The Cyprus authorities are well equipped to cope with a major cyberattack incident, the Head of the Police Office for Combating Cybercrime and Digital Forensic Lab Andreas Anastasiades, has told the Cyprus News Agency.
Anastasiades spoke to CNA on the occasion of the European Cybersecurity Month, an awareness campaign month, held every October. The Cyprus Police, along with other major stakeholders, will be involved in the awareness month through organizing various events and information campaigns.
«The Republic of Cyprus is prepared at a fairly good level and we are convinced that we can cope with any major cyberattack case. Of course, this cannot be done only by those involved in such incidents, but always in cooperation and collaboration with partners such as Europol and Enisa, the European Union Agency for Network and Information Security», he said.
Anastasiades told CNA that recently a Digital Security Authority was set up to identify, at an early stage, any anticipated cyberattacks and to coordinate with all the relevant actors.
His Office regularly attends preparedness exercises organized by Enisa, in cooperation with the Office of Electronic Communications & Postal Regulations (OCECPR) and the Digital Authority and the results are pretty positive. He explained that in order to have better response and management, there are reaction protocols that define the role of each organization during an attack.
“As far as the education and infrastructure are concerned, I can say that we are at a very good level, the members of our crew are well trained and we have a state-of-the-art equipment. This has been achieved through European funds we have received, in the framework of the Internal Security Fund-Police Cooperation. Members of our team are certified trainers in other countries and some already work for Europol”, he said.
Anastasiades noted that cooperation and collaboration with the private sector is certainly necessary and Memoranda of Understanding and Cooperation have already been signed with various agencies. Efforts are underway in order to form new partnerships, he told CNA.
“We work closely with OEB (the Employers and Industrialists Federation), the Bank Association, Internet Providers and many other companies and organizations. Our cooperation with the private sector is very important for us and we are open for further cooperation”, he said.
Anastasiades pointed out that the public should realize that cybersecurity and cybercrime are two different things but related to each other. Cybersecurity is the term covering the broader security of network systems that also covers the security of the users.
“On the other hand, the term cybercrime refers primarily to crime against computer systems and is divided into three main categories: a) content-related offenses (child sexual abuse over the Internet); b) attacks against computer systems; and c) crimes facilitated through internet (scams),” he explained.
His Office, he added, is responsible for investigating and preventing cybercrime, especially whatever falls into the above first two categories. At the same time, the Office takes part in the cyber security strategy of the Republic of Cyprus, which is under the umbrella and responsibility of OCECPR.
“A prevention strategy for cybercrime has been developed and approved by the Council of Ministers and it is managed and overseen by a ministerial committee. Within the framework of the national prevention strategy and the prevention policy of our Office, we often try to raise public awareness through the Press and the Media. We want to inform the public of the dangers and threats. At the same time, in cooperation with Europol, the Bank Association and other stakeholders, we are launching a public awareness week to start October 17.”
He notes that there are many dangers on the internet and every internet user must be extra vigilant.
“The public must know that every action on the internet is recorded, but at the same time we need to know that the internet has anonymity and the perpetrators have adapted the methods they use for public fraud in order to achieve their unlawful objectives. Unfortunately, despite all the measures we have taken to inform the public, there are constantly new complaints about fraud, deceit, money fraud and various other offenses. Internet give us lots of prospects, however each one of us will have to assess the dangers, when posting personal information or giving money to others.”
Anastasiades pointed out that the Cyprus Police are constantly assessing new technologies and how these evolve and take part in drafting the European Union`s business plans for cyber attacks and children’s sexual abuse via the Internet.
The main threats are: Ddos Attacks, Malware distribution, Ransomware, P2P child sexual abusive material distribution and End to end encryption.
The Office for Combating Cybercrime of the Cyprus Police has been invited to organize training seminars in third country law enforcement agencies on behalf of CEPOL, the European Police College. As Anastasiades pointed out, this is the result of the high level of knowledge and technology the Office uses.
“As I noted before, members of our Office are designated trainers in various educational programs around the world. CEPOL has asked members of our Office to prepare an education program and to provide courses in third countries. These courses relate to the effective investigation of cybercrime. This acknowledgement of our Office’s know-how and level of training is determined by the constant upgrading of our Office in all areas, the positive results of our various activities and the ongoing cooperation with Europol, ” Anastasiades said.
As regards child pornography and the involvement of his Office in combating this crime, Anastasiades firstly noted that the term child pornography, following a study by Europol`s EC3 Center, is wrong because it gives the wrong impression both to the public and the enforcement authorities.
“The correct term we use is Child Sexual Abuse or Child Sexual Exploitation. For the sake of clarity, it must be stressed that there is a victim behind every child`s photo or video uploaded on the internet. It is irrelevant if this victim is in Cyprus or abroad. What is of great importance and the public needs to comprehend is that anyone who owns or disseminates such material or even invites a child to participate in such offenses, is in fact abusing or victimizing a child who for whatever reason has been abused in another country,” he said.
He said that the issue of child abuse is pretty serious in Cyprus and there has been a rise in the recent years but this , according to Anastasiades, does not mean that cases have suddenly increased. These cases were always there and they will continue to occur, he said.
“In recent years, the Police have developed a strong cooperation with various organizations and bodies at both European and international level, and have received additional comprehensive information on new incidents. In 2016 we had 126 cases, in 2017 130 incidents and in 2018 so far we have 105 incidents. We are puzzled by the extent of the problem, as the Police have made a great effort to fight this crime, we have arrested many people and we have a lot of successful investigations, but the crime continues to increase,” he said.
He noted that the Police, and in particular his Office, is trying to raise awareness and to inform the public about the online dangers. However, he said, what needs to be understood at the same time, is that cybercrime is an international crime and the investigation of such offenses is difficult and time-consuming.
Anastasiades moreover said that his Office has a high evaluation on the so called Genval Evaluation Reports of the EU on cybercrime for 2016, especially in the field of investigation, forensic examination of documents, prevention and absorption of European funds.
He made an urgent appeal to the public to contact his Office for any questions or worries on issues related to online activities. The Police have also set up a complaints-reporting platform at www.cybercrime.police.gov.cy where the citizens can report incidents such as Content -related offenses (child sexual abuse) and other Offenses exclusively related to hacking and fraud.