ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

Size: px

Start display at page:

Download "ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania"

Madison Gregory
5 years ago
Views:

C-PROC Cybercrime Programme Office Council of Europe, Bucharest, Romania ISACA National Cyber Security Conference 8 December 2017, National Bank of

1 C-PROC Cybercrime Programme Office Council of Europe, Bucharest, Romania ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania The role of legislation in enhancing the cyber security Virgil SPIRIDON Head of Operations C-PROC, Council of Europe

2 C-PROC Cybercrime Programme Office Council of Europe, Bucharest, Romania Agenda Budapest Convention Capacity building at C-PROC Cybercrime vs Cybersecurity Impact of the legislation Challenges for criminal justice Cybersecurity/Cybercrime strategies Conclusions

Strengthening the rule of law in cyberspace: The framework of the Budapest Convention on Cybercrime 3 www.coe.

3 Strengthening the rule of law in cyberspace: The framework of the Budapest Convention on Cybercrime Common standards: Budapest Convention on Cybercrime and relates standards 2 Follow up and assessments: Cybercrime Convention Committee (T-CY) Protecting you and your rights in cyberspace 3 Capacity building: C-PROC

4 Reach of the Budapest Convention as a guideline 130+ Indicative Budapest Convention Ratified/acceded: 56 Signed: 4 Invited to accede: 10 = 69 Other States with laws/draft laws largely in line with Budapest Convention = 20 Further States drawing on Budapest Convention for legislation = 45+ map only

5 5 5 Budapest Convention: scope Criminalising conduct Illegal access Illegal interception Data interference System interference Misuse of devices Fraud and forgery Child pornography IPR-offences Procedural tools + + Harmonisation Expedited preservation Search and seizure Interception of computer data International cooperation Extradition MLA Spontaneous information Expedited preservation MLA for accessing computer data MLA for interception 24/7 points of contact

The Cybercrime Convention Committee (T-CY) www.coe.

6 The Cybercrime Convention Committee (T-CY) Established under Article 46 Budapest Convention Membership (May 2017): 56 Members (State Parties) 11 Observer States 12 organisations (African Union Commission, Commonwealth Secretariat, ENISA, European Union, Eurojust, Europol, INTERPOL, ITU, OAS, OECD, OSCE, UNODC) Functions: Assessments of the implementation of the Convention by the Parties Guidance Notes Draft legal instruments Two plenaries/year as well as Bureau and working group meetings An effective follow up mechanism The T-CY appears to be the main inter-governmental body on cybercrime matters internationally

7 7 7 Cybercrime Programme Office of the Council of Europe (C-PROC) in Romania Committee of Ministers decision October 2013 Operational as from April 2014 Currently 26 staff Task: Support to countries worldwide to strengthen criminal justice capacities on cybercrime and electronic evidence

8 8 8 Multiple programmes: Legislation Specialised law enforcement units Training of prosecutors and judges Public/private cooperation Targeting proceeds from crime online International cooperation Dedicated Cybercrime Programme Office of the Council of Europe (C-PROC) in Bucharest, Romania Capacity Building Programmes Capacity building on cybercrime electronic evidence Priority to countries committed to implement Budapest Convention Support to any country regarding legislation

9 Current capacity building programmes (Status August 2017) Cybercrime@Octopus (voluntary contribution funded) Cybercrime@EAP II EU/COE Eastern Partnership Cybercrime@EAP III EU/COE Eastern Partnership iproceeds Cooperation on Cybercrime: targeting crime proceeds on the Internet GLACY+ EU/COE Joint Project on Global Action on Cybercrime CyberSouth Strengthen legislation and institutional capacities on cybercrime and electronic evidence

10 Cybercrime vs Cyber Security Cybercrime criminal justice no general accepted definition offences against computer systems computer related offences/committed through a computer system Cyber Security policy vulnerabilities/risks/responsibilitie s security measures cyber incidents/attacks Cybercrime/cyberterrorism/ cyberdefense/cyberespionage

