INTERPOL Cybersecurity & Digital Trust Presentation PDF

Summary

This presentation from Interpol's Cyber Strategy and Capabilities Development, discusses Interpol's role in addressing cybercrime, the challenges it presents, and the importance of international collaboration and public-private partnerships. The presentation details the organization's functions, global reach, and its response to the evolving cyber threat landscape.

Full Transcript

INTERPOL - NTU FlexiMasters in Cybersecurity and Digital Trust
Hello, good day, regardless of what time of the day it is that you are assessing this
presentation. My name is Pei Ling, I'm the Head of Cyber Strategy and Capabilities
Development of the Interpol Cybercrime Directorate. This presentation will cover what is
Interpol, why the organisation exists, the key types of threats it is seeing around cybercrime,
and how they are evolving, why tackling cybercrime requires a collaborative public and private
approach.

I will also be covering how Interpol supports cross-border collaboration against cybercrime and
provide some case studies where applicable. I will also share on what are the elements that
enable a good public-private partnership in our experience in public-private sector
partnerships. Interpol stands for the International Criminal Police Organisation.

We are established in 1923 with the role to enable police around the world to work together to
fight international crimes. Our mission is to prevent and fight crime through enhanced
cooperation and innovation on police and security matters. Our vision is a world where law
enforcement professionals can securely access, share and communicate vital police information
whenever and wherever needed, thereby supporting the security of the world's citizens.

Interpol's global presence comprises two elements, the General Secretariat and our 196
member countries who each maintain an Interpol bureau. First, the General Secretariat is
effectively the headquarters of the organisation. It is responsible for making criminal data
available to member countries via secure communications channels.

It also provides technical and operational support including training to member countries and
operates 24 hours a day, 365 days a year. The General Secretariat comprises the headquarters
in France, the Interpol Global Complex for Innovation in Singapore where I and the rest of my
colleagues in the Cybercrime Directorate are located. The General Secretariat also comprises
six regional bureaus located in Argentina, El Salvador, Cote d'Ivoire, Zimbabwe, Kenya and
Cameroon.

There are also three liaison offices located in Austria for the United Nations Office on Drugs and
Crime, in Barbados to cover the Caribbean and in the Netherlands for Europol. We also have
three representation offices covering the African Union in Ethiopia, the European Union in
Belgium and the United Nations in the United States. The Secretariat is run by the Secretary-
General who oversees its day-to-day work.

The Secretary-General is appointed by the General Assembly for a five-year mandate and may
be re-elected once. Each member country runs an Interpol National Central Bureau known as
NCB staffed by its own highly trained law enforcement officials. The NCB serves as centers
through which international police cooperation is facilitated as well as the essential links
between police in the field and the global law enforcement community.
All NCBs are connected via I-247 secure global communications network that provides access to
all our databases. Typically NCBs sit structurally in the ministry in charge of national law
enforcement and work directly with all domestic police agencies. They also contribute to our
global criminal databases on behalf of their countries and cooperate together on cross-border
investigations, operations and arrests.

NCBs in different countries have different structures, capabilities, authority and are
subordinated to different agencies but they all have one common responsibility to make sure
that national law enforcement agencies are making good use of Interpol capabilities in tackling
transnational crime. Member countries collectively make up our governance which comprises
two main elements namely the General Assembly which is our ultimate decision-making bodies
where all member countries meet annually and a 13-member executive committee elected by
the General Assembly which meets several times a year. Our activities are based around four
global crime programs that reflect the policing concerns of our membership today.

For cybercrime, technology has enabled economic and social growth but the reliance on the
internet makes people vulnerable and creates new opportunities for criminals. The borderless
nature of cybercrime poses challenges for law enforcement and much digital evidence sits with
the private sector. The Interpol Global Cybercrime Strategy strives to make cyberspace safer for
everyone by helping countries to identify cyber attacks and their perpetrators and we do this by
analysing threats, trends and data and connecting the cyber and physical information to locate
perpetrators.

Now unlike other crimes, cybercrime poses unique challenges to law enforcement agencies.
Firstly, cybercrime is inherently borderless. There can be a cyber attack on country A but the
threat actor can be in country B with the criminal infrastructure such as servers located in
country C. Fragmented legislation and regulations can also lead to safe havens and forum
shopping by cybercriminals.

Secondly, the policing model for cybercrime differs from traditional crime types. Victims of
cybercrime often do not go to law enforcement at the first instance hence law enforcement is
often not the first responder. There is also the problem of under-reporting for cybercrime.

