The European Union's new EU Law Enforcement Emergency Response Protocol will allow Europol's European Cybercrime Centre (EC3) to coordinate with EU law enforcement authorities in responding to major cross-border cyber-attacks in the days prior to parliamentary elections scheduled in May.
The adoption of the new protol took place within days after members of the European Parliament adopted a resolution condemning the use of disinformation campaigns and cyber attacks by Russia, China, Iran and North Korea "which seek to undermine the foundations and principles of European democracies as well as the sovereignty of all Eastern Partnership countries".
According to Europol, the new protocol is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises and will help EC3 to support EU law enforcement authorities in providing immediate response to major cross-border cyber-attacks through rapid assessment, the secure and timely sharing of critical information and effective coordination of the international aspects of their investigations.
"It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks. Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack," said Wil van Gemert, Deputy Executive Director of Operations at Europol.
Europol to speed up cyber attack detection & response
The EU Law Enforcement Emergency Response Protocol will apply to cyber security events of a malicious and suspected criminal nature and will provide law enforcement authorities the procedures, roles and responsibilities of key players, secure communication channels and 24/7 contact points for the exchange of critical information and the overall coordination and de-confliction mechanism.
The protocol will also enable law enforcement authorities at member states to make full use of Europol’s resources to respond to cross-border cyber attacks and to investigate such events. At the same time, they will also be allowed to collaborate with the network and information security community and relevant private sector partners in investigating cyber attacks.
The protocol will also include seven core stages that include early detection and identification of major cyber attacks, classification of threats, emergency response coordination, early warning notification, the use of law enforcement operational action plan, investigation and multi-layered analysis, and emergency response protocol closure.
According to Europol, incident-driven and reactive responses were insufficient to address the unprecedented WannaCry and NotPetya cyber-attacks and therefore, the adoption of the new protocol will enable greater coordination between law enforcement agencies and private partners to detect, mitigate and investigate cyber attacks and to identify actors behind such attacks.
"It strives to complement the existing EU crisis management mechanisms by streamlining transnational activities and facilitating collaboration with the relevant EU and international players, making full use of Europol’s resources. It further facilitates the collaboration with the network and information security community and relevant private sector partners," Europol added.