Responding to the growing cyber threat

The Head of UCD’s Centre for Cybersecurity and Cybercrime Investigation, Cheryl Baker discusses the global threat to cyber security and outlines the centre’s role in tackling the problem.

Cybercrime is a global criminal phenomenon with the capability to impact all levels of society – individual, corporate and government. It can pose a threat to lives; disrupt business activities, and damage economies.

While the speed of evolution in ICT has created an online marketplace and social playground of global proportions for the ordinary citizen, it has also facilitated the growth of a cybercrime industry that employs sophisticated crime-as-a-service business models to achieve their aims. No longer is it necessary for a criminal to have the skills to perpetrate a cybercrime. Every skill and service required – hackers, malware developers, botnet operators etc. – can be purchased online.

Furthermore the anonymity offered by the darknet, along with the use of virtual currencies and encryption techniques means that the cybercriminals can operate under a cloak of anonymity that makes discovery more and more difficult.

Response

Increasingly cybercrime is becoming an organised criminal activity, either providing direct benefit through financial gain, or as the facilitator of other forms of crimes such as terrorism, human trafficking and child sexual exploitation. Its ability to facilitate activity across a range of crimes, and to leverage new technologies as soon as they appear on the market, is one of the major challenges facing the law enforcement community.

Ensuring law enforcement capability is fit for purpose in an environment where cybercriminals are technologically competent and adept at operating on a global basis is a serious challenge. The proliferation of technology, and the sophisticated techniques being employed to cover tracks, means that law enforcement needs to develop new strategies for catching cybercriminals. Nowadays it is increasingly likely that a range of technology devices may be found at almost every crime scene. As it is no longer feasible to call in the experts on every occasion, first responders need to know how to deal with these technologies. Particularly as the increasing use of encryption means that data needs to be captured ‘live’ before the criminal has had the chance to power off his or her devices, thereby causing vital evidence to be locked and lost behind an impenetrable wall. Simply pulling the plug and sending the equipment off to the forensic unit, is no longer a viable option.

As a result, training in seizing and gathering digital evidence from crime scenes is fast becoming a necessity for all police officers involved in investigations, and not reserved for technical experts. At the other end of the scale, there is an increasing need for specialists who are competent in techniques, such as reverse engineering of malware, or in intelligence gathering and analysis.

The Centre for Cybersecurity and Cybercrime Investigation in UCD was established specifically to assist law enforcement in the fight against cybercrime, and provides a range of services, which includes training. As cybercrime is a global problem, the centre operates globally, and to date has provided education on a range of cybercrime investigation techniques to more than 5,000 police officers in over 50 countries. It has cooperated on capacity building initiatives with a number of agencies, including Europol, INTERPOL and the Organisation for Security and Cooperation in Europe.

Working closely with global law enforcement has enabled the centre to gain valuable insight into the specific needs and requirements of this community when it comes to tackling cybercrime. In addition to the need for knowledge and skills, a further drain on resources is the cost of equipping a cybercrime unit. The development of cybercrime products and services is big business, and companies can sell their offerings for many tens of thousands of Euro.

Many national police forces, including Ireland, simply do not have the budgets required to purchase these tools and so we have a situation where the criminals are better resourced than the police arises. Two years ago, in an attempt to counter this problem, the Centre for Cybersecurity & Cybercrime Investigation established an initiative to develop free forensic tools for the law enforcement community. To date, the FREETOOL project has developed seven tools, and is currently working on a further six. The tools can be used for a range of investigative problems and once developed are available for download free of charge from Europol. Currently, several hundred law enforcement officers across Europe are using the tools.

This type of initiative is providing a lifeline to police forces who are struggling to cope in the face of a cyber landscape that is expanding to include homes, cars and wearable devices. However, as the further integration of ICT’s into everyday life continues, it is becoming increasingly obvious that it is no longer possible to fight the threat alone.

Cooperation

The fight against cybercrime requires a comprehensive approach, where security stakeholders from both the public and private sector collaborate and contribute to solving the problem. This idea is reinforced by a number of key organisations. The World Economic Forum recommends a range of information sharing, reporting and prevention initiatives that should be implemented between law enforcement and the private sector; while the European Commission is currently holding a consultation on cybersecurity public private partnership (PPP) that it is hoped will stimulate the European cybersecurity industry. If managed properly, public/private partnership can provide a win-win for all those involved. Furthermore, PPP is particularly relevant to Ireland as the IDA is keen to promote the country as an attractive investment opportunity for cyber industries.

A prototype for this type of partnership is already functioning in Ireland. The Banking and Payments Federation Ireland (BPFI) is a member organisation that represents the Irish financial services sector. In 2006, the BPFI established the Hi-Tech Crime Forum for members to meet and share information on financial cybercrime. The forum, which also includes representatives from An Garda Síochána, and UCD Centre for Cybersecurity & Cybercrime Investigation, provides a secure and confidential environment in which information sharing between relevant stakeholders can be facilitated.

The role of the centre in the forum is to provide a range of expert services, including briefings on upcoming threats and challenges; demonstrations on the latest technologies likely to hit the banking sector, and the development and coordination of cyber-attack exercises to support preparedness, both organisationally and sector wide.

The BPFI public private partnership model works on a number of levels. For the Gardaí it provides a single point of contact for liaison with a business sector; for the banks it provides an opportunity to make cost savings through the sharing of best practices and advanced warnings on the next threats; and for the centre, the financial support provided by the BPFI assists in continuing its goal of supporting the fight against cybercrime. As a not-for-profit operation which does not receive funding from the university or the government, the centre is dependent on external revenue to support its activities.

This multi-stakeholder approach to financial cybercrime has been so successful that it has now been replicated across several member states and at EU level. It is a simple and successful format that could be easily adopted by almost every other business sector operating in Ireland.

The sum of cyber response is greater than its parts, and working together in this form can reduce the workload of the police, produce cost savings for business, and generate new ideas and technologies to make a safer cyber environment for both businesses and consumers.