The use of the Internet, PCs, smart phones and tablets have become an indispensable part of how we study, work and interact with friends, and family. Unfortunately, technology has become an indispensable tool for criminals as well.
Whether for scams, identity theft or large scale cyber-attacks, cybercriminals are abusing technology to exploit victims across borders, platforms and jurisdictions. Given the scale and the nature of the internet, this problem can only be tackled through in depth collaboration and information sharing between private industry, academia, government and law enforcement. Yesterday’s European Commission announcement on the creation of the European Cybercrime Center (EC3) therefore represents an important development to better equip society against cybercrime.
With the proposal, the Commission not only creates a strategic framework for capacity building in the fight against cybercrime at the EU level for the first time, it acknowledges that information sharing is critical for improved detection and disruption of illegal activity as well as increased deterrence. It is particularly important that the EC3 will be based within the European Police Office - the Europol- and will therefore be able to draw on existing knowledge and resources to warn Member Sates of any cybercrime threats. The Centre will also provide operational support in concrete investigations and help set up cybercrime Joint Investigation Teams.
This approach could not be more timely and fits well with the work we at Microsoft have been doing in collaboration with the Commission and national authorities in encouraging capacity building and driving knowledge exchange.
Yesterday, 28th March, the Belgium Center of Excellence BCCENTRE brought together 80 experts to discuss these issues in more depth. This week, Microsoft is also hosting an event in Schiphol to brief experts on threat intelligence and ways that information gained from actions against cyber threats could be used more effectively to protect the broader community, with a specific focus on how collaboration must form part of any active response. There are a number of EU countries actively developing what we believe to be a compelling concept of an Information Sharing Centre that collects information and reports from various sources, including citizens, and dispatches it to all interested stakeholders: internet service providers, security vendors, advertisers, brands, network security agencies, law enforcement, CERTs, communication and privacy authorities. There is already compelling threat intelligence existing in various pockets across these organizations which would be ever more powerful together.
Just one example is the kind of information we have in private sector when companies like Microsoft and others take proactive disruptive actions against cyber threats, such as Microsoft’s work to fight botnets like Rustock and Zeus. These actions produce valuable intelligence on the actual scope and source of malicious software infections in the world, which can be used to help rescue victims’ infected computers from the remote control of criminals. By effectively cooperating across public and private sector with this kind of information, we can better protect victims, undermine cybercriminal operations by taking away the infrastructure they rely on, and progress towards a safer internet environment for the world.
With this in mind, we are looking forward to be part of the collaborative effort against cybercrime that the European Commission is envisioning.