Relevant data and expertise often resides in the private sector such as cyber security incident
response teams or CSIRTs, cyber security companies and internet service providers. Thirdly, the
geopolitical element impacts on the effectiveness and efficiency of law enforcement to
effectively undertake actions that prevent, detect, investigate and disrupt the threat actors and
infrastructures. Data sharing and information exchange within the global ecosystems are thus
indispensable to the global fight against cybercrime which transcends geographic boundaries
and are rapidly evolving.

It is crucial for other stakeholders like the private sector to also share information and work
together with law enforcement. Trusted partnerships are the only way we stand a chance
against cybercriminals who are more resourceful and exploitative than ever. This is where
Interpol is unique being neutral and global.

We can be the trusted partner for all, the neutral interlocutor for all countries building on true
partnership with 196 member countries, NGOs, civil society and our private sector partners
under the Interpol's project gateway initiative. The cultivation of open, inclusive and diverse
partnerships with external entities including the private sector underpin the three core pillars
of Interpol's global cybercrime program. The first is cybercrime threat response to develop an
in-depth understanding of the cybercrime threat landscape and to share actionable intelligence
with member countries.

Second, cybercrime operations to lead, coordinate and support our member countries in
transnational operational activities. Third, cyber strategy and capabilities development where
we build trust among stakeholders in the global cyber ecosystem and shape global security by
engaging with international forums in the field of cybercrime. At the heart of Interpol's public-
private partnership to counter the use of information and communication technologies for
criminal purpose is project gateway.

In 2016, attributable intelligence was received by Interpol from a private company on the
structure and actors behind an international criminal network associated with thousands of
online fraud. We accessed and enriched the intelligence and worked with member countries
receiving the intelligence resulting in the arrest of suspects including the head of a large
organized crime network. This successful case sensitized Interpol to the opportunities behind
collaborating with the private sector in cybercrime.

A pilot activity was then officially launched at General Assembly to articulate and strengthen the
operational, legal, technical and procedural frameworks within which Interpol can safely and
securely receive cyber threat intelligence and cybercrime information from external partners
especially those who are not part of law enforcement. Through the pilot activity, temporary
agreements were signed to selected partners from the private sector through which they
shared valuable information with Interpol. This resulted in beneficial operational outputs and
outcomes.

For instance, during the WannaCry ransomware outbreak in 2017, key information was
provided to us within 48 hours which was then circulated via our purple notices to our global
membership to alert them about modus operandi which helped to mitigate the effects of the
outbreak. Subsequently, Project Gateway received approval at our General Assembly in 2019
with the primary purpose to conduct crime analysis using various sources of information and to
produce cyber activity reports to provide leads to respective recipient member countries to
identify threat actors, victims or compromised infrastructure and take the necessary measures.
Currently, Interpol has data sharing agreements with 13 private sector companies.

When considered appropriate to request information through Gateway, requests for
information or RFIs are issued to relevant partners in relation to a particular cyber threat, crime
or actor. If the RFIs and close information including police data originating from a member
country, such information will only be shared with the Gateway partners with the express prior
written consent of the member country. In all cases, information is shared with Gateway
partners only on a need-to-know basis and sharing of information from Interpol is minimized to
what is required for Gateway partners to work on.

Project Gateway operates under a robust legal and governance framework. Firstly, the Interpol
Constitution is the main legal instrument that establishes the fundamental rules and principles
by which the organization operates. Four main principles established by the Constitution
govern Interpol's action in the execution of our mandate, namely national sovereignty, respect
for human rights, neutrality and constant and active cooperation.

For instance, under Article 3 of Interpol's Constitution, it is strictly prohibited for the
organization to undertake any intervention or activities of a political, military, religious or racial
character. Secondly, data processing is regulated by Interpol's Rules on the Processing of Data
or RPD. The RPD governs the functioning of Interpol's police information system and sets the
data protection principles applied by Interpol members in their operations.

The conditions under which police data may be accessed, recorded, published, modified or
retained in the Interpol information system. It also contains provisions on the confidentiality,
security and the control and monitoring of data processing. These rules create a regime that is
independent of the existence of other mechanisms for regional or bilateral police and judicial
cooperation and they apply to all police data sent via Interpol's channels.

In particular, Article 28 of the RPD allows for the establishment of data sharing relations
between Interpol and private entities through the signing of cooperation agreements. Thirdly,
the RPD requires the opinion of the Commission for the Control of Interpol's Files or CCF to be
sought on all draft agreements involving the processing of personal data before these draft
agreements are submitted to the General Assembly for approval. The CCF is an official and
independent body of Interpol that serves three functions.

First, a supervisory function ensuring that the processing of personal data by Interpol is in
compliance with the regulations of the organisation. Second, an advisory function to provide
Interpol with advice about any matter involving the processing of personal data. And third, a
processing function to process requests concerning the information contained in the
organisation's file and information systems.

