Education and research in the area of cybercrime · • Police – sharing of knowledge and tools,...
Transcript of Education and research in the area of cybercrime · • Police – sharing of knowledge and tools,...
Education andresearch inthe areaof cybercrime
VáclavStupkaCzechCyberCrimeCentreofExcellence
Why it all started?• Demand for research anddevelopment intheareaof cybercrime
• MasarykUniversity– Instituteof law andtechnology&CSIRT-MU– Instituteof computer science– Faculty of Informatics– Faculty of social science– etc.(ad-hoccooperation)
• Focusontechnologylaw(ICTlaw,dataprotection,intellectualpropertylaw,energylaw,etc.)
• Longtermcooperationwithpublicauthorities• Expertiseintheareaofcybercrime&cybersecurity
• http://cyber.law.muni.cz
Instituteoflawandtechnology
CSIRT-MU• ComputerSecurityIncidentResponseTeamofMasarykUniversity
• PartoftheInstituteofComputerScience• AccreditedbyTrustedIntroducer• LongtermexperiencewithR&Dinthefieldofnetworksecuritymonitoring
• http://csirt.muni.cz
Howitallstarted?• Cooperation(CSIRT-MU,ILT,RAC&partners)• Growingdemandforexpertadvices• Abilitytofindcommonlanguage• EstablishmentofC4e– ECDGHomeproject(2013)
• https://www.C4e.cz
Whatdowedo?• Cooperation• Research• Education• Development• Consultations
Cooperation• Whattofocuson?• Whatdowe(orsomeoneelse)alreadyknow?• Whatcanweprovide/share?• Howcanwecollaborate?
Internationalcooperation• Europol (EC3)
– taxonomy,– lectures forLEA
• ENISA– taxonomy– sharingofknowledge
• NATO– taxonomy,– studyprograms
• UN– sharingoftoolsandknowledge
• TF-CSIRT– sharingoftools,knowledge,bestpractices,etc.
• Nationalresearchandeducationinstitutions– ad-hoccooperation,researchprojects,sharingofknowledgeandtools
Nationalcooperation• NationalSecurityAuthority
– sharingofknowledgeandtools– trainingandeducation:coursesandexercises(CyberCzech)– attendance atexercises: LockedShields,CyberEurope,EDA
• Police– sharingofknowledgeandtools,consulting– trainingandeducation– cooperationwithPoliceacademy
• ArmyandMinistryofDefense– consulting
• Intelligence services– Consulting
• MinistryofInterior– Researchanddevelopmentprojects(KYPOlatertoday,SABU– sharingofcybersecurityeventsdata)
• Judicialacademy,Publicprosecutorsoffice,Judges– Trainingandeducation,consulting
• Expertboardoncybercrime andcybersecurity– Whattofocuson?
Cooperationwithprivateentities• Attendanceatconferencesandworkshops• Expertopinions• CERITsciencepark
Research• Legal– Substantiveandprocedurallaw– Whatisandshouldberegardedtoasthecybercrime?– Whatproceduresareandshouldbefollowedduringinvestigation?
– Howtoinvestigateit?– Howtohandleevidence?– Howtocooperateinternationally?– Howtocooperatewithprivateandpublicauthorities?
• Focusoftheresearchisdiscussedatthemeetingoftherectorsexpertadvisoryboard.
Education- national• Lecturesandtrainings
– Judicialandpoliceacademy(cybercrimeinvestigation,digitalevidencehandling,intellectualproperty,dataprotection)
– Ad-hoctrainings(forinvestigators,experts,publicprosecutors,etc.)
– KYPOhands-ontrainingandexercises(sysadmins,CSIRTmembers)
• Bachelordegree(ICTsecurity)withUniversityoftechnology
• Mastersdegree(Cybersecurity– interdisciplinaryandlaw)• Doctoralstudyprogramme
Education- international• Jointdoctoraldegree– withUniversityofHaifa
• Mastersstudyprogrames NATO(MultinationalCyberDefenseEducationandTrainingProject)
• Ad-hoccoursesandtrainings– NATO
Education- regularevents• Seminars:– iSysel– Cybercake
• Conferences– Cyberspace– Czechlawandinformationtechnologies
• SummerschoolonICTlaw
Development• Tools,• methodologies,• bestpractices.
Forensictools• Networkandhostforensics– Trafficreconstruction– Automatedfirstsightoverview
• Honeypots• Digitalforensiclaboratoryexaminationandmanagementsystem
• Tutorialsforusers&virtualimagewiththetools
TaxonomyofCSI• ToolforCERTteamsandLEA• PreparedincooperationwithNSAandPolice,alsopresentedanddiscussedatENISA/Europolmeetings
• Individualtypesofcybersecurity incidents– Isitcrime?(czech lawandCoC)– Whotonotify?– Whatinformationtoshareandwithwhom?– Howtoproceed?– Howtohandleevidence?
Guidebookondigitalevidenceincriminalproceedings
• Generaloverviewofczech procedural lawrelatedtodigitalevidencehandling
• Guidanceforhandlingofspecifictypesofevidence:– Email– Personalprofiledata– Website– Trafficandlocationdata– Interceptionrecords– Mobiledevices– Cybersecurityincidentsdata
BookonInterceptionanddataretention
• Analysisofthelegislatureandcaselawrelatedtointerceptionofelectroniccommunication
• Comparisonwithforeignapproaches• Liablility ofserviceproviders• ProceduraltoolsforLEA• Proceduraltoolsforinternationalcooperation• PartofstudyfromMaxPlanckInstitute
Plansforthefuture?• SENTER– followup projectfocusedon:StrengtheninternationalcooperationofCoEs
• Internationalresearchprojects(H2020)• MasterswithNATO• CyberOlympics– Estonianledinitiativeforhighschool student(participation)
• Doctoralstudies(withpublicauthorities)• Growthofthecenter– morespecializedlabs• Methodologiesbasedonthetaxonomy