News item | 21-11-2017
Authors: Dr. Kaleem Ahmed Usmani, Head, and Jennita Appanah Appayya, Information Security Consultant, Computer Emergency Response Team of Mauritius (CERT-MU), National Computer Board, Mauritius
Currently, governments are working hard on how to effectively counter threats posed by cybercriminals. While cybercrime evolves, new challenges emerge for traditional regulatory and law enforcement agencies. There is a need to go beyond traditional law enforcement and explore means that predict, prevent and disrupt online criminal activities through an effective capacity building framework. This article describes initiatives on cyber capacity building which have been included in the Mauritian National Cybercrime Strategy.
Introduction
Facing an increase in threats in cyberspace, cohesive and comprehensive policies are essential in building an effective cyber defense. The changing phase of cyber-attacks and sophistication of attack methodologies have presented new cyber security challenges. The need for individuals and organisations to keep pace and be prepared to prevent and respond to these security risks and challenges is growing.
Mauritius recognises the serious threats posed by cybercrime and the necessity to trial cybercriminals. The capabilities of law enforcement agencies need to improve in order to detect, handle and prosecute cybercriminals. Further, the judiciary must advance their understanding in terms of the technicalities and complexities whenever cases are brought before courts. It is therefore imperative to develop a coordinated approach in terms of a National Cybercrime Strategy that would cater to these needs.
The National Cybercrime Strategy of Mauritius provides an insight into what approach the government takes in their fight against cybercrime. It is constructed to provide a swift response to cybercrime through improved law enforcement capability, effective criminal justice framework and active international engagement. In addition, collaboration between all key players in both public and private sectors to safeguard national cyberspace is underlined. Six high priority areas have been identified that will help in strengthening the national response to cybercrime:
Priority Areas:
- The development of an effective legal framework to detect, handle and prosecute cybercrime: This will facilitate the enforcement of new laws with regard to different types of cybercrimes and its prosecution. It would also provide legal practitioners and judicial officers with the capacity and expertise to deal with digital evidence.
- Building capacity to better address cybercrime: The capacity and capability of legal professionals and the judiciary need to be enhanced to deal with the technical aspects of cybercrime such as examination of the digital evidence.
- Cyber Intelligence and Cyber Defence: The value of collecting intelligence about (possible) cyberthreats cannot be under-estimated. To tackle cybercrime, it is important to gather and exchange intelligence from the public, businesses and government agencies.
- Public and Private Partnership: The dynamic participation of the public and private sector is a key component in the fight against cybercrime. Public-private engagement will take a variety of forms and will address awareness, training, technological improvements, vulnerability remediation and recovery operations.
- International collaboration: Cybercrime is an international problem which requires a coordinated and cooperative international response. The aim is to strengthen partnerships against cybercrime by signing multilateral agreements and information exchange.
- Advocacy and public awareness: The public needs to be made aware of possible cyber threats. Education on responsible use of the Internet and the impact of cybercrimes is key.
Capacity Building from the Perspective of Cybercrime Strategy
Capacity building as an approach to cybercrime has a number of advantages. It responds to needs and produces immediate impact, favours multi-stakeholder cooperation and contributes to human development. The National Cybercrime Strategy stresses the importance of building capacity on different levels of the institutions dealing with cybercrime. The proposed recommendations are as follows:
Cybercrime Investigation
The investigation of crimes involving technology requires that new knowledge and skills are acquired by those tasked with the investigation process, usually a law enforcement agency, such as the Mauritius Police Force (MPF). A comprehensive capacity building programme to be developed to enhance the cybercrime investigation expertise within the units dealing with cybercrime under the MPF.
Forensic Examination of Digital Evidence
Forensic examination of digital evidence is a key component in the investigation and prosecution of cybercrime. This process requires trained staff due to its fragile and easily tampered nature. The strategy proposes specialised training programmes in digital forensic skills for police officers. Furthermore, as part of the Global Action on Cybercrime Extended project (GLACY+), the Government of Mauritius, the International Association of Prosecutors (IAP) and the Council of Europe jointly organized the East Africa Regional Conference on Cybercrime and Electronic Evidence. Here, representatives of 12 countries in the region worked to improve international cooperation against cybercrime in Mauritius from 10-12 July 2017.
Cybercrime Assessment Exercises
Cybercrime Assessment Exercises in the form of cybersecurity drills will be carried out to assess and evaluate the capabilities of law enforcement agencies and the other stakeholders dealing with cybercrime. It is also an effective way to join forces in combatting cybercrime at international and regional levels through information sharing, investigation and capacity building.
Educational Campaigns
As part of the “Cyber Smart Programme”, educational campaigns targeting diverse groups in society will be organised to raise awareness on cybercrime issues and the measures required to protect it.
Promotion and Development of Best Practices on Cybercrime
To encourage businesses to adopt practices aimed at promoting secure online behaviour throughout the wider community, the distribution and development of low cost tools will be promoted to help businesses to prevent and detect online threats.
Final Note
Combating cybercrime is a shared responsibility and requires the attention of a broad range of stakeholders to become successful. The Mauritian National Cybercrime Strategy has placed strong emphasis on capacity building to improve law enforcement capability and enhance the criminal justice framework. The implementation of the above-mentioned capacity building programmes on cybercrime will certainly build a better protection framework.
This article first appeared in the fourth issuse of the Global Cyber Expertise Magazine – November 2017