Now, under the Project Gateway data sharing cooperation agreements between Interpol and
private sector companies, it allowed these companies to contribute directly to our actionable
intelligence outputs and products. These include various global and regional threat assessment
reports that we have produced, some of which you see on screen right now. These include the
Interpol Global Crime Trend Summary Report in 2022 which highlighted that ransomware,
phishing, online scams and computer intrusion, which is hacking, are most frequently
perceived by our member countries as posing high or very high threats globally.
More recently, in April 2024, we published the Interpol African Cyber Threat Assessment Report
which highlighted regional crime concerns including online banking scams, credit card fraud,
phishing and online scams, digital extortion, business email compromise, ransomware and
botnets. Our Asia and South Pacific Cyber Threat Assessment Report published in August also
highlights pertinent crime concerns in those regions where ransomware, phishing, computer
intrusion and business email compromise are main crime concerns. As a result of the private
sector's contribution to Interpol's intelligence output and products that are shared with
relevant member countries, this has resulted in various operational success stories, some of
which you are seeing on screen as summarized information.

First on the top left is Operation Contender 2.0. Now as part of this targeted crackdown on
cyber criminals, eight individuals were arrested in Cote d'Ivoire and Nigeria. This operation
focused on cyber-enabled crimes such as phishing scams targeting Swiss citizens, romance
scams, business email compromise and other cyber threats. Private sector organizations
provided critical intelligence that helped law enforcement agencies such as the Nigerian Police
Force track and apprehend suspects involved in cyber crime.

As the insights and data shared by these companies guided the investigative efforts of local
police. For instance, after a victim in Finland reported a scam, the intelligence from private
partners helped inform the Nigerian authorities about the suspect's methods and potential
connection to other victims. Another example shown in the bottom left is Operation Serengeti.

This operation ran from September to October 2024 and resulted in the arrest of more than
1,000 suspects and the dismantling of over 134,000 cybercrime infrastructures across 19
African nations. The operation targeted various cybercrime activities including ransomware,
business email compromise, digital extortion and online scams, highlighting major cyber
security threats identified in the 2024 Africa Cyber Threat Assessment Report which I made
reference to earlier. Private sector partners in this case also included internet service provider
and gateway partners.

These private sector partners played a vital role by sharing intelligence, supporting analysis,
providing on-site support as well as offering round-the-clock remote assistance to patch
vulnerabilities and secure critical infrastructure for the participating member countries. Now
notably, this operation also included the contribution of Cybercrime Atlas, an initiative with 23
private sector organizations with expertise on cyber security, financial services and open-source
intelligence. This initiative is a product of the World Economic Forum Partnership Against
Cybercrime, another public-private partnership and the initiative conducts open-source
research to gain insights into the cyber criminal ecosystem by mapping their operations,
networks and infrastructures.

Next on the top right, Operation Synergia which ran from September to November 2023
involving 60 law enforcement agencies from more than 50 Interpol member countries. In this
operation, gateway partners provided analysis and intelligence support throughout the
operation and this demonstrated how cyber security is most effective when law enforcement,
national authorities and private sector partners cooperate to share best practices and
proactively combat cybercrime. Last but not least, in the bottom right, the Grandorero malware
operation involving a banking Trojan that has been a major cyber security threat in Spanish-
speaking countries since 2017.

Brazil and Spain conducted independent investigations by collecting the malware samples and
sought support from Interpol which coordinated the analysis of the samples with our private
sector partners. The analytical reports had identified matches between samples allowing law
enforcement to close in on the organized crime group and resulting in the arrest of
programmers and operators behind the malware. Now all these and other successful
operational examples are available on the open source domain in the Interpol website.

I would like to share on our experience running the Project Gateway Data Sharing Cooperation
Framework by highlighting some elements for an effective public-private partnership from our
perspective. Firstly, an effective partnership would require periodic review of the partnership
framework and the monitoring of key indicators. When legal, policy and procedural issues
relating to the partnership are uncovered, for instance on the partner onboarding process or
on data sharing policies, these issues must be resolved promptly.

Otherwise, there will be significant impediments to existing and future partnerships which will
have a substantial negative effect on the cyber capabilities of Interpol's global membership.
Since our ability to receive information from gateway partners to produce comprehensive and
actionable intelligence to drive law enforcement operational activities would be reduced due to
these issues. Secondly, as building relationships and trust takes time, it is crucial to allocate
adequate resources such as manpower and funding to maintain, monitor and develop the
partnerships to ensure that the strategic and operational ties remain warm.

