Transcript European Union policy and initiatives in the area of

European Union policy and
initiatives in the area of
cyberthreats and cybercrime
Massimo Mauro [[email protected]]
Council of the European Union-General Secretariat
ISODARCO Summer Course - Trento, 3-13 August 2002
1
M Mauro-August
2002 ISODARCO
Summer course
Today’s discussion
•
•
•
•
•
•
•
•
•
A definition of cyberthreats and cybercrime: diverging interpretations
The European Union rationale for taking initiatives in both areas
A pragmatic taxonomy of cyberthreats and related defensive measures
Current international and EU legislative framework
The Council of Europe (unrelated to the EU) convention on cybercrime
Initiatives underway within the European Union
Initiatives underway elsewhere
Cooperation with other countries
Conclusion
2
M Mauro-August
2002 ISODARCO
Summer course
• Cyberthreat
Any possible hostile step towards an entity,
substantiated via ICT means
• Cybercrime
Nobody has a clue, not even the Council of
Europe
3
M Mauro-August
2002 ISODARCO
Summer course
Why European Union
initiatives?
COM (2000) 890 final - Creating a Safer Information Society by Improving the Security of Information
Infrastructures and Combating Computer-related Crime [21 January 2001]
“
The information infrastructure has become a critical part of the backbone of
our economies. Users should be able to rely on the availability of
information services and have the confidence that their communications and
data are safe from unauthorised access or modification. The take up of
electronic commerce and the full realisation of Information Society depend on
this.”
COM (2002) 173 final-Proposal for a Council framework decision on attacks against information systems [19
April 2002]
“
Attacks against information systems constitute a threat to the achievement of
a safer Information Society and an Area of Freedom, Security and Justice, and
therefore require a response at the level of the European Union.”
4
M Mauro-August
2002 ISODARCO
Summer course
A MODERN TAXONOMY OF CYBERTHREATS
Assumptions:
“soft” cyberthreats only
target
effect
visibility
attack trigger
A.
B.1
B.2
C.1
C.2
D.1
D.2
D.3
E
trivial (script kiddie’s stuff, e.g .web site defacement)
site-paralyzing and visible (sustained attack, usually TCP/IP based, as e.g. DDOS, SYN-flood)
site-disrupting and invisible(only visible to client, e.g. malicious JavaScript change)
network disrupting and visible(traffic-related, effects visible from target and from client))
network disrupting and invisible (e.g. ARP cache poisoning, DNS attacks, zombie router)
penetrating attack/sleeper (hostile agent in, triggered by a non time-related event)
penetrating attack/time-related(entering host site, operating at a specific time)
infection only (targets are connecting clients)
polymorphic/multiple payload (hostile agent mutates and/or vectors other malicious agents)
5
M Mauro-August
2002 ISODARCO
Summer course
Council of Europe convention on cybercrime
Main scope:
Criminal offences: lots of “classical” crimes, privacy and IPR
violations
Problems:
• no provisions for “hot pursuit” ,
• includes offences which may be easily prosecuted without it
• data requested under it may be used for other purposes, unless
explicitely prohibited
• hopelessly obsolete (network offences not taken into account,
as it covers only “computer data”)
6
M Mauro-August
2002 ISODARCO
Summer course
Defense choices
Who?
CERTs, existing security agencies, special agencies
How?
Passive, pro-active, pre-emptive
Information circulation
Automatic patches, bulletins, authentication
7
M Mauro-August
2002 ISODARCO
Summer course
Dangers and cooperation
• Cyberattacks: how likely?
• International cooperation within and without the EU
(inter alia, the EU cyber task-force)
• What’s happening to privacy in the USA and in the
EU
8
M Mauro-August
2002 ISODARCO
Summer course
Scholarly journal,
thirty years hence…
“ Shielding messages from infiltration vectors by using nonimmunological PAT techniques” M Mauro et al. (EU Federal
Cyberpol Research Unit), Journal of Information
Countermeasures, Vol. 34, April 2032, pp. 56-78
Abstract: “ A new PAT (Patrolling Agent Teams) technique and protocol are described which
allow to slow down infiltration of piggybacked vectors on authentified instantmail messages
using CSMTTP (Certifiably Secure Mailing Two-way Transfer Protocol) on class A and B
infospaces. The authors specify an agent generation mechanism whereby the entire route
followed by the instantmail messages is patrolled, from beginning to end of the messaging
transaction, by extremely hard to spoof pairs of agents(modular, exponential complexity -1
MB key digital signature) exchanging messages, to limit tacking of infectious material (e.g.
polymorphic multiple payload vectors) to the messages by hostiles using covert signalling
channels. Experimental data, obtained via in-vitro simulation, are presented and analysed.”
Classification : none. Compliance level: voluntary only.
9
7.1. Legislative proposals
The Commission will bring forward legislative proposals under the Title VI of the TEU:
* to approximate Member States’ laws in the area of child pornography offences.
* to further approximate substantive criminal law in the area of high-tech crime. This will
include offences related to hacking and denial of service attacks. The Commission will also
examine the scope for action against racism and xenophobia on the Internet with a view to
bringing forward a Framework Decision under Title VI of the TEU covering both off-line
and on-line racist and xenophobic activity. Finally, the problem of illicit drugs on the
Internet will also be examined.
* to apply the principle of mutual recognition to pre-trial orders associated with cybercrime
investigations and to facilitate computer-related criminal investigations involving more
than one Member State with appropriate safeguards concerning fundamental rights.
7.2. Non-legislative proposals
Action is proposed in a number of areas:
* the Commission will establish and chair an EU Forum in which law enforcement agencies,
service providers, network operators, consumer groups and data protection authorities will
be brought together with the aim of enhancing co-operation at EU level by raising public
awareness on the risks posed by criminals on the Internet, promoting best practices for IT
security, developing effective counter-crime tools and procedures to combat computerrelated
crime as well as encouraging further development of early warning and crisis
management mechanisms.
* the Commission will continue to promote security and trust in the context of the eEurope
initiative, the Internet Action Plan, the IST programme and the next framework programme
for RTD. These will include promoting the availability of products and services with an
appropriate level of security and encouragement of a more liberalised use of strong
encryption through a dialogue amongst all interested parties.
* the Commission will promote further projects under existing programmes to support the
training of law enforcement staff on high-tech crime issues and to support research in
forensic computing.
* the Commission will consider providing funding for improving the content and usability of
the database of Member States’ national laws provided by the COMCRIME study, and will
launch a study to obtain a better picture of the nature and extent of computer-related crime
in the Member States.
7.3 Action in other international fora
The Commission will continue to play a full role in ensuring co-ordination between Member
States in other international fora in which cybercrime is being discussed such as the Council
of Europe and G8. The Commission’s initiatives at EU level will take full account of progress
in other international fora, while seeking to achieve approximation within the EU.
(From the Commission Communication on Jan. 2001 on combating cybercrime )
10