On Monday (June 2, 2014), representatives from the International Criminal Police Organisation (Interpol) and IT company NEC spoke on the issue of fighting cybercrime at the Interpol-NEC breakfast seminar held in Singapore.
Approximately 30 industry professionals, including those from government and the security industry attended the meeting. The first speaker, Madan Mohan Oberoi, Director, Cyber Innovation and Outreach, Interpol Global Complex for Innovation, kick started his presentation with the announcement of the upcoming Interpol Global Complex Innovation, which will be based in Singapore. It is currently nearing completion, and will be formally inaugurated in April 2015.
According to Oberoi, the complex aims to fulfill Interpol's vision of tackling crime threats of the 21st Century by strengthening police cooperation and enhancing police capabilities. It will house cutting-edge research and development facility for the identification of crimes and criminals, especially in the field of digital security; as well as provide innovation-based training and 24/7 operational support to police worldwide.
Following the announcement, Oberoi emphasised that there needs to be a global effort in fighting cybercrime -- the private sector needs to become more involved in law enforcement investigations to give police the edge they need.
Three pillars of combating cybercrime
Interpol has come up with a guide on how to tackle online crime. It is based on three pillars -- harmonisation, capacity development, and operational support -- that Oberoi wholly termed as the "global alliance to fight cybercrime."
Harmonisation refers to the unification of perspectives. There are different jurisdictions involved in cybercrime investigations; and each of them has a different legal framework. Oberoi highlights that Interpol is working towards overcoming these varying legal structures to develop a more common approach.
As part of its harmonisation efforts, Interpol has launched its own National Cyber Reports, which reviews elements such as the legal infrastructure, human resource capacity, and the institutional framework of its member country.
As for capacity development, Oberoi noted two main issues with respect to it. Firstly, there are many redundancies and duplications happening in the area that requires a lot of resources. For instance, if a law enforcement agency says that it needs training in a particular area, many organisations step up to the plate to offer their help. However, Oberoi advised that "if we don't optimise resource allocation, we will be multiplying our problems."
The second issue that concerns capacity development is that often, many organisations are carrying out training in different phases, depending mostly on the availability of resources. This means that although capacity building effort is taking place, the structure is missing. Therefore, Interpol has taken up the responsibility to come up with modular standardised training structures. Oberoi claims that Interpol is currently in contact with many universities and private sectors to help them in this effort.
The last pillar, research and innovation, refers to the lack of technically qualified people within law enforcement agencies, as well as its lack of dedicated research support. Interpol intends to bridge this gap by providing its research facility for its member countries. In addition, Interpol has also been organising security seminars and hackathons, as well as releasing research papers on security threats and future trends to educate others on the cyber security environment.
Interpol's contribution in battling cybercrime
Besides providing operational and investigative support to law enforcement agencies, Interpol also provides round-the-clock cyber network for various coordination efforts, cyber threat taskforce, as well as Interpol cyber alerts.
Within the Interpol Digital Crime Centre (IDCC), Interpol has established a Digital Forensic Lab and a Cyber-Fusion Centre. The Digital Forensic Lab focuses on identifying and testing digital forensic technology and methodologies to help investigators in digital crime investigations. Its activities include trend analysis, testing of forensic tools, development of best practices, and capacity building and training.
On the other hand, the Cyber Fusion Centre is the "nerve centre of Interpol," said Oberoi. It provides a platform for law enforcement agencies to collaborate with the Internet security industry to combat digital crime. It will also provide expertise to national cybercrime units during enquiries, coordinate cross-border investigations and deploy investigative support teams to assist national law enforcement agencies during investigations following a serious cyber crime incident.
Summing up his presentation, Oberoi stressed that effective law enforcement cannot happen in isolation, which explains why Interpol is constantly building new partnerships with a diverse range of international organisations and the private sector to form a powerful force against crime.
At present, Interpol is at various stages of engagement with public sector organisations such as International Communication Union (ITU), United Nations Office on Drugs and Crime (UNODC), European Cybercrime Centre (EC3) and Internet Corporation for Assigned Names and Numbers (ICANN) -- just to name a few -- as well as other various companies in private sectors, said Oberoi.
Taking over the stage from Oberoi, is the second and final speaker, Quek Joo Khuan, Director, Regional Sales and Business Development, Public Safety, of NEC Asia Pacific. Quek first shared some statistics with the audience that indicates that the rate of cybercrime has steadily increased for the past ten years.
After emphasising the severity of this issue, Quek went on to share NEC's solutions to fight against cybercrime. He highlighted five key aspects on how NEC counters cybercrime: research and development (R&D), solution development, processes and procedures, intelligence and trends, as well as awareness.
NEC's strategy and solutions
"We have to conduct R&D so as to achieve results to come up with solutions to improve cyber security," said Quek. Since the nature of cyber threats have become more sophisticated, it is imperative to develop more complicated solutions and systems to counter these advanced threats, he added.
These solutions must complement the processes and procedures developed. Since NEC's customers come from different backgrounds -- they may be from the private or public sector, or even be a single individual -- it is necessary for these solutions to be tailored to their needs, as each one requires different kinds of protection.
"These solutions must be able to prevent and detect the intrusion. And in the event of an intrusion, we have to be able to respond and recover in time. We have to be accountable for these attacks, which involves tracing their source and location. We also have to be proactive and be more aware of the situation so that we can preempt future actions," Quek said.
With these solutions in place, a set of processes and procedures has to be developed. It has to follow technology standards, which means that they have to be interoperable and not contradict each other. They also have to aid in eco-system efficiency in private sector production, software or hardware; as well as include cost-effective solutions. This standardisation will improve operational efficiencies, enhance inter-agency collaborations, and ultimately deliver better business outcomes.
Next, Quek emphasised that it is important to be aware of the intelligence and trends in the global market as things are constantly changing. Everyone needs to be fully aware of what is taking place in the cybersecurity landscape so as to be able to stay one step ahead of the hackers and anticipate their next move.
"One way to prepare ourselves is to beef up our systems to make sure that it is updated with the latest preventive measure," Quek said. Other ways include training people to fully enable them to operate the system, as well as constantly ensure that the solutions and systems implemented are functioning perfectly well.
In line with this, NEC also supports Interpol with technical and human resources to implement the IDCC at the future IGCI in Singapore.
The last important aspect is leadership in raising security awareness amongst the private sector organisations. It is worrying to note that although most private sector players are not knowledgeable about cyber security, they are the ones often running the critical infrastructures. In most matured economies, this proportion is estimated to be a significant 80 percent.
As such, NEC has carried out several activities such as proof of concept (POC) and training workshops across South East Asia, Middle East, Africa, Japan and Singapore to promote awareness to its customers and potential partners. Its most recent workshop was held in Rwanda last year, and NEC is looking forward to holding another one in Saudi Arabia in the near future, said Quek.
Rounding up these five points, Quek stressed that prevention is better than cure. "We cannot just depend on law enforcement agencies to solve cyber crimes when it happen. If everyone takes care of their own cyber security, cyber crimes can be better contained," he said.