EU: Cybersecurity and law enforcement authorities

Cybersecurity is an issue of growing importance in EU institutions, with negotiations on a renewed Directive on network and information security underway. Documents published here show that last September, the Slovenian Presidency of the Council started a discussion on stepping up the role of law enforcement agencies in cybersecurity affairs, and this month the EU will launch a cybersecurity exercise seeking to test its "resilience" to a cyber-attack by a hostile state actor on vital economic supply chains.


Law enforcement in cybersecurity

NOTE from: Presidency to: Delegations: Enhancing the role of law enforcement in cybersecurity (Council doc. 11719/21, LIMITE, 16 September 2021, pdf, all emphasis added):

"It is clear, however, that [the role of law enforcement authorities] can and should be even more expansive especially in the current setting where polycriminality and holistic threats against the internal security of individual Member States or the EU as a whole are often difficult to pull apart and their origins or objectives often tricky to identify."

The document argues:

"...it would be useful to link law enforcement to a more integrated approach to cybersecurity - and to ensure that law enforcement is not forgotten when cybersecurity strategies are prepared and relevant roles allocated. Law enforcement is an expert on accessing and safeguarding data and evidence, which is often at the very centre of malicious attacks, whether on critical networks or personal computers, and it could contribute towards not only investigating but also effectively countering and preventing these attacks. Law enforcement is well versed in the constantly evolving modus operandi and specific techniques of cyber criminals but also in analysing trends and threats when it comes to the overall criminal patterns as well as the particularities of specific types of crime, including cybercrime and many forms of cyber-facilitated crime."

On the forthcoming Directive on measures for a high common level of cybersecurity (NIS 2 Directive), it states:

"...If introduced, cybersecurity and cyber resilience of the companies in the scope of the proposal, including the whole digital infrastructure, will be increased, however the data in their possession or hosted/administered by them could also become increasingly inaccessible to law enforcement, due to strengthened mandatory encryption.

At the same time, the proposal states that the use of end-to-end encryption should be reconciled with the Member States’ powers to ensure the protection of their essential security interests and public security, and to permit the investigation, detection and prosecution of criminal offences in compliance with Union law. Furthermore, it goes on to outline that solutions for lawful access to information in end-to-end encrypted communications should maintain the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to crime. Thus it remains vital to discuss law enforcement access to data from all relevant angles and in line with all the legislative changes that may have an impact on this ability in the future."

On data stored in the WHOIS system containing information on website owners:

"It is indeed important to assess ways in which law enforcement and other public authorities' access to WHOIS data, at scale and in the appropriate timeframes, could be restored. Relevant authorities could be clearly referenced as legitimate access seekers to better respond to, as well as prevent, major incidents. Providing simple, secure, needs-based access to this (previously freely available) information as speedily as possible needs to be in any case realised taking into consideration fundamental rights including data protection requirements."

For some background on this issue, see: Want to set up a website? The “Five Eyes” want your personal data (Statewatch Analysis, November 2013)

The Presidency also suggested a greater role for Europol in cybercrime investigations:

" Since Europol has an extensive criminal intelligence database in its use, cyber incident related information could be cross-checked with the view to quickly identify potential links with other ongoing investigations and relevant intelligence. Additionally, after successful action against cyber threat actors, law enforcement authorities can facilitate the proactive checking of victims on the basis of the lawfully seized databases."

Cybersecurity exercise: EU CyCLES

NOTE from: Presidency to: Delegations: EU Cyber Crisis Linking Exercise on Solidarity (EU CyCLES) (Council doc. 5131/22, LIMITE, 7 January 2022, pdf)

"Delegations will find in Annexes I and II information on the EU Cyber Crisis Linking Exercise on Solidarity (EU CyCLES) and Summary of the planned sequence of events, respectively."

And: NOTE from: Presidency to: Permanent Representatives Committee: EU Cyber Crisis Linking Exercise on Solidarity (EU CyCLES) (Council doc. 5076/22, LIMITE, 7 January 2022, pdf):

"Delegations will find in the Annex a courtesy translation of the above information note."


Image: Adam Brock, CC BY-NC 2.0

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error