Cyprus, a leader in dealing with the increasing challenge of cyber threats, says Europol Executive Director

Cyprus is a leader in dealing with the increasing challenge of cyber threats, but whatever the crime might be, Europol is committed to continue supporting the Cypriot authorities in their fight against organised criminality affecting the island itself and Europe more widely, Europol Executive Director Catherine De Bolle, has told Cyprus News Agency in an interview.

De Bolle was appointed Head of Europol last March. She previously served as Commissioner General of the Belgian Federal Police. In her first months at the helm of Europol, she made it a priority, as she told CNA, to listening to Europol’s main stakeholders – law enforcement in EU Member States.

The New Executive Director visited Cyprus recently and held meetings with the Cyprus Chief of the Police and the Minister of Justice and Public Order, covering a range of topics from cybersecurity and cybercrime to terrorism, human trafficking and drugs. In her interview De Bolle pointed out that Cyprus takes the threat of Cybercrime very seriously and she praised the expertise Cyprus has built in this area.

«I have been busy touring Europe to meet with the chiefs of police and listen to their expectations ahead of the annual European Police Chief Convention that Europol will host later this year. It is important for me that Europol is supporting law enforcement in the field by being responsive to the operational needs and concerns of the Member States. Europol has achieved very significant operational results in the past few years, but this is only possible working with police in the Member States. In line with this, I have carefully listened to the views of the Chief of Police on the work of Europol. Cyprus is a valuable and reliable partner for our Agency,» she told CNA.

Replying to a question about the fight against terrorism and how the Member States cooperate, given that sharing of information and coordination is essential, De Bolle underlined the fact that Cyprus experiences lower crime rates than the rest of the EU and terrorism is not one of the main concerns.

She said that because of its geographical location, the migrant crisis also affected Cyprus, adding that «people smuggling is probably one of the main crimes on the island».

Europol Head made special reference to Cybercrime, saying that «Cyprus is a leader in dealing with the increasing challenge of cyber threats».

«But whatever the crime might be, we are committed at Europol to continue supporting the Cypriot authorities in their fight against organised criminality affecting their country, and Europe more widely», she underlined.

We asked De Bolle to assess the investment of the Cyprus Police in its capacity development to fight Cybercrime, having in mind that Cybercrime is on the rise and many critics argue that the Police in general, not only in Cyprus, invest too little compared to the size of the Cybercrime.

De Bolle noted that Europol does not have direct visibility on the level of investment in each Member State in relation to criminal investigations.

«However in my discussions with the Police Chief and the Minister (of Justice) it is clear to me that Cyprus takes the threat of Cybercrime very seriously. We discussed how best European Cybercrime Center (EC3) can support the Cypriot Police and how we might make use of the expertise Cyprus has built up in this area», she said.

She did point out that capacity building is a crucial component for addressing cybercrime effectively and added that while Europol’s main goal is to provide operational support to combating cybercrime, the agency recognises the need for supporting the capacity building efforts, especially focused on the law enforcement community.

«As such, Europol’s Cybercrime Center delivers three signature cybercrime training courses for each of its mandated cybercrime areas (Combating the Online Sexual Exploitation of Children, Payment Card Fraud Forensics, and Open Source Forensic IT). Europol’s EC3 is also actively collaborating with CEPOL (European Union Agency for Law Enforcement Training), ECTEG (European Cybercrime Training and Education Group) and other key players, towards joint cybercrime training modules and programmes and has also delivered trainings to Cypriot law enforcement on matters such as mobile phone analysis, cryptocurrency investigations, among others,» she said.

According to Europol Head, whether the investment into capacity building is enough on Member State level is a determination that each Member State has to make for itself.

«We prefer to focus on how we can contribute through providing these training sessions and sharing our knowledge and expertise across all Member States», she said.

In the field of Cybercrime and cybersecurity, ENISA, the EU Agency for Network and Information Security will soon be the Cybersecurity agency of the EU. CNA asked De Bolle to elaborate on the role of Europol or a National Law Enforcement Agency (LEA) and the level of cooperation with Information Sharing and Analysis Center (ISACs), having in mind that ENISA does not have operational capabilities, but just a policy and coordination mandate and it coordinates in European level with ISACs, whose role is instrumental for Cybercrime and fight against Cybercrime.

Europol Head pointed out that Cybersecurity is a much broader area than Cybercrime and that the two terms should not be used synonymously. Cybersecurity, De Bolle said, entails cyber resilience, network and information security, cybercrime, cyber defence, cybersecurity awareness raising and prevention, cyber diplomacy, etc.

