Inputs from the Octopus Conference 2023

EU CyberNet participated in the Octopus Conference 2023 in Bucharest, Romania, along 500 other cybercrime experts from about 100 countries. A special session focused on ten years of capacity building by the Cybercrime Programme Office of the Council of Europe (C-PROC) which was addressed by Bjørn Berge (Deputy Secretary General of the Council of Europe) and Traian Hristea (State Secretary, Ministry of Foreign Affairs, Romania).

  • By Cecilia Popa, Experts Lead, EU CyberNet

The Octopus Conference, held on 13 to 15 December, 2023, in Bucharest, Romania, brought together over 500 experts and professionals from around the world to delve into critical issues in the realm of cyber space.

Among the various workshops, Workshop 3 focused on the “Automatic Detection of Child Sexual Exploitation and Abuse Materials,” shedding light on the challenges posed by the growing phenomenon of online sexual exploitation and amuse  (OCSEA).

The workshop emphasised the Lanzarote Convention, outlining its objectives and limitations. Interpol’s staggering statistics revealed the immense volume of Child Sexual Abuse Material (CSAM) circulating on various platforms, with 25 million CSAM images being uploaded on YouTube daily and additional content found on various other platforms, and highlighted the challenges posed by encryption and privacy concerns, such as Apple’s plan to scan iCloud and Apple devices for CSAM.

The discussions also emphasised the necessity for international hash sharing and stressed the importance of working collaboratively with both the private sector as well as the general public. Notable initiatives, such as ECPAT Sweden’s Project Arachnid and Child Rescue Coalition’s provision of free software to law enforcement, were showcased. As an example, a national study concluded by ECPAT Sweden revealed that 1 in 5 girls and 1 in 8 boys have experienced the sharing of their nude images online.

Another significant workshop, Workshop 6, delved into the threats and benefits of Generative AI in criminal justice. Participants discussed the OECD’s technological neutral definition of AI and the upcoming Convention on AI, incorporating procedural rights and safeguards. EUROPOL presented a practical toolkit – Accountability Principles for AI (APAI) – set to be available early next year, aimed at ensuring accountability in AI applications. INTERPOL introduced their AI toolkit encompassing seven resources such as guidance documents and practical tools. The intention is to assist law enforcement agencies (LEA) in choosing AI systems effectively for combating cybercrime.

The workshop explored the challenges and legal implications surrounding AI, including the accountability of ChatBots and self-driving vehicles. Questions arose about “legal personhood” for AI and new defense rights against “robot testimony.” The session underscored the need for ethical considerations, limitations, and a comprehensive understanding of the scope of Generative AI within the justice sector.

The third workshop addressed here, Workshop 14, focused on the interplay between cybersecurity and cybercrime. Microsoft data revealed a 23% rise in cyber-related cases, including 4,000 password attacks blocked per second, 156,000 Business Email Compromise (BEC) attempts daily and 1,700 DDoS (distributed denial of service) attacks per day mitigated. There has also been a rise in activities involving nation-state and state-affiliated threat actors, with Microsoft tracking 160 threats attributed to nation-state actors in the past year alone.

Cooperation emerged as a central theme between cybersecurity professionals and law enforcement, spanning inter-agency, private/public, at the national as well as international levels. As per the ENISA report “Cooperation between CSIRTs and LE, CSIRTs interact much more with law enforcement than with the prosecutors and very rarely with the judiciary. CSIRTs also provide support during investigations. However, there is still space for improvement on how CSIRTs should report/inform law enforcement/prosecutors as well as increase the usage of CSIRTs information in criminal investigations and proceedings. Since cybercrime has become a matter of national security, we need to talk about activities that not only react to a crime, but also include prevention and active defence interventions.

Successful partnerships and best practices, such as the collaboration between EU CyberNet, through the LAC4 Center, and Glacy+, as well as the successful inter-regional cyber exercises between CSIRTs and LEA implemented by CyberEast, iPROCEEDS-2 projects were highlighted as exemplars in enhancing Cyber Capacity Building in both cybersecurity and cybercrime.

This workshop also stressed the need for a clear criminal justice regulatory framework for expedited international cooperation and efficient handling of electronic evidence across borders. The 2nd Additional Protocol to the Budapest Convention on Cybercrime and Electronic Evidence was given as a tool for enhanced co-operation and disclosure of electronic evidence.

As concluded by the key messages of this year’s conference “cyberattacks, cybercrime, impunity for crime online, dis-/information, hate crime and hate speech and other cyberthreats contribute to current international crises such as wars, conflicts and insecurity; violations of international law; injustice and human rights violations; or authoritarianism and democratic back-sliding. Therefore, more cooperation, human rights and justice, accountability and effective criminal justice responses are needed.”

Keep reading similar articles
Panel: Cyber Resilience Builds on Situational Awareness, Trainings and Exercising

On 18 June the EU CyberNet’s Training and Services Lead Lauri Aasmann took part of the EuRepoC Conference 2024 “Promises & Pitfalls for the EU’s Cyber Foreign and Security Policy” which focused on the attribution capacities of EU and private actors; emerging hybrid threats; the EU’s role in capacity building; and the intricate relation between critical infrastructure protection and conflict resolution in Europe.

Panel: Awareness-raising is a Complex, Non-linear Process Requiring Sustained and Multi-faceted Efforts, and International Cooperation

Liina Areng, Director of EU CyberNet and LAC4, participated in a panel at the Seminar on Security in the Digital Economy, hosted by Brazil under its G20 presidency in São Luís. The panel focused on raising public awareness about digital security.

Sille Arikas: “What it is often missed is that it’s your own paycheck that is on the line in case of falling victim to a cyber-attack that hinders provision of the services””

Mini-interviews with EU CyberNet experts. Sille Arikas has been part of the Expert Pool for 3 years and has contributed to the work of EU CyberNet.

Panel: Cyber Security Implications for Port Infrastructure and Maritime Systems

EU CyberNet hosted a panel discussion at NATO CCD COE conference CyCon2024 “Over the Horizon” focusing on critical sector service provider’s resilience building.

EU CyberNet Participated in International Discussions on Cyber Capacity Building at UNHQ

This month, Silja-Madli Ossip, the Community Lead of EU CyberNet participated in multiple discussions at the United Nations Headquarters (UNHQ) – Global Roundtable on ICT Security Capacity-Building, OEWG Inter-sessional meeting on cyber threats posed by emerging technologies and a Side-Event on the future of responsible state behaviour in an evolving cyber capacity ecosystem.  

Annual Cyber Project Community Meeting Concluded in Brussels

On 15th May, EU CyberNet hosted the annual Cyber Project Community (CPC) meeting in cooperation with the European Commission’s Service for Foreign Policy Instruments and the European External Action Service (EEAS) to provide for a fora to the EU funded external cyber capacity building projects’ implementers to share information, facilitate cooperation and learn from each other’s best practices.