11 Impact of the legislation National legislation Substantive law (offences) Procedural law (instruments for investigations, obtaining of data, investigative instruments) International cooperation (channels, authorities, restrictions, exchanging of information/evidence) Institutions and responsibilities (public and private entities) Inter-agency cooperation

12 Impact of the legislation International legislation Budapest Convention on Cybercrime International Treaties International Organisations European Directives (CSE, Attacks, Payment card Frauds, Data Retention, GDPR)

13 Cybercrime and electronic evidence: Challenges for criminal justice The scale and quantity of cybercrime, devices, users and victims Technical challenges (VPN, anonymisers, encryption, VOIP, NATs etc.) Cloud computing, territoriality and jurisdiction Cloud computing: distributed systems distributed data distributed evidence Unclear where data is stored and/or which legal regime applies Service provider under different layers of jurisdiction Unclear which provider for which services controls which data Is data stored or in transit production orders, search/seizure or interception? The challenge of mutual legal assistance No data no evidence no justice

14 10 C-PROC Crime and jurisdiction in cyberspace solutions proposed under the Budapest Convention on Cybercrime Specific issues to be addressed: Differentiating subscriber versus traffic versus content data Limited effectiveness of MLA Loss of location and transborder access jungle Provider present or offering a service in the territory of a Party Voluntary disclosure by US-providers Emergency procedures Data protection Solutions: 1. More efficient MLA [agreed by T-CY] 2. Guidance Note on Article 18 [approved by T-CY in February 2017] 3. Domestic rules on production orders (Article 18) [agreed by T-CY] 4. Cooperation with providers: practical measures [agreed by T-CY] 5. Protocol to Budapest Convention [negotiations started in Sep 2017]

15 Solution 2: Guidance Note on Article 18 Guidance Note on Article 18 Budapest Convention on production of subscriber information: Domestic production orders for subscriber information if a provider is in the territory of a Party even if data is stored in another jurisdiction (Article 18.1.a) Domestic production orders for subscriber information if a provider is NOT necessarily in the territory of a Party but is offering a service in the territory of the Party (Article 18.1.b) Agreed by T-CY on 28 Feb 2017

16 Solution 5: Protocol to Budapest Convention A. Provisions for more efficient MLA Expedited MLA for subscriber information International production orders Direct cooperation between judicial authorities Joint investigations Emergency procedures for access to data Role of 24/7 contact points B. Provisions for direct cooperation with providers in other jurisdictions C. Framework and safeguards for existing practices of transborder access to data D. Data protection Terms of reference approved in June Negotiations started on 19 September Support of LEA community needed to conclude Protocol for more efficient access to evidence in the cloud!

17 Cyber Security/Cybercrime strategies Cyber security strategy: to set policy goals, measures and institutional responsibilities Identification of risks Critical infrastructure CERT Cooperation at national and international level Cooperation with the private sector Multi-stakeholder governance Protection of business in cyberspace Technical safeguards Reporting mechanism Education and capacity building Protection of rights Action plan

18 Cyber Security/Cybercrime strategies Cybercrime strategy: to ensure an effective criminal justice response to offences against and by means of computers and to any offences involving electronic evidence Cybercrime reporting and intelligence Prevention Legislation Specialised units Interagency cooperation Public/private cooperation Training International cooperation Financial investigation Protecting of children

19 Cyber Security/Cybercrime strategies Legislation and institutions State actors play an important and active/coordination role in the activities Specificity from the national level Regulations for cooperation and to coordinate actions Exercises Build incident response capabilities Identify the critical infrastructure Technical safeguards Invest in education, research, technology and capacity building No legislation no justice no security

20 THANK YOU Q&A

Cybercrime and e-evidence: challenges and solutions.

Cybercrime@Octopus Ministry of Communications Workshop on Cybercrime and Cybersecurity for selected Members of Parliament (KAIPTC, Accra, Ghana, 25 October 2018) Cybercrime and e-evidence: challenges and