Strategic and operational threat analysis at Europol's EC3

Similar documents
Designing Robustness and Resilience in Digital Investigation Laboratories

Regional Seminar on Cyber Preparedness

Cyber Intel within European Cybercrime Center Ops

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

ENISA EU Threat Landscape

UCD Centre for Cybersecurity & Cybercrime Investigation

ENISA s Position on the NIS Directive

European Cybercrime Centre EUROPOL

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Global Wildlife Cybercrime Action Plan1

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Council of the European Union Brussels, 16 March 2015 (OR. en)

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

EUROPOL Unclassified Basic Protection Level

Way to new challenges

10025/16 MP/mj 1 DG D 2B

Cyber Security Development. Ghana in Perspective

Directive on security of network and information systems (NIS): State of Play

A Multi-Stakeholder Approach in the Fight Against Cybercrime

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Cyber Security in Europe

13268/16 EB/dk 1 DGD 1C

Security Director - VisionFund International

15412/16 RR/dk 1 DGD 1C

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

6056/17 MK/ec 1 DG D 2B

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cybersecurity Strategy of the Republic of Cyprus

Systemic Analyser in Network Threats

2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison

PROJECT RESULTS Summary

INTERPOL s Role and Effort in Combating Cybercrime Kunwon YANG Assistant Director, DFL, IGCI

G8 Lyon-Roma Group High Tech Crime Subgroup

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Strategic Security Analyst

National Communications Authority

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

International Law Enforcement Cooperation on Cybercrime investigations: the role of INTERPOL. Mr Olusola Oguntunde

Virtual Currencies and The Commonwealth. 1 June 2016

Cyber Security Strategy

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

Cyber Security Beyond 2020

CENTER FOR SECURITY STUDIES

Package of initiatives on Cybersecurity

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Cybersecurity & Digital Privacy in the Energy sector

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Global Cybercrime Certification

CYBER SOLUTIONS & THREAT INTELLIGENCE

Regional Cyber security Forum for Africa and Arab States, Tunis, Tunisia 4 th -5 th June 2009

Security Aspects of Trust Services Providers

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

European Union Agency for Network and Information Security

ASEAN s Cyber Confidence Building Measures

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood Region

CYBER RESILIENCE & INCIDENT RESPONSE

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Achieving Global Cyber Security Through Collaboration

INTERPOL s Role and Efforts in Combating Cybercrime. Dr. Madan M. Oberoi Director Cyber Innovation and Outreach

CTI Capability Maturity Model Marco Lourenco

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

OAS Cybersecurity Capacity Building Efforts

The SPARKS Project Motivation, Objectives and Results

Defining cybersecurity.

Security and resilience in Information Society: the European approach

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Digital Health Cyber Security Centre

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Project III Public/private cooperation

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Global Security Advisor

Jane s Defence Industry & Markets Intelligence Centre. Develop Advantage. Mitigate Risk. Capture Opportunity.

Global cybersecurity and international standards

Europol Unclassified Basic Protection Level. Council Working Party on Information Exchange and Data Protection (DAPIX) Friends of Presidency

Issue I. Airport Communication Project

Directive on Security of Network and Information Systems

Network and Information Security Directive

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

3.4 The EU as a partner in cyber diplomacy and defence

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Cyber Security in Europe and CEER s new PEER initiative

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Current skills gap for capable CTI analysts: Training for forensics & analysis

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

10007/16 MP/mj 1 DG D 2B

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Department of Homeland Security Updates

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The commission communication "towards a general policy on the fight against cyber crime"

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

INTERPOL For official use only. Fighting with friends

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Cybercrime Capacity Building a cooperative process

Securing Europe's Information Society

EISAS Enhanced Roadmap 2012

Transcription:

Strategic and operational threat analysis at Europol's EC3 Dr. Philipp Amann, MSc Senior Strategic Analyst Team Leader Strategy & Development ENISA Workshop on EU Threat Landscape Europol Unclassified - Basic Protection level / Europol Public Information 24 February 2015

EC3 Who We Are and What We Do 2 European Cybercrime Centre

EC3 s History 2011-2012 RAND Feasibility Study for a European Cybercrime Centre 1 July 2012 EC3 Implementation Team starts its activities 23 October 2012 2 nd EC3 Programme Board 28 March 2012 Communication of the European Commission on the establishment of EC3 18 June 2012 EC3 Blueprint 1 January 2013 EC3 is live 8 June 2012 European Council of Ministers endorsement 12 June 2012 First EC3 Programme Board 11 January 2013 EC3 Inauguration 3

Europol Organisational Structure 4

EC3 Organisational Structure 5

EC3 Governance Model Assisted by 2 Advisory Groups 6

Multi-Stakeholder Approach 7

Europol s network of Liaison Bureaus 8

EC3 Core Services European cybercrime info/intel focal point Support to Member States' cybercrime investigations Platform to pool skills and expertise & tool support for MS Collective voice of European cybercrime investigators OPERATIONAL Coordination of High Profile Operations On-the-Spot Operational Support Operational, Technical and Forensic Analysis Digital IT Forensics Support STRATEGIC Outreach to Public/Private Partners Strategy and Forward Looking Assessments Training and capacity building Digital IT Forensics R&D 9

