is already Europe’s
specialist law enforcement centre for operational support,
coordination and expertise in cybercrime. In addition to
the analytical and operational support already provided by
Europol, the European Cybercrime Centre will serve as the
European information hub on cybercrime, developing cutting
edge digital forensic capabilities to support investigations in
the EU and building capacity to combat cybercrime through
training, awareness raising and delivering best practice on
cybercrime investigations.
The Communication of the Commission foresees the existence
of a Programme Board, acting as a bridge between Europol
and the stakeholders. It will ensure the engagement of
relevant stakeholders as well as inclusivity and outreach in
EC3.
I am delighted that the Commission has proposed the
establishment of the EC3 at Europol. The European
Cybercrime Centre will provide governments, businesses and
citizens throughout the Union with the tools to tackle crime:
its establishment will be a landmark development in the EU’s
fight against cybercrime. Building on Europol’s proven track
record and unique expertise in this area, and with the support
of the Member States, other EU bodies, international partners
and the private sector, the European Cybercrime Centre will
make the EU smarter, faster and stronger in its fight against
cybercrime.
My best regards and wishes for a successful development of
the EC3,
Rob Wainwright
Director of Europol
Welcome 2
Why should we care
about our Cyberspace?
The development of the Internet and all of
its connected services in the digital world has
been enormous and fast in the last 15 years.
Several key people in the computer business
have been very wrong in trying to predict its
development over the years – which of course
makes it very hard to come up with qualitative
estimations of the future impact of this online
revolution.
But a number of facts and statistics can be
offered, in order to put its future development
into perspective:
3 Cyberspace
•Facebook has 1 billion users.
•146 000 Internet-related businesses are launched yearly in 30
selected countries.
•The value of Internet trade is estimated to exceed USD 1 trillion
globally in 2012.
•72 % of the EU is wired compared to a 34 % global average.
EU countries are very strong in invention, innovation, R&D,
branding, design, know-how, knowledge sharing, marketing
and rapid supply chain management – all areas which demand a
strong, fast and reliable Internet and cloud services with secure
infrastructures.
EU Member States, with strong support from the European
Parliament and the European Commission, are pursuing an
advanced digital agenda with more transparency, more citizens’
influence and more interconnectivity. Companies and public
services throughout the EU are dependent on delivering their
products and services through a secure Internet and our core
democratic values rest on a free and open Internet. Our daily
shopping, interaction with friends, planning of holidays and
assessments of services are net-based. We simply rely on the net!
However, it is unfortunately also a fact that the EU
and the rest of the world are facing recession and
huge economic challenges. After the huge setbacks
seen in the global economy over recent years, it is
evident that the EU and the world as we know it face
tremendous challenges.
The EU and Europe will hopefully recover but, to do
so, we need to get the production wheels spinning
– and for that purpose, the Internet and cyberspace
is key. Compared to other global economic regions,
the EU relies much more on its digital infrastructure.
This is our economic engine and backbone and we
need to maintain and develop it, in order to get the
economy back on track.
No safe, reliable and
strong
Internet
–
no
economic
recovery,
no
growth and no prosperity!
The Internet and its connected services are - in other words
- key for the future economic recovery of Europe and its
highly ‘wired’ population.
That’s why we need to care about our cyberspace and
protect it from criminals and other crooks with bad
intentions.
And if EU law enforcement agencies, with the support of
the European Cybercrime Centre (EC3) and other important
stakeholders, are not able to protect EU citizens, businesses
and public administrations, we risk losing our economic
recovery and the basis for our future growth.
By not addressing this challenge with determination we
also risk that large private companies and business alliances
will be forced to protect themselves. The protection of
cyberspace seems to have so far been focused on protecting
the infrastructure and users in general. But it should also be
made unattractive to commit crime in cyberspace. As in the
physical world, it is not enough to put an extra lock on the
door – you also need to catch the burglar.
Cyberspace 4
From a recent Cambridge University cyber research
paper, Measuring the Cost of Cybercrime,1 the following
can be read: ‘As a striking example, the botnet behind a
third of the spam sent in 2010 earned its owners around
US$ 2.7m, while worldwide expenditures on spam
prevention probably exceeded a billion dollars. Such
defence expenditure is not necessarily irrational, but
where crime is concentrated among a relatively small
number of offenders, it makes sense to use criminal
justice mechanisms to incapacitate the offenders. This
is part of a much wider problem of attributing risks to
patterns of offending. The legal-political problem is
often how to take criminal justice action when suspects
have been identified in a jurisdiction beyond ready
reach!’
The report concludes with the following statement –
which will be one of the guiding principles of EC3: ‘The
straightforward conclusion to draw on the basis of the
comparative figures collected in this study is that we should
perhaps spend less in anticipation of computer crime (on
antivirus, firewalls etc.) but we should certainly spend an
awful lot more on catching and punishing the perpetrators’.
Troels Oerting,
Designated Head of EC3.
Assistant Director.
1
2012, Cambridge University, Professor Ross Andersson, Michael Levi et al – Measuring the Cost of Cybercrime.
