In the world of today, increasing number of attacks against computer systems and data is a growing concern for both cyber security professionals and the law enforcement. Attacks against critical infrastructure, whether government-owned or private, represent particular concern for both communities. The growing threat of cybercrime is further exacerbated by difficulties of accessing and securing electronic evidence, especially if information vital for criminal investigations is in the hands of private companies. However, even where realization of these threats and challenges by policy makers and professional communities is as strong as ever, successful response to these is often hampered by lack of coordination and common approaches between cybersecurity and law enforcement communities to what should be the ultimate common goal – ensuring safer cyberspace for all.

It is recognized that sometimes the key to cooperation is readiness to exchange information between various national counterparts, such as cybersecurity community and investigative authorities, in order to initiate or support ongoing criminal investigations. There are numerous sources from which this information may come, both national and international, such as national exchange of information between industry, critical infrastructure and government on incidents and crimes, international databases run by global cybersecurity companies, open-source intelligence, exchange of data and intelligence between CSIRT teams, online incident/crime reporting frameworks, possibilities to submit and support evidence from different media/social networks, and many other opportunities. The methods and toolkits used by CSIRTs in putting this data into action is another important aspect of their work that needs to be known to the law enforcement in terms of similar handling of electronic evidence in criminal investigations.

The Seminar on Computer Security Incident Response Team Regulations and Operational environment, held in Minsk, Belarus, on 5-7 July 2017 under the Cybercrime@EAP III project, was an opportunity to demonstrate the need for cooperation between the law enforcement and cyber security community, and to establish partnerships to get access to data held by private companies. The seminar encouraged the participants from state agencies and private sector of Belarus to use common approaches and methods for processing electronic evidence in both cybersecurity incident handling and criminal/financial investigations on the basis of internationally accepted standards, such as the Council of Europe Convention on Cybercrime.

• Agenda
• Cybercrime@EAP III project webpage