EC3 Products & Solutions 10

EC3 Information/Intelligence Flow EU Cybercrime Centre EC3 Strategy Enrich Support Support Member States + Third Parties (with agreements) Strategy / Prevention Operational Support Feed Feed Cyber Intelligence Desk Alert Send Information Send Information FP TERMINAL FP TWINS FP CYBORG R&D / Forensics Feed Info Hub Command Centre Send Information Send Information Public/Private Sector Open Sources CERTs Strategic Information Operational Information

Cyber Intelligence Team Information collection on cybercrime from the widest array of public, private and open sources. Analytical hub (tactical and operational), processing and analysing information from various sources. Broaden information picture on cybercrime in Europe over time so as to rapidly identify emerging threats. In close co-operation with Strategy. Pro-actively scans the environment, identifying new trends and patterns, updating stakeholders accordingly. In close co-operation with Strategy. What Cyber-Intel can do OSINT Receive operational information from MS and operational partners Search Europol operational information What Cyber-Intel cannot do Surveillance Engage with suspects Infiltration: provide opinions; create reputation Control the crime using agent provocateur 12

Strategy and Development Team To provide Europol s EC3, EU law enforcement and other relevant partners, including EU policy makers, with an overview of trends, developments, capabilities and intentions to support the fight against cybercrime, inform the formulation of policies and legislative measures, contribute to the development of standardized training, awareness raising and preventive measures, and facilitate regular meetings of stakeholder and governance bodies. 13

EC3 Intelligence/Knowledge Products CYBER-INTEL Cyber Bits Trends: Modus operandi, tool or technique used by cyber criminals. Emerging patterns and crime series. Knowledge: Offer guidance and raise awareness. Technology: Technical developments having impact law enforcement work. Tools: Presentation of tailored tools to support operational activities. OSINT Dashboard Quantitative Quarterly Report on Cyber Threats in cooperation with Strategy STRATEGY iocta Project 2020: Scenarios for the Future of Cybercrime Police Ransomware Threat Assessment A Review of Criminal Forums Strategic Assessment on CSE Online ICANN Guide for Dummies, Assessment of Bitcoin, Top 10 External Cyber Threats, etc.

EC3 Intelligence/Knowledge Products Dashboard, Cyber Bits, Internet Governance Bits, etc. Quantitative Quarterly Reports, Situational Reports, In-depth Assessments, etc. Strategic Products (e.g. iocta) Operational Support and Input 15

EC3 Threat Analysis Some Definitions Data value, word or event out of context i.e. without meaning. Information data put into a meaningful context e.g. by using meta-data to provide context. Intelligence actionable information i.e. evaluated information that has strategic/operational/tactical value, particularly in the context of investigations. Evidence information or intelligence that can be used in court.

EC3 Threat Analysis Some Definitions Threat analysis systematic detection, identification, and assessment of actual or potential cyber risks, the probability of these risks occurring and the consequences or impact should they occur.

EC3 Threat Analysis Challenges CYBER-INTEL Operational data vs. strategic data Sharing with non-competent authorities, particularly the private sector Sharing with non-operational partners Data retention Amount of data/information/intelligence Human resources, including language skills STRATEGY Operational/tactical intelligence vs. Strategic threat intelligence - risk of separate intelligence cycles Forward-looking, more high-level decisions and planning support vs. Operational support Management support for Strategic Analysis Communication and analysis tasking and prioritisation process (e.g. selection of topics, Ops input)

EC3 Threat Analysis Challenges CYBER-INTEL & STRATEGY Access to data, information and intelligence (willingness to share, cost factor, lack of standards, overlapping data sets, lack of historical data, etc.) Limited OSINT capabilities, particularly in relation to Darknets Network of external partners, including industry and academia as well as other EU agencies and the CERT community Tool support (storage, retrieval, collation, correlation, analysis, visualisation, etc.)

EC3 Threat Analysis Initiatives Development of a taxonomy and business case for the exchange of information/intelligence between LE and CERTs Anonymized cross-matching solution Active Stakeholder Management and engagement with EU and non-eu partners, including with private industry and academia Engaged in internal and external discussions around OSINT capabilities and data protection

EC3 Threat Analysis Initiatives In-house R&D Ongoing evaluation of commercial tools and services Training and capacity building

Joint Cybercrime Action Taskforce MS & Partner LEA J-CAT Europol EC3 22

EC3 Threat Analysis Summary Two threat analysis areas strategic and tactical/operational Privacy and data protection, and policies governing OSINT activities Exchange of data/information/intelligence with competent authorities vs. other partners Tool support and human resources

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback