European Union Agency for Network and Information Security (ENISA) has recently released the report on Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement.
The report aims to support the cooperation between CSIRTs – in particular national/governmental CSIRTs – and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation, identifying current shortcomings, and formulating and proposing recommendations on technical aspects to enhance the cooperation.
The data collected for this report confirm that CSIRTs and LEAs often exchange information during an incident handling/investigations, both formally and informally and that trust is the key success factor in their cooperation. Other findings of these reports are:
- The information sharing between CSIRTs and LEAs happens more ad-hoc than in a systematic manner;
- CSIRTs and LEAs have different objectives and ways to collect and process information. However, there is an increased reciprocal understanding of needs between the two communities;
- CSIRTs and LEAs face some challenges when they cooperate; these challenges are of more legal and organisational essence than technical.
To enhance CSIRT-LE cooperation, among others, the following is proposed:
- Build and maintain a centralised repository of tools and methodologies, forms and procedures, used for the cooperation between CSIRTs and LEAs in the EU;
- Place liaison officers on both ends;
- Further invest in CSIRT-LEA training and skills development.
I am proud for having contributing to this report and hope you find it useful. Any feedback would be more than welcome!