This is an overview of national cybercrime strategies, presented at the INTERPOL ASEAN Cyber Capacity Development Project’s (ACCDP) Decision Makers Meeting. It reviews best practices in developing national cybersecurity and cybercrime strategies, key pillars to consider, the life-cycle of the strategy process, stakeholders to engage, and best practices.
1. Overview of National
Cybercrime Strategies
Benjamin Ang, Head Cyber Homeland Defence
Centre of Excellence for National Security, RSIS, NTU
twitter.com/benjaminang
2. Cybercrime or Cybersecurity?
Cybercrime Strategy
• Crime prevention
• Criminal justice policies,
programmes, and practices
Cybersecurity Strategy
• Objectives e.g.
• Protecting Critical Infrastructure
• Building public awareness
• Building a skills ecosystem
• Building international ties
• Action plans and the
responsibilities of institutions
4. 4
Cybercrime and Cybersecurity are linked
• Laws against misuse of ICTs
• Policies supporting cooperation between government
authorities, the private sector and citizens
• International cooperation and coordination
• Building technical protection systems
• Education of users
http://www.itu.int/ITU-
D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf
5. 5
Strategies contain
• Context – why the strategy is needed
• Objectives – goals
• Scope – what it covers; what and whom it impacts
• Priority actions – for allocation of resources
• Expected outcomes and evaluation mechanisms – how
to know if you have succeeded
6. Example of Scope question: Definition?
Cyber-enabled crime
• Fraud / bank robbery
• Blackmail / extortion
• Child pornography
• Money laundering
• Terror financing
• Hate speech, incitement
• Intellectual Property theft
Crimes against computers
• Illegal access – data breach,
espionage
• Illegal interception
• Data interference– virus,
ransomware
• System interference – DDOS
http://www.itu.int/ITU-
D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf
7. 7
Life Cycle of Strategies
Initiation
Stock taking
ProductionImplementation
Monitoring
8. 8
Life Cycle of Strategies
Initiation
Stock taking
ProductionImplementation
Monitoring
Source: ITU. (2018). A Guide to Developing a National
Cybersecurity Strategy , p. 17.
9. 9
Life Cycle of Strategies
Initiation
Stock taking
ProductionImplementation
Monitoring
10. 10
Life Cycle of Strategies
Initiation
Stock taking
Implementation
Monitoring
Production
11. 11
Life Cycle of Strategies
Initiation
Stock taking
ProductionImplementation
Monitoring
12. 12
Life Cycle of Strategies
Initiation
Stock taking
ProductionImplementation
Monitoring
13. 13
Principles for an effective strategy
• Flexible and innovative – explore new methods, tools
• Build resilience – what happens after the crime
• Look beyond institutions –
• Work across divisions
• Work across government
• Work across nations
https://magazine-the-european.com/2018/06/21/a-european-
strategy-to-counter-cybercrime/
14. 14
Cooperation and complementarity:
European Cybercrime Centre (EC3)
• Joint Cybercrime Action Taskforce (J-CAT) against
transnational cybercrime
• 20 successful largescale operations
• December 2016 ops on users of Distributed Denial of Service
(DDoS) cyberattack tools in 13 countries: 34 arrests, 101
suspects interviewed, multi-language prevention campaign
https://magazine-the-european.com/2018/06/21/a-european-
strategy-to-counter-cybercrime/
15. 15
Pillars of an effective strategy
– get help from other sectors
Legal
• Laws
• Procedure
• MLA
Technical
• Methods
• Standards
Organization
• Prevention
• Detection
• Response
Capacity
• Skills
• Awareness
International
• Cooperation
http://www.itu.int/ITU-
D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf
16. 16
What about developing countries?
Lack resources
Insecure systems
Breach by
cybercriminals
Connected to
developed st
Cybercriminals
cross over
17. 17
How developed countries could help
Share resources
Make systems
secure by design
Share
information
Joint operations
Prevent
cybercrime
18. 18
Examples
• UK Home Office Cyber Crime Strategy
• https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/228826/7842.pdf
• Royal Canadian Mounted Police Cybercrime Strategy
• http://www.rcmp-grc.gc.ca/wam/media/1088/original/30534bf0b95ec362a454c35f154da496.pdf
• Singapore National Cybercrime Action Plan
• https://www.mha.gov.sg/docs/default-source/press-releases/ncap-document.pdf
19. Singapore’s National Cybercrime Action
Plan
Four key principles
• a) Prevention is key;
• b) Agile responses are needed
to combat the evolving threat of
cybercrime;
• c) Our criminal justice system
must be robust and supported
by effective laws;
• d) Combating cybercrime is a
shared responsibility.
Four key priorities
• a) Educating and empowering the
public to stay safe in cyberspace;
• b) Enhancing the Government’s
capacity and capability to combat
cybercrime;
• c) Strengthening legislation and
the criminal justice framework;
• d) Stepping up partnerships and
international engagement.