5 Cyberspace
I
N
T
R
O
D
U
C
T
I
O
N
Recognising the increased threat from cybercrime, and building on the Stockholm Programme1 and the
Council Conclusions concerning an Action Plan to implement a concerted strategy to combat cybercrime,2 the
European Commission in its 2010 Communication on The EU Internal Security Strategy in Action3 determined the
establishment of a European Cybercrime Centre (EC3), to be operational by 2013.
A feasibility study conducted by independent consultants has recommended that the centre be established at
Europol, building on the organisation’s existing capacity to combat cybercrime, online child sexual abuse and
payment card fraud.
THE CHALLENGE
Hosting the EC3 is not a minor new task. Its proposed mandate is realistic but challenging, and its implementation
will have an impact right across the organisation. It will affect the organisational design and working processes
of the Operations Department. In addition, it will put new demands on Europol’s existing structures, facilities and
expertise to meet specific needs, especially in terms of its ICT capability. Europol’s current expertise in combating
cybercrime, particularly in the field of child sexual exploitation and payment card fraud, provides a good basis on
which to build an effective new European centre. However, Europol will have to develop greater expertise and
resource capabilities to meet the full demands of the proposed mandate, especially with regard to the protection
of the EU’s critical IT infrastructure.
Budget implications are currently being assessed to ensure that the Europol Centre will have the extra resources
it needs to perform its tasks and fulfil stakeholder expectations.
1
17024/09, Brussels, 2 December 2009
2
3
5957/2/10 REV 2, Brussels, 25 March 2010
COM(2010) 673 final, Brussels, 22 November 2010
European Cybercrime Centre 6
THE IMPLEMENTATION
In order to react swiftly to the Commission’s proposal, Europol
has established a cross-departmental change initiative: the EC3
programme.
The EC3 programme, managed by the EC3 implementation
team, is overseeing planning, leadership and coordination of all
cyber-related change activities. It will ensure that the competent
authorities and Europol operational units will benefit from the
delivery of state-of-the-art products and services, adding value to
Europol’s overall service provision to Member States.
Subject to the outcome of the Council’s deliberations and the
input of the European Parliament, the implementation team will
prepare for the launch of the EC3 on 1 January 2013.
EC3 ORGANISATION
In order to deliver these functions, Europol’s working hypothesis is
that the EC3 shall be organised around four capabilities:
•Strategy – including trend analysis, early warning and horizon
scanning, outreach (public-private partnership), crime prevention,
policy work and strategic planning;
•Operational Support – comprising operational analysis and
coordination, cyber attack response, intelligence development,
financial investigation, on-the-spot forensic support and a role in
protecting the EU’s critical IT infrastructure;
•Data Fusion – to process and synthesise public and private
information flows, to triage and respond to incoming requests,
and to coordinate action by the relevant teams, as an integrated
part of Europol’s information hub architecture.
•R&D - Training – including technical threat analysis and
vulnerability scanning, static forensics, best practice and training,
and tool development;
The integration of the centre at Europol is fully in line with the New
AWF Concept and the new EU Strategic Priorities on organised
crime, one of which is currently to “step up the fight against
cybercrime and the criminal misuse of the internet by organised
crime groups”.
PROGRAMME BOARD
The EC3 Programme board is chaired by the Head of the EC3. It
ensures the participation of key stakeholders in the strategic
7 European Cybercrime Centre
direction of the Centre. It allows them to provide expertise and
know-how. It is also a tool to properly engage the stakeholders in
supporting the Centre’s deliverables. Its organisation maximises
efficiency and will not create any administrative burden.
Membership of the Programme Board relies on the following
stakeholders, who will be in charge of appointing their
representatives: EUCTF, CIRCAMP, CERT-EU, ENISA, ECTEG,
CEPOL, Eurojust and the European Commission. The Council of
the European Union Presidency and Interpol can be invited as
observers.
TIMELINE
With due consideration that it will need to be adapted to reflect
the Council Conclusions and the 2013 and 2014 budgets, the EC3
implementation plan is currently broken down as follows:
January to June 2012: Definition stage
•The necessary management structures have been put in
place: the operational, strategic and forensic capabilities
are centralised and all change and innovation projects are
coordinated and controlled within the EC3 Programme by the
EC3 implementation team;
July to December 2012: Pre-implementation
•Development and refinement of the EC3 operating model (EC3
Blueprint, EC3 Programme Board);
•Submission of a proposal to recruit a limited number of EC3
staff members from outside the competent authorities, due
to the EC3’s specific job profile requirements which demand
technical, forensic and strategic expertise;
•Preparation of organisational changes, new processes, required
technology and facilities in order to be live on 1 January 2013;
•Communication and stakeholder engagement.
2013: EC3 live
2013 will be used as a pilot phase to test the new capabilities.
The focus will be on the following products and services:
•Cybercrime information hub;
•Operational support (analytical support, forensic support,
including on-the-spot support, and operational coordination
services);
•Production of the EU cybercrime threat assessment;
•Outreach and public/private partnership;
•Training analysis and delivery.
European Cybercrime Centre 8
A larger force to
stamp out online child
sexual exploitation
Four new organisations have joined the Virtual Global Taskforce
(VGT), committed to the ongoing fight against technology
facilitated crimes against children.
