CyberCrime and Cybersecurity a Romanian perspective with regional influences

1
Cyber-Crime and Cybersecurity- a Romanian
perspective with regional influences

• Bogdan Manolea
• Association for Technology and Internet APTI
  Romania
• 16 November 2006

2
Background

• Cybercrime a problem that comes with the
  Internet
• Impact to business and citizens
• Foreign investors
• Press reports
• Cybersecurity
• Secure ITC networks and services
• Private sector
• Public sector
• Home users

3
Situation in Romania - 2002

• Internet penetration 10
• Cybercrime a big problem
• no. 4 in the source of Internet fraud according
  with IFCC Internet Fraud Complaint Centre
• No specific penal law related to
  computer/Internet
• No expertise within police or other law
  enforcement i
• Limited cybersecurity activities (initiated by
  the private sector)
• No credit card processors Internet banking
  solutions
• Blacklisted by a number of sites

4
Situation in Romania - 2006

• Internet penetration 25
• Cybercrime under control
• no. 9 in the source of Internet fraud according
  with IFCC Internet Fraud Complaint Centre
• Cybercrime law in force
• Special police forces all over the country
• Increased cybersecurity activities
• Two local credit card processors, implementation
  of the 3D secure standard 25 e-banking
  solutions
• Only a few sites still blacklist Romanian users

5
What happened 2002-2006

• Law 161/2003 cybercrimes (now in the Penal
  Code)
• Creation of specialized units for Police and
  Prosecutors
• Creation of a local Guide on how to implement the
  cybercrime law
• Trainings and equipments for Police squads
• Basic cybercrime trainings for Prosecutors and
  Judges
• Collaboration between Ministry of ITC and
  Ministry of Internal Affairs and Ministry of
  Justice
• Launching of the efrauda.ro portal

6
Efrauda.ro
7
Romanian Cybersecurity activities

• Special focus within the Ministry of
  Communications and Information Technology
• Helping the adoption of the standard 17 799
  Best practices in Information Security - as a
  national standard
• Information security courses based on the 17
  799 Standard for public servants from the IT
  departments
• E-banking based on Information Security audit
• Raising awareness on a CSIRT (Computer Security
  Incident Response Team) entity in Romania.

8
Tackling Cybercrime

• Identify the problems
• Establish the strategy and involve the key actors
• Included in the cybersecurity strategy
• International support
• Set-up the legal framework
• International conventions Cybercrime CoE
• Identify new crimes
• Workgroup with different actors
• Share the draft and make public debates
• Adapt international activities to your own
  specific situation
• Create adequate data protection standards

9
Implementing the legal framework

• Plan the implementation process before the law
  has been adopted
• Awareness - law requirements sanctions
• Press campaign
• Guide on how to implement the law (for law
  enforcement authorities general public)
• Create the expertise withing Police, Prosecutor
  and Judge Departments
• Specialization could bring significant effects
• High-tech equipment and training can be obtained
  from international donors
• International cooperation

10
Implementing the legal framework

• Simple ways of reporting
• Public website maintained by authorities
• Transparency and effectiveness issues
• Establish collaboration relationships between law
  enforcement and ISPs
• Work together from the strategy
• Reach a common point of view on the legal
  procedure in a cybercrime case
• Discuss the data retention issues
• Don't just copy the EU directive, implement it
  according to your own specific situation
• Awareness for young IT media

11
Cybersecurity

• Designate a public body that should deal with
  this issue on the policy level
• Raise awareness on cybersecurity problems
• For private sector, specific IT security
  conferences with participation of the Government
  experts
• For public sector, special trainings for IT
  departments
• Discuss the creation of a CSIRT Computer
  Security Incident Response Team
• High level IT security expertise for public
  sector
• It can be used in judicial procedures

12
Cybersecurity

• Adopt the Information Security standards as
  national standards
• Get involved in the regional and European IT
  security forum
• ENISA European Network And Information Security
  Agency - http//enisa.europa.eu/
• Encourage the private sector in adopting IT
  security standards
• Possible self-regulation activities
• Include privacy issues collaboration with the
  Data Protection Authority

13
Questions ?

• Bogdan Manolea
• Executive Director
• APTI Association for Technology
• and Internet
• Bucharest, Romania