25-29th September 2023
A regional scenario-based exercise aimed at CERT-LEA cooperation
Co-organized by GLACY+, iPROCEEDS-2 and OCWAR-C projects with the support of the Attorney General’s Office of Mauritius and CERT Mauritius
In the world of today, the increasing number of attacks against computer systems and data is a growing concern for both cyber security professionals and law enforcement. Cybercrime of today is driven mostly by financial gain and thus rapid detection and action are often a necessity to identify and minimize damages from the criminal activity.
The growing threat of cybercrime is further exacerbated by difficulties of access to and securing of electronic evidence, especially if information vital for criminal investigations is in the hands of private companies and is found beyond national borders. However, even where realization of these threats and challenges by policy makers and professional communities is as strong as ever, successful response to these is often hampered by lack of coordination and common approach of these communities to what should be the ultimate common goal ensuring safer cyberspace for all. In the West African region, the OCWAR-C project working in cooperation with GLACY+ has identified this as a major challenge facing the region.
To address this, the Council of Europe, through its capacity building projects have organised a series of scenario based exercises that help address challenges in cooperation and coordi-nation of incidents related to financially motivated cybercrimes. Although these series were very well received only a limited participation from the ECOWAS region and more broadly from Africa was achieved. Hence OCWAR-C and GLACY+ project teams are envisaging all pertinent country teams from ECOWAS region and selected countries from the rest of the African continent to take part in this exercise to improve their understanding of the challenges faced in these types of cases both at the national and international level, and in order to benefit from the scenarios training developed.
Under this activity, a scenario will be delivered which is focused thematically on cooperation between the cybersecurity community (primarily CSIRTs) and law enforcement (LEA) and sees teams handling and investigating a malware attack orchestrated by a criminal group. The activity is to be held in close cooperation with two technical partners, USOM CERT Türkiye and CERT Mauritius and will see discussion on cooperation between CSIRT and law enforcement communities based around the case at hand, leading to investigative action as well as incident management steps that will both be progressed as the incident progresses.
In order to enhance the readiness of the region such regional exercises need to be organised regularly and should require the participants to:
– Detect and identify cyber security incidents and/or potential cybercrimes
– Follow the money and criminal proceeds
– Apply OSINT, malware analysis and digital forensics skills to identify potential perpetrators and collect potential intelligence and evidence
– Coordinate activities and recover data necessary for criminal investigation and prevention of further incidents.