Supporting the fight against cybercrime: ENISA reports on CSIRTs and law enforcement cooperation

Back to News

News Item Dec 15,2017

ENISA publishes today two reports on “Tools and Methodologies to Support Cooperation between CSIRTs and law enforcement” and “Improving Cooperation between CSIRTs and law enforcement: Legal and Organisational Aspects”.

These reports address the technical, legal and organisational aspects of the cooperation between Computer Security Information Response Teams (CSIRTs) - in particular national/governmental CSIRTs - and law enforcement agencies (LEAs) and provide recommendations to help them cooperate closer in the fight against cybercrime.

The data collected for these reports confirms that CSIRTs and LEAs often exchange information during an incident handling/investigations, both formally and informally and that trust is the key success factor in their cooperation. Other findings of these reports are:

  • The information sharing between CSIRTs and LEAs happens more ad-hoc than in a systematic manner;
  • CSIRTs and LEAs have different objectives and ways to collect and process information. However, there is an increased reciprocal understanding of needs between the two communities;
  • CSIRTs and LEAs face some challenges when they cooperate; these challenges are of more legal and organisational essence than technical.

The data for these reports were collected via desk research, subject-matter expert interviews and an online survey.

To enhance CSIRT-LE cooperation, among others, the following is proposed:

  • Build and maintain a centralised repository of tools and methodologies, forms and procedures, used for the cooperation between CSIRTs and LEAs in the EU;
  • Place liaison officers on both ends;
  • Further invest in CSIRT-LEA training and skills development.

For full reports:

Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement: https://www.enisa.europa.eu/publications/tools-and-methodologies-to-support-cooperation-between-csirts-and-law-enforcement

Improving Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects: https://www.enisa.europa.eu/publications/improving-cooperation-between-csirts-and-law-enforcement

For further information

For more information on these reports, please contact: CSIRT-LE-cooperation@enisa.europa.eu

More on ENISA’s activities in the area of CSIRTs and communities: https://www.enisa.europa.eu/topics/cross-cooperation-for-csirts 

 

 

Contact

For press questions and interviews, please contact:
press@enisa.europa.eu.

Access to the press office