Security incidents, natural disasters and cybercrime often transcend national boundaries, and sharing information helps to improve assistance, reaction speed and countermeasures to these events, as well as coordination among States, says international security cooperation body Interpol digital crime investigative support coordinator Bradley Marden.
Specifically, the network of States and partner organisations – including major software and cybersecurity firms – enable Interpol to verify the relevance and validity of information rapidly, which it then shares with members and the relevant parties to take action.
This allows for the significant complexity and speed that typifies modern cybercrime to be combated – a basic cyberfraud incident can involve six countries, often leading to jurisdiction challenges.
Japan-based information and communication multinational NEC global safety division CTO Dr Paul Wang notes that even though the Interpol system is a simple framework of sensing, sense-making and information sharing among members through Interpol as inter- mediary, it allows for better responses and response times, boosting the chances of local authorities arresting suspects, and closing vulnerabilities such as shutting down botnets or informing compromised companies and organisations.
Further, the fusion of information produces much more relevant, detailed and actionable intelligence, which benefits cybercrime investigations and helps to hone responses to future cyberattacks, he notes.
“Compared to a decade ago, many of the attacks are extremely well orchestrated, long term and persistent. This is because international organised crime is involved and, as a result, significant resources are provided for professional cybercriminals, as there is significant financial gain to be made from these attacks,” highlights Marden.
The structure and methods that Interpol uses, operating under the same international standards as a State’s high commission, means that information shared with an organisation does not compromise the originator, as the source of the information is protected and the information can, thus, easily be shared and used collectively for verification, validation and correlation.
Meanwhile, Marden, a cybercrime operations coordinator in the Australian Federal Police prior to his Interpol posting, also emphasises the importance of non-State actors, organisations and private companies in combating cybercrime, citing Microsoft, NEC, Kaspersky Lab and Trend Micro as examples of the partners that share information with Interpol.
“For cyberpolicing, collaboration is necessary to achieve comprehensive digital security in a connected world. We need the industry and law enforcement working together. Indus-try has the tools and ability to monitor and track these events and this has helped Interpol to deal with the complexity by having all the information in one place so that we can catch the people committing cybercrimes.”
Marden advises that all organisations should have a cyberbreach response strategy, with systems in place that can secure critical data, log interactions and contact the security service provider. While this will not prevent attacks, it will limit damage and enable the industry and law enforcement to respond and track the perpetrators with much greater success.