Microsoft Digital Crimes Unit, World Vision Australia, Research
In Motion and The Code, last month joined the VGT as private
sector partners.
Chair of the VGT Neil Gaughan said these new partnerships are
valuable to the VGT and vital to wiping out online child sexual
exploitation all over the world.
“When it comes to combating online child sexual exploitation, a
collaborative approach is critical. I am pleased to welcome these
new organisations to the VGT,” Mr Gaughan said.
“These new partnerships will assist VGT law enforcement
agency members in sharing best practices and exploring new
technologies to support innovative thinking to reduce the threat
to children online.”
Engagement and cooperation is a strong focus for the VGT,
which aims to work closely with academia, non-government
organisations, industry and the private sector to keep children
safe online. Since 2010, nine private sector partners have joined
the VGT.
World Vision Australia (WVA) is a child-focused humanitarian,
development and advocacy organisation which is well placed
to assist VGT partners and law enforcement agencies with vital
information and intelligence. As part of the World Vision global
partnership, WVA has access to invaluable information on
emerging trends and best practice in preventing and responding
to child sexual exploitation. WVA will work to harness the
perspectives of children and communities to enhance law
enforcement efforts.
“World Vision Australia is thrilled to be partnering with global
law enforcement leaders on such an important issue,” said World
Vision Australia chief executive Tim Costello. “I commend the
VGT for its innovative and collaborative approach. We must
all work together if we are to protect vulnerable children from
sexual predators.”
9 Press Release
The Microsoft Digital Crimes Unit consists of
international specialists partnering to transform the
fight against cybercrime. The VGT will benefit from
Microsoft’s experience and expertise in developing
technical solutions to combat online child sexual
exploitation. Examples of Microsoft DCU projects
that may benefit VGT members include:
(1) PhotoDNA, which is an image matching
technology that helps law enforcement expedite
investigations and strengthens their ability
to quickly identify and rescue victims; and
(2) the Microsoft Law Enforcement Assistance
Program which provides training, tools and technical
support.
Additionally, some of the VGT member countries
already use Microsoft’s Child Exploitation Tracking
System (CETS), which helps law enforcement
agencies to follow up on leads, collect evidence and
build cases against suspected child predators.
“There should be no place on the internet that a person
can hide if that person has molested a child,” said Bill
Harmon, Associate General Counsel of the Microsoft
Digital Crimes Unit. “Law enforcement officers are the
real heroes in the fight against child sexual exploitation.
Their dedicated work and partnerships across the globe
are key to addressing this horrible problem. Microsoft
is honoured to join the VGT and work with others
dedicated to fighting child sexual exploitation.”
Research In Motion (RIM), a global leader in wireless
innovation, revolutionised the mobile industry with
the introduction of the BlackBerry® solution in 1999.
The VGT will benefit from RIM’s support and mobile
applications designed to protect children from harmful
content and RIM’s participation in other programs
to support a safer internet. The VGT will also gain
from having access to the expertise, resources and
networking opportunities available through RIM’s
global developer community.
“Device security is vitally important to protect children and
other vulnerable groups from cyber threats that can be used
to exploit children online,” said Fred Nesbitt, RIM’s Legal
Director for Public Safety Operations. “RIM is pleased to
be a member of the VGT and looks forward to working with
organisations and communities that seek to protect children
from online exploitation.”
The Code Of Conduct For The Protection Of Children From
Sexual Exploitation In Travel And Tourism (The Code)
engages the tourism industry (hotels, airlines, tour operators)
to request their commitment in accepting their Code of
Conduct. Already more than 1000 travel companies from 42
countries have signed This Code of Conduct, which seeks to
protect children from travelling child sex offenders. The VGT
and The Code will work together to link the travel and tourism
industry and law enforcement and raise further awareness of
this Code of Conduct.
Press Release 10
“We are very excited about the partnership with the
VGT. We hope The Code can further strengthen the
link between the travel and tourism industry and law
enforcement to protect children from travelling child
sex offenders. We also hope the partnership with the
VGT can help us explore new ways to protect children
from travelling sexual offenders who are using new
technology,” said Manager of The Code Andreas Astrup.
A key goal for the VGT is to build stronger alliances
and expand the VGT membership with organisations
outside law enforcement. The VGT has also developed
strategic partnerships with:
End Child Prostitution Child Pornography and
Trafficking of Children for Sexual Purposes network
(ECPAT International), International Association of
Internet Hotlines (INHOPE), the International Centre
for Missing and Exploited Children (ICMEC), the
National Centre for Missing and Exploited Children
(NCMEC) and PayPal.
Members of the VGT include the Australian Federal
Police, the Child Exploitation and Online Protection
Centre (UK), the National Child Exploitation
Coordination Centre (Royal Canadian Mounted Police),
U.S. Immigration and Customs Enforcement, the Italian
Postal and Communication Police Service, INTERPOL,
the Ministry of Interior for the United Arab Emirates,
the New Zealand Police and Europol.
For more information on the VGT,
visit: www.virtualglobaltaskforce.com
Press Release 11