EU, U.S. Partner on Malware, Cybersecurity Defense
Last week, the world’s major democratic governments took steps to coordinate cybersecurity defenses, with the European Union and the United States launching an initiative to combat ransomware, which has become an increasingly critical national security issue.
The stated goals of the partnership highlight law enforcement action, raising public awareness on how to protect networks as well as the risk of paying ransoms to the criminals responsible and encouraging states that turn a blind eye to this crime to arrest or effectively prosecute criminals in their territories.
When it comes to bilateral and multilateral instruments to facilitate the fight against cybercrime, the United States and the European Union restated their commitment to negotiate as soon as possible an EU-U.S. agreement facilitating access to electronic and digital evidence for the purpose of cooperation in criminal matters.
Both sides also welcomed the recent approval by the Committee of State Parties to the Budapest Convention of the draft text of the Second Additional Protocol of the Budapest Convention, which remains the primary instrument for international cooperation on cybercrime.
The U.S. and EU also signaled their continued support for and willingness to cooperate in building a framework for a possible future United Nations international legal instrument on cybercrime.
Meanwhile, the EU is also planning to launch its own elite rapid response unit to target cybercrime to step up response to large-scale security incidents.
The Joint Cyber Unit will work at an operational and at a technical level to establish and mobilize EU cybersecurity rapid reaction teams, facilitate the adoption of protocols for mutual assistance among participants and establish national and cross-border monitoring and detection capabilities, including security operations centers (SOCs).
The aim is to ensure that the Joint Cyber Unit will move to the operational phase by June 30, 2022, and that it will be fully established and operational one year later.
The European Union Agency for Cybersecurity, ENISA, will serve as secretariat for the preparatory phase and the Unit will operate close to their Brussels offices and the office of CERT-EU, the Computer Emergency Response Team for the EU institutions, bodies and agencies.
“No single country alone can take on cybercrime and ransomware,” said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, a provider of cloud identity security solutions. “Therefore, in order to fight ransomware, countries must unite, collaborate and work together to reduce the safe havens that ransomware operators can use to hide and operate from.”
Carson said he believed the most important action from the ransomware task force framework is prioritizing a “coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.”
He explained this should be the basis for any organized initiative to reduce the risks of ransomware by restricting the safe places they can operate and holding countries that provide safe havens to cybercriminals responsible for criminal actions taken. Carson added that ransomware operators should now be classed as cyber terrorists.
“Easy information sharing must be possible, as this is what can hold cooperation together,” Carson noted. “Otherwise, actions move slowly and fall way behind the evolution of ransomware.”
He pointed out that central coordination is the key, and said the Joint Cyber Unit would help provide clear visibility into the true state of cybersecurity within the EU, providing a central line of transparency and communication between the EU and the U.S.
“Some countries have been getting away with ignoring the cybercriminals within their borders and the message from several countries standing together sends a message that ignoring cybercrime can no longer continue without consequences,” he said.
Andrew Barratt, managing principal of solutions and investigations at Coalfire, a provider of cybersecurity advisory services, called the goals laudable but said for them to be truly successful there is a need for “very, very specific” legal cooperation.
This includes extradition treaties, which he said should be adapted with cybercrime in mind, with perhaps even a more formalized international arrest warrant rather than the current guidance structure with Interpol’s Red Notice scheme.
“This will require bilateral agreement on evidence standards and legal principles, but it would be a great goal to cooperate on,” Barratt said.
He suggested there could even be reciprocal detainment procedures, so that instead of extradition, detention could be performed in the country of arrest, along with allocating some mutual funding to ensure that states without the same economic might as the U.S. are adequately funded in their efforts to support U.S. interests.
“It’s rare these types of initiatives deliver the quick wins that politicians crave, but, when done properly, could become the bedrock of modern international cooperated law enforcement,” Barratt said. “Global cooperation on cybercrime of all kinds is vital, mainly because it can be perpetrated from almost any country attacking a business in any other.”
