The embracing of the Internet of Things (IoT) has led to the creation of new legal, policy and regulatory challenges which has a broader and complex scope. Europol announced on October 19th that these challenges can be tackled when there is the existence of cooperation between different sectors as well as different stakeholders.
This remark came after a two-day joint Europol conference with ENISA, the European Union Agency for Network and Information Security which had Over 250 industry participants from the private sector, law enforcement, security community, the European Computer Security Incident Response Teams (CSIRT) community, and academia.
This month’s joint conference between the two agencies happens to be the first on the Internet of Things (IoT), focusing on the role that law enforcement plays in responding to the criminal abuse of it.
The risk of criminals “weaponizing” insecure IoT tools and devices, a problem which has already been identified in the 2014 and 2015 editions of Europol’s Internet Organized Crime Threat Assessments and in ENISA’s 2016 Threat Landscape Report, were also highlighted at the conference.
The reality of this problem was attested at the latter stages of 2016 with the outbreak of distributed denial-of-service (DDoS) attacks originating from the Mirai botnet.
“It must be assumed that cybercriminals will develop new variants and enlarge the variety of IoT devices affected by this type of malware,” stated Europol.
“As securing the end device is often technically difficult and expensive to achieve, the focus should, therefore, be on securing the architecture and underlying infrastructure, creating trust and security across different networks and domains,” Europol further recommended.
“There is a need to create stronger incentives to address the security issues related to the IoT”
Rob Wainwright, Europol’s executive director in an issued statement stated that:
“Cyber-criminals are quick to adapt to and exploit new technologies. They come up with new ways to victimize and affect people’s lives and invade their privacy, either by collecting or manipulating personal data or by virtually breaking into smart homes. The Internet of Things is not only here to stay but expected to significantly expand as more and more households, cities and industries become connected. Insecure IoT devices are increasingly becoming tools for conducting cyber-criminality. We need to act now and work together to solve the security challenges that come with the IoT and to ensure the full potential.”
Professor Dr. Udo Helmbrecht, ENISA’s executive director also commented on the problem saying that: “The IoT revolution is beginning to transform our personal lives and the infrastructures that we use on a regular basis such as smart homes, smart energy, and smart health. Manufacturers and operators of these devices need to ensure that security by design has been incorporated into their selection and their deployment.”
He continued by saying that “ENISA is pleased to be working closely with Europol to inform key stakeholders of the important role that the IoT is taking on and the need to be aware of the cyber-security and criminal aspects associated with deploying and using these devices.”
Europol in its continuous efforts to put a stop to dark web use and ransomware attacks have been collaborating over the years with other organizations with the same goal. Many conferences have so far been held with the 5th Europol-INTERPOL cybercrime conference being the most recent. The joint initiative was launched in 2013 and has been held annually ever since.
The current and new threats and trends in cybercrime, the financial aspects of cybercrime, Internet of Things (IoT) security and resilience, strategies to combat ransomware, the criminal abuse of encryption and anonymisation, Darknet market sites, access to data and electronic evidence, and DNS abuse were the talked about at the conference.
Speaking after the conference, Silvino Schlickmann Junior, INTERPOL’s Cybercrime Director stated that: “The current state of cybercrime, reaching all the corners of the world and threatening to undermine the benefits brought by the new technologies, requires a global response. INTERPOL supports law enforcement to tackle the emerging challenges through a number of channels, providing a global platform including not only communication tools but a wide range of services, from capacity building programmes to cyber threat intelligence support. The cooperation with Europol is one of our highest priorities to combat cybercrime in the most effective way.“