{"id":15942,"date":"2019-07-30T08:00:37","date_gmt":"2019-07-30T16:00:37","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/07\/30\/news-9686\/"},"modified":"2019-07-30T08:00:37","modified_gmt":"2019-07-30T16:00:37","slug":"news-9686","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/07\/30\/news-9686\/","title":{"rendered":"Council of EU Law Enforcement Protocol improves cross-border cooperation"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Tue, 30 Jul 2019 16:00:00 +0000<\/strong><\/p>\n<p>Last March, the Council of the European Union announced the new <a href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/law-enforcement-agencies-across-eu-prepare-for-major-cross-border-cyber-attacks\" target=\"_blank\" rel=\"noopener\">EU Law Enforcement Emergency Response Protocol<\/a> to address the growing problem of planning and coordinating between governments, agencies, and companies when cyberattacks occur across international boundaries. Remember well-known incidents such as NotPetya and WannaCry? They\u2019re good examples of how cyberattacks can simultaneously impact organizations and other entities in two or more countries. This especially applies to multinational corporations since they have footprints in multiple jurisdictions.<\/p>\n<p>In reading through the Protocol, a few key items are worth noting:<\/p>\n<ul>\n<li><strong>There\u2019s a focus on process<\/strong>\u2014It\u2019s so good to see them focusing on process (and not only on technology). Too many regulations and rulesets talk about technology as if it\u2019s the sole solution to all problems. To truly resolve cybersecurity attacks and to mitigate downstream implications quickly, it takes the combination of <strong>technology + people + process<\/strong>.<\/li>\n<li><strong>Operational Technology (OT) systems and risks need more attention<\/strong>\u2014For many years, OT systems have been increasingly attacked by adversaries. While the focus on IT in the Protocol is logical, the omission of OT factors keeps it from being an even stronger and more robust document. The new Protocol explicitly calls out this problem when it says, &#8220;\u2026to establish the criminal nature of the attack, it\u2019s fundamental that the first responders perform all required measures \u2026 to preserve the electronic evidence that could be found within the IT systems affected by the attack, which are essential for any criminal investigation or judicial procedure.&#8221; This omission of OT systems is all the more confusing when the <a href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/law-enforcement-agencies-across-eu-prepare-for-major-cross-border-cyber-attacks\" target=\"_blank\" rel=\"noopener\">website<\/a> announcing the Protocol states that, \u201cThe possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable.&#8221;<\/li>\n<li><strong>Operational alignment is well-executed<\/strong>\u2014Praise is deserved for the outstanding effort to coordinate multi-stakeholder processes using existing resources and teams. For instance, a partial list of the entities working on these issues in Europe includes <a href=\"https:\/\/www.europol.europa.eu\/about-europol\/european-cybercrime-centre-ec3\" target=\"_blank\" rel=\"noopener\">Europol&#8217;s European Cybercrime Centre (EC3)<\/a>, the <a href=\"http:\/\/www.ecsirt.net\/\" target=\"_blank\" rel=\"noopener\">European Union&#8217;s Cybersecurity Incident Response Team (CSIRT) Network,<\/a> the <a href=\"https:\/\/www.enisa.europa.eu\/\" target=\"_blank\" rel=\"noopener\">European Union Agency for Network and Information Security (ENISA)<\/a>, and other EU member law enforcement groups. While everyone has the best interest of preventing and responding to cyberattacks at heart, ensuring the alignment and optimal use of existing resources makes very good sense.<\/li>\n<li><strong>Important cross-border thinking adds value<\/strong>\u2014Cyber-adversaries pay no attention to boundaries, so it\u2019s important to defend against these problems with a similar mindset that embraces diverse thinking. Countries that cooperate and coordinate their efforts are likely to detect and identify cyber-adversaries faster and more comprehensively if they approach the problem as a united front. This cross-border way of thinking should be an example for other regions of the world.<\/li>\n<\/ul>\n<p>The improvements to the EU Law Enforcement Emergency Response Protocol are invaluable. By streamlining and strengthening their cross-border approaches, protocols, and ways of communicating, efforts to thwart attacks can begin immediately and proceed more effectively.<\/p>\n<p>Preserving electronic evidence makes finding and punishing the perpetrators a priority. However, work still must be done on developing plans and protocols to mitigate damage to OT systems, and I hope they prioritize this focus for their next iteration.<\/p>\n<h3>Learn more<\/h3>\n<ul>\n<li><strong>Complete an offline assessment of your Active Directory<\/strong>\u2014<a href=\"http:\/\/download.microsoft.com\/download\/1\/C\/1\/1C15BA51-840E-498D-86C6-4BD35D33C79E\/Datasheet_Offline_ADS.pdf\" target=\"_blank\" rel=\"noopener\">Assess your Active Directory security posture<\/a> and reduce support costs by exposing and remediating configuration and operational security issues before they affect your business.<\/li>\n<li><strong>Learn more about the cybersecurity risk landscape<\/strong>\u2014Watch this Microsoft Digital Crimes Unit overview <a href=\"https:\/\/youtu.be\/IeKOxl_JSK8\" target=\"_blank\" rel=\"noopener\">video<\/a> to learn more about how Microsoft is working with public and private partners.<\/li>\n<li><strong>Discover how the Microsoft Incident Response and Recovery Process can help<\/strong>\u2014Read about our <a href=\"http:\/\/download.microsoft.com\/download\/5\/1\/6\/516F59A7-91EE-4463-8612-C85FD3BEBDC7\/microsoft-incident-response-and-recovery-process-brief.pdf\" target=\"_blank\" rel=\"noopener\">expert security services<\/a> that are available in case an incident occurs.<\/li>\n<\/ul>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/30\/eu-law-enforcement-protocol-improves-cross-border-cooperation\/\">Council of EU Law Enforcement Protocol improves cross-border cooperation<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/30\/eu-law-enforcement-protocol-improves-cross-border-cooperation\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Tue, 30 Jul 2019 16:00:00 +0000<\/strong><\/p>\n<p>The new EU Law Enforcement Emergency Response Protocol addresses the growing problem of planning and coordinating between governments, agencies, and companies when cyberattacks occur across international boundaries.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/30\/eu-law-enforcement-protocol-improves-cross-border-cooperation\/\">Council of EU Law Enforcement Protocol improves cross-border cooperation<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[14715,12657,17187,21483],"class_list":["post-15942","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-cybersecurity-policy","tag-incident-response","tag-security-intelligence","tag-threat-protection"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15942"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15942\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}