Thirdly, it is important to remember that public-private partnerships should address the
interests of both parties. Thus, enhancing reciprocity in information sharing, exchange and
feedback would encourage active information sharing and trust building. Examples would
include having regular meetings and communications, both formal and informal, with both
working level contact points and C-suite management to facilitate two-way information sharing.

This will enable the building of muscle memory needed to provide immediate support when
specific urgent cyber threats arise. Fourthly, enhancing formal and informal recognition of
partners' contribution would increase goodwill between both parties, incentivize further
information sharing and encourage new and potential partners to join in. Examples will include
promoting joint activities through mainstream and social media publicity or holding
appreciation events for partners or having dedicated web pages to create awareness of these
partnerships.

Last but not least, having a diverse portfolio of partners in terms of the geographical, regional
and business sector representation would create a wider network that can better support the
strategic and operational needs of Interpol and in turn our global law enforcement community.
Well, we hope that these learning points from the Gateway experience will provide some fruit
for thought in terms of some relevant elements for an effective public-private partnership.
Aside from sharing the Interpol Project Gateway framework as an example of public-private
partnership, I'd like to take the opportunity also to point you to some other resources relating
to public-private partnerships.

The first one is the World Economic Forum's white paper on disrupting cybercrime networks.
Now this white paper is based on desk research workshops and in-depth interviews of experts
from the WEF, Partnership Against Cybercrime and the wider community. The white paper
analyzes key factors contributing to successful operational collaboration.

First, on incentives for collaboration, these can include tangible impact such as a reduction in
the number of cybercrime incidents and opportunities for public recognition of private sector
partners' contributions to enhance their reputation and brand trust. Partners also require
regular feedback to demonstrate the impact of their involvement. On organization and
governance, effective collaborations need to establish clear processes and governance
structures that balances security with flexibility.

These include establishing strict protocols for data management and information security to
protect sensitive information and maintain trust between participants. At the same time,
collaborations need to maintain flexibility in operational areas such as strategic decision-
making, resource allocation and partner engagement to be able to adapt to emerging threats.
Establishing clear processes and standard operating procedures for all activities helps to
ensure consistency in data management and partner behavior which helps to mitigate risks
and build trust within the partnership.

On resources and expertise, these include technology, skilled professionals from a range of
disciplines, clear communication channels and access to legal and policy expertise. Examples of
resources and expertise needed in a collaboration will include threat maps that help to
understand how specific tactics are employed by cyber criminals, data feeds that provide
continuous automated streams of actionable intelligence and legal protocols that facilitate data
sharing, define rules of engagement and support cross-border collaboration. This white paper
also provides recommendations to foster clear incentives for collaboration, establish effective
governance and operational structures and to invest in resources and expertise in order to
establish and scale operational collaborations aimed at disrupting cyber criminal networks
globally.

So I will encourage everyone to go take a look at the white paper which also gives some other
examples of effective partnerships such as the Cyber Threat Alliance or CTA. Next, the Institute
for Security and Technology or IST also partnered with the Global Forum on Cyber Expertise or
GFCE to publish a report on public-private partnerships to combat ransomware. This report
examines three public-private partnership models including success factors and challenges.
So the three case studies are namely Europol's European Cybercrime Centre or EC3, the United
States Cybersecurity and Infrastructure Security Agency's Joint Cyber Defence Collaborative or
JCDC as well as the IST's Ransomware Task Force. By examining success factors and challenges
under these three partnership models, best practices in public-private partnership will include
the four key themes of having broad and appropriate stakeholder management which will
allow for diverse perspectives and ensure that the partnership can address multifaceted
challenges of ransomware. Next, effective information sharing in both directions is crucial
because private sector organisations often have valuable information about threats and
vulnerabilities that can help governments understand the evolving threat landscape and
respond more effectively.

At the same time, governments can share information about criminal tactics and techniques
that can help the private sector organisations protect themselves from attacks. Next, on trust
building. Partners who need to feel confident that they can share information openly and
honestly without fear of repercussions.

This requires transparency, open communication and a commitment to confidentiality. Last but
not least, on navigating practical challenges, partnerships often face bandwidth and resource
limitations, knowledge gaps and the time-intensive nature of building trust. Hence, it is
important to acknowledge these challenges and to develop strategies to address them.

So similarly, I will also encourage everyone to go through this report which also provides a
roadmap for creating successful public-private partnerships, outlining clear steps to establish
effective collaborative efforts to counter evolving cyber threats such as ransomware. This
brings me to the end of my presentation. I thank you for your attention and I hope that my
presentation has given you a greater appreciation and understanding of the effectiveness and
the importance of public-private partnerships in ensuring cyber security and in combating
cyber crime.