Virtual simulators part of toolkit that Mailis Pukonen wants 144,000 law enforcement officials to harness

“We cannot afford to continue business as usual,” said the European Commission’s director for security during the launch of the EU’s cybercrime academy in June 2019.

The CEPOL Cybercrime Academy (CCA), which can accommodate 100 learners at any one time, was “one important step” towards making “law enforcement action fit for today’s reality”, added Laurent Muschel at CEPOL’s headquarters in Budapest, Hungary.

That reality – elusive threat actors deploying fast-evolving tactics to damaging effect – explains why CEPOL declared cybercrime its top priority upon launching the CCA.

Nine months on, The Daily Swig asked CEPOL’s head of operations, Mailis Pukonen, about the academy’s progress so far, its extensive coordination with Europol, and its roadmap to plugging the law enforcement cybersecurity skills gap.

How has the CEPOL Cybercrime Academy fared during its first nine months?

Mailis Pukonen: We are delighted with the results. Since