Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary

The purpose of this report is to further explore the cooperation between computer security incident response teams (CSIRTs) (in particular national and governmental CSIRTs) and law enforcement (LE) by adding the important dimension of their interaction with the judiciary (prosecutors and judges). This report follows two reports that ENISA published in 2017: Tools and methodologies to support cooperation between CSIRTs and law enforcement (ENISA, 2017), which focused on technical aspects and Improving cooperation between CSIRTs and law enforcement: Legal and organisational aspects (ENISA, 2017a), which focused on the legal and organisational issues of cooperation; both are available on the ENISA website. This report aims to support the cooperation between CSIRTs and LE, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects, identifying current shortcomings and making recommendations to further enhance cooperation. The geographical coverage is mainly the EU and European Free Trade Association (EFTA). The data for this report was collected via desk research, interviews with subject-matter experts and an online survey. The data showed that CSIRTs, LE and the judiciary are characterised by significant differences in roles and structure. The kind of information to which CSIRTs and LE have access is different, this is one of the primary reasons why sharing information between them is paramount to respond to cybercrime. Across Member States different models/frameworks of interaction exist among the three communities (CSIRTs, LE and the judiciary). Overall CSIRTs interact more with LE rather than with the judiciary. CSIRTs offer support to LE to collect and analyse different types of evidence. CSIRTs are rarely called as witnesses in courts but the material they collect during the incident handling might be used to decide on (cyber) crime cases. Although the cooperation and interaction across the CSIRT, LE and judiciary communities work well in principle, there are still some challenges to be faced. In particular, some legal aspects are seen as the biggest challenge with issues such the diversity of the legal frameworks, data retention, the sharing of personal data (including internet protocol (IP) addresses) and the confidentiality around criminal investigations as well as evidential admissibility of digital evidence

Balancing data protection and privacy : The case of information security sensor systems

This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law. It concludes that the implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law

From old to new: Assessing cybersecurity risks for an evolving smart grid

Future smart grids will consist of legacy systems and new ICT components, which are used to support increased monitoring and control capabilities in the low- and medium-voltage grids. In this article, we present a cybersecurity risk assessment method, which involves two interrelated streams of analyses that can be used to determine the risks associated with an architectural concept of a smart grid that includes both legacy systems and novel ICT concepts. To ensure the validity of the recommendations that stem from the risk assessment with respect to national regulatory and deployment norms, the analysis is based on a consolidated national smart grid reference architecture. We have applied the method in a national smart grid security project that includes a number of key smart grid stakeholders, resulting in security recommendations that are based on a sound understanding of cybersecurity risks