Education andresearch inthe areaof cybercrime

VáclavStupkaCzechCyberCrimeCentreofExcellence

Why it all started?• Demand for research anddevelopment intheareaof cybercrime

• MasarykUniversity– Instituteof law andtechnology&CSIRT-MU– Instituteof computer science– Faculty of Informatics– Faculty of social science– etc.(ad-hoccooperation)

• Focusontechnologylaw(ICTlaw,dataprotection,intellectualpropertylaw,energylaw,etc.)

• Longtermcooperationwithpublicauthorities• Expertiseintheareaofcybercrime&cybersecurity

• http://cyber.law.muni.cz

Instituteoflawandtechnology

CSIRT-MU• ComputerSecurityIncidentResponseTeamofMasarykUniversity

• PartoftheInstituteofComputerScience• AccreditedbyTrustedIntroducer• LongtermexperiencewithR&Dinthefieldofnetworksecuritymonitoring

• http://csirt.muni.cz

Howitallstarted?• Cooperation(CSIRT-MU,ILT,RAC&partners)• Growingdemandforexpertadvices• Abilitytofindcommonlanguage• EstablishmentofC4e– ECDGHomeproject(2013)

• https://www.C4e.cz

Whatdowedo?• Cooperation• Research• Education• Development• Consultations

Cooperation• Whattofocuson?• Whatdowe(orsomeoneelse)alreadyknow?• Whatcanweprovide/share?• Howcanwecollaborate?

Internationalcooperation• Europol (EC3)

– taxonomy,– lectures forLEA

• ENISA– taxonomy– sharingofknowledge

• NATO– taxonomy,– studyprograms

• UN– sharingoftoolsandknowledge

• TF-CSIRT– sharingoftools,knowledge,bestpractices,etc.

• Nationalresearchandeducationinstitutions– ad-hoccooperation,researchprojects,sharingofknowledgeandtools

Nationalcooperation• NationalSecurityAuthority

– sharingofknowledgeandtools– trainingandeducation:coursesandexercises(CyberCzech)– attendance atexercises: LockedShields,CyberEurope,EDA

• Police– sharingofknowledgeandtools,consulting– trainingandeducation– cooperationwithPoliceacademy

• ArmyandMinistryofDefense– consulting

• Intelligence services– Consulting

• MinistryofInterior– Researchanddevelopmentprojects(KYPOlatertoday,SABU– sharingofcybersecurityeventsdata)

• Judicialacademy,Publicprosecutorsoffice,Judges– Trainingandeducation,consulting

• Expertboardoncybercrime andcybersecurity– Whattofocuson?

Cooperationwithprivateentities• Attendanceatconferencesandworkshops• Expertopinions• CERITsciencepark

Research• Legal– Substantiveandprocedurallaw– Whatisandshouldberegardedtoasthecybercrime?– Whatproceduresareandshouldbefollowedduringinvestigation?

– Howtoinvestigateit?– Howtohandleevidence?– Howtocooperateinternationally?– Howtocooperatewithprivateandpublicauthorities?

• Focusoftheresearchisdiscussedatthemeetingoftherectorsexpertadvisoryboard.

Education- national• Lecturesandtrainings

– Judicialandpoliceacademy(cybercrimeinvestigation,digitalevidencehandling,intellectualproperty,dataprotection)

– Ad-hoctrainings(forinvestigators,experts,publicprosecutors,etc.)

– KYPOhands-ontrainingandexercises(sysadmins,CSIRTmembers)

• Bachelordegree(ICTsecurity)withUniversityoftechnology

• Mastersdegree(Cybersecurity– interdisciplinaryandlaw)• Doctoralstudyprogramme

Education- international• Jointdoctoraldegree– withUniversityofHaifa

• Mastersstudyprogrames NATO(MultinationalCyberDefenseEducationandTrainingProject)

• Ad-hoccoursesandtrainings– NATO

Education- regularevents• Seminars:– iSysel– Cybercake

• Conferences– Cyberspace– Czechlawandinformationtechnologies

• SummerschoolonICTlaw

Development• Tools,• methodologies,• bestpractices.

Forensictools• Networkandhostforensics– Trafficreconstruction– Automatedfirstsightoverview

• Honeypots• Digitalforensiclaboratoryexaminationandmanagementsystem

• Tutorialsforusers&virtualimagewiththetools

TaxonomyofCSI• ToolforCERTteamsandLEA• PreparedincooperationwithNSAandPolice,alsopresentedanddiscussedatENISA/Europolmeetings

• Individualtypesofcybersecurity incidents– Isitcrime?(czech lawandCoC)– Whotonotify?– Whatinformationtoshareandwithwhom?– Howtoproceed?– Howtohandleevidence?

Guidebookondigitalevidenceincriminalproceedings

• Generaloverviewofczech procedural lawrelatedtodigitalevidencehandling

• Guidanceforhandlingofspecifictypesofevidence:– Email– Personalprofiledata– Website– Trafficandlocationdata– Interceptionrecords– Mobiledevices– Cybersecurityincidentsdata

BookonInterceptionanddataretention

• Analysisofthelegislatureandcaselawrelatedtointerceptionofelectroniccommunication

• Comparisonwithforeignapproaches• Liablility ofserviceproviders• ProceduraltoolsforLEA• Proceduraltoolsforinternationalcooperation• PartofstudyfromMaxPlanckInstitute

Plansforthefuture?• SENTER– followup projectfocusedon:StrengtheninternationalcooperationofCoEs

• Internationalresearchprojects(H2020)• MasterswithNATO• CyberOlympics– Estonianledinitiativeforhighschool student(participation)

• Doctoralstudies(withpublicauthorities)• Growthofthecenter– morespecializedlabs• Methodologiesbasedonthetaxonomy

THANKYOUvaclav.stupka@law.muni.cz