Cybercrime Training Competency Framework

While opinions on the various aspects of cybercriminality differ , there is a common understanding that it is a growing phenomenon that is transnational in nature and increasingly includes organised crime elements .

Whether a computer network is the target of a cyber-attack or technology is used by criminals to carry out their activities, cybercrime can be seen as an unwanted by-product of technological advancement and the way technology is being used by modern day society.

Internet penetration in Europe is currently at an estimated 68.6% , which provides increasing opportunities to commit crime that is facilitated, enabled or amplified by the Internet. As a consequence, technology plays an increasingly important role in investigation and prosecution. This is also manifested by the fact that almost any type of crime now has a technical or digital element.

Strategic products such as the Europol European Cybercrime Centre (EC3) Internet Organised Crime Threat Assessment (iOCTA) report and threat reports from the private sector highlight the significant impact of cybercrime on our society.

Given its transnational nature, combating cybercrime requires a multi-stakeholder approach, including working with partners in industry and academia.

Investigating cybercrime is often a learning-by-doing process , and actors in LE and the judiciary at any level need to be fully equipped to be effective in the fight against cybercrime. This translates into a significant and growing demand for cybercrime skills and expertise within investigation and prosecution, which has been recognised at an EU level. Consequently, capacity building is one of the priorities of the EU in fighting cyber-criminality.

Investigation and prosecution need to be strengthened to address the abuse of technology by criminals; cybercrime typically crosses various jurisdictions and therefore requires cross-border cooperation. There are many actors in investigation and prosecution that play a role in this context; those actors currently do not appear to be adequately prepared for effective action.

Moreover, one of the main issues spotted is the rapid evolvement of the technologies; both LE and judiciary are often followers in their daily work: there is the need for a more proactive rather than reactive approach.

Several documents describe the issues around cybercrime and the need for a solid build-up of capacity to tackle it; there is a need to coordinate the various initiatives undertaken by different organisations in a more efficient way. The Commission Communication on the Internal Security Strategy places high priority on cybercrime; it can be anticipated that the new Internal Security Strategy 2014 – 2020 will pay the same or a higher level of attention to cybercrime; meanwhile, the Joint Communication by the European Commission and the European External Action Service comprises the internal market, justice and home affairs and foreign policy aspects of cyberspace issues. The iOCTA highlights how cyber-criminality is rapidly evolving and identifies a set of key recommendations.

The strategies specify a number of priorities that aim to improve the security of IT systems, reduce cybercrime and establish an international cyberspace policy for the EU. It is therefore necessary to tackle the phenomenon of cybercrime from different angles and in a multi-disciplinary, horizontal manner: internal and external EU policies will be affected; the relevant stakeholders need to be prepared and plan ahead.

CEPOL, Europol's EC3, ECTEG, EJTN and Eurojust have been taking joint steps in aligning their strategies on capacity building in the area of combating cybercrime under the EU Policy Cycle. This document serves as proof of the coordination among these stakeholders.

Other relevant stakeholders include the Council of Europe (CoE) which focuses on a number of topics related to prosecution, the admissibility of electronic evidence and first responders . Another example would be the United Nations Organisation on Drugs and Crime (UNODC) which published a comprehensive study on cybercrime capacity building in 2013 . The European Law Academy (ERA) deals with cybercrime legal studies and holds seminars and conferences on a regular basis.

There is a need for an overview of the necessary competencies, skills and expertise of the key actors involved in combating cybercrime, with a view to supporting the improved coordination and harmonisation of cybercrime training and education for LE and the judiciary in EU MS in a sustainable manner.

According to the Operational Action Plan (OAP) 2014 within the EU Policy Cycle in the areas of cyber-attacks and non-cash payment frauds, the objective of this document is to identify the required competencies of the relevant actors in LE and the judiciary in the MS, and to assess the corresponding training and education needs.

The above objective will help to take the next action aiming at more coordination with the creation of a governance model on cybercrime awareness, training and education, which is an operational action item proposed for 2015. The main actors will work together to agree on a model that can ensure sustainability and effectiveness.

The concerted action will aim to improve effectiveness and provide added value to LE and judiciary in their fight against cybercrime.

The following constraints had to be considered during the development of the original TCF:

• The feedback received from the judiciary was not sufficient enough to allow for a detailed development of the set capacities required in this area. This could also point to a gap between investigation and prosecution in the area of cyber-criminality

• Responses to the questionnaire were received from 22 EU MS.

While developing the TCF, the following main risks were identified:

• Different languages; although English is widely spoken among the actors involved in the fight against cybercrime, language barriers still exist, hindering the harmonisation of training activities;

• Due to the rapid evolvement of technology, elements of the TCF may become outdated;

• Public-private partnerships are often based on the needs of the training organiser and not on aligned strategies in the area of capacity building;

• The network of Centres of Excellence is not as widely spread as it could be; coordination could be further improved with a view to avoiding possible overlap between the Centres ;

• The lack of financial and human resources invested in capacity building and training impedes concrete coordination and the sustainability of strategies in those arenas;

• The lack of qualified trainers and standardised training courses may hinder the process of international cooperation in cross-border cases;

• The lack of a harmonised legal framework hinders the process of common understanding of what cybercrime is (e.g. the non-harmonised approach in the chain of e-evidence).

The main benefits of the TCF can be described as follows:

• Development of a framework that specifies the skills and expertise required by the various actors involved in the fight against cybercrime. Improvement of public-private partnerships and supporting of standardisation, certification and accreditation;

• Providing support for the coordination and realisation of synergies amongst all organisations active in the field of cybercrime training and education, identifying opportunities and possible risks, gaps to be filled, and improving effectiveness to fight cybercriminality at the EU level;

• Having a framework to help minimise any overlap in the area of training and capacity building and to ensure the most effective use of budget and resources.

The following activities are considered out of scope:

• Overview of the different legal systems in EU MS;

• The specifics around organising and delivering training courses;

• An assessment of the skills and competencies needed by actors in non-EU countries, although some references will be made to projects and initiatives carried out outside the EU;

• A comprehensive training needs assessment and gap analysis based on the competencies identified in this document (OAP 6.2 cyber-attacks – 2014);

• Development of training courses (OAP 6.3 cyber-attacks – 2014).

The TCF will be taken into consideration for further development work at strategic and operational levels within the EU, particularly in the areas of training needs assessments and the development of a governance model to allow for a more sustainable and harmonised approach to capacity building at EU level.

The key LE actors involved in cybercrime investigation were identified through an analysis of the input provided by MS via questionnaires. These created a basis for moderated discussions at the workshops that took place during the ECTEG meeting in May 2014. As an outcome of the workshops, a set of competencies and skills was identified for each role.

The judicial profiles are the outcome of the discussions initiated during the working group hosted in Budapest in January 2018. Afterwards, the Criminal Justice Sub-Working Group of EJTN, which took place in March 2018, approved the driving role of EJTN in conducting trainings for judiciary.

An updated version of the TCF with the four new profiles and relevant competencies and skills has been finalised in March 2018.