The European Network and Information Security Agency (ENISA) has published a good practice guide on the cooperation between law enforcement agencies and Computer Emergency Response Teams (CERTs).
The study highlights the fact that there are certain cultural, legal, operational and regulatory barriers that prevent an efficient collaboration between CERTs and law enforcement.
For instance, one of these barriers is caused by the fact that law enforcement authorities (LEAs) act when they suspect that a crime has been committed. On the other hand, CERTs focus on addressing information system problems, and they’re more technical and informal compared to LEAs.
In order to address such issues, ENISA recommends the harmonization and clarification of legal and regulatory aspects, good practice development, improving structures to support the sharing of information, training, and facilitation of collaboration.
“Computer Emergency Response Teams and Law Enforcement Agencies cover crucial but different aspects of cyber security,” Executive Director of ENISA Professor Udo Helmbrecht noted.
“Cooperation between them is vital to properly protect our digital citizens and economy. However, until now little research was done on how to connect these two areas. This study contributes to better fighting cybercrime by identifying the collaboration challenges, and ways to overcome them.”