Cybersecurity incidents, she said, can take place without criminal involvement; some cybersecurity incidents result from technical failures, man-made errors or natural disasters.

«Due to the complexity and interconnectedness of cybersecurity matters, cybersecurity is a collective responsibility which requires the involvement of a multitude of actors from the public and private sector, as well as private citizens. To reflect this reality, the cybersecurity responsibilities within the EU institutional framework have been allocated to different Union bodies and agencies such as ENISA, Europol, European Defence Agency (EDA), the Computer Emergency Response Team (CERT-EU), the European External Action Service (EEAS) etc», she told CNA.

As De Bolle pointed out, ENISA is responsible for supporting the EU Member States with expertise on network and information security related matters, while Europol’s dedicated European Cybercrime Centre (EC3) is responsible for supporting the law enforcement authorities in combating cybercrime and investigations in its mandated areas.

«As such, the two agencies play a complementary role and collaborate actively to avoid duplication and to create synergies where relevant and possible. Examples of such activities include the annual law enforcement workshop and joint prevention campaigns, among others», she told the CNA.

She pointed out that the alignment and de-confliction of planned cyber activities occurs also via the existing Europol EC3 Programme Board, where Europol, ENISA, CERT-EU, EEAS, INTERPOL and others sit together biannually. Furthermore, De Bolle said that Europol, ENISA, CERT EU and EDA recently signed a memorandum of understanding in relation to cooperation on matters relative to cybersecurity and cybercrime.

«Within the current legal framework, Europol collaborates primarily with the national competent authorities appointed by each Member State. The roles and responsibilities of Europol towards this end are clearly stipulated in the Europol Regulation and EC3’s mandate. This ensures the confidentiality and integrity of the cybercrime investigations», De Bolle said.

Regarding the ISACs in particular, Europol Head said that the creation of such bodies at national or sectoral level has been encouraged by the EU legislation such as the NIS Directive (Directive on security of network and information systems).

Europol Executive Director clarified however that the establishment, specific roles and interaction of these with other cybersecurity and competent authorities at national level, is a decision to be taken by the Member State.

De Bolle said that some sectoral ISACs and corresponding Computer Security Incident Response Teams (CSIRTs) have already been created such as the EU FI-ISAC in the financial sector.

«Europol collaborates effectively on a strategic level with members of the EU FI-ISAC –through its Advisory Group on Financial Services – and is also invited to their meetings. As such, Europol serves as the voice of the EU cyber law enforcement and can engage on a strategic level with such partners. Through these partnerships, EC3 can exchange non-operational data on key threats and trends. Due to the existence of such partnership networks and platforms, as well as the close relationship with ENISA and the CSIRT community, Europol can, in the case of cybercrime-relevant matters, engage with such partners in accordance with the applicable rules and procedures», she explained.

CNA asked De Bolle to assess the cooperation between the Joint Parliamentary Scrutiny Group on Europol (JPSG) which was set up a year ago.  This parliamentary scrutiny body, composed of members of national parliaments and of the European Parliament is tasked with political monitoring and examination of Europol’s activities.

«The results of the cooperation with the JPSG have been very positive for Europol. Two meetings have already taken place and the Rules of Procedure have been adopted, which equips the JPSG with effective tools to perform its oversight scrutiny prerogatives. In my view, the JPSG provides Europol with the great opportunity to outreach to the national level and raise awareness on Europol’s added value», she said.

Trafficking was another issue brought up in her discussions with the Chief of the Cyprus Police on her recent visit to the island and we asked her to evaluate the measures taken on behalf of Europol in cooperation with the Member States in combating trafficking, amid the huge migrant and refugee crisis.

She said that the launch of Europol’s European Migrant Smuggling Centre in 2016 was a major element of the EU’s response to the migration crisis that began to unfold in 2015. Fortunately, she pointed out, the numbers of irregular migrants arriving in the EU have fallen since then, «but there are still far too many reckless smugglers».

«Migrant smuggling continues to represent a highly-profitable business in which criminal syndicates enjoy low risk of detection and punishment. Furthermore, the business model of criminals involved in migrant smuggling is continuously evolving and responding to the dynamics and the needs of the migratory flows impacting the EU. These factors highlight the need to continue developing comprehensive and coordinated responses across and between affected continents to efficiently combat migrant smuggling», she said.

According to De Bolle, adaptable, innovative and agile support to EU Member States in the fight against this serious crime is required, in order to face new challenges and that is where Europol is investing its efforts and allocating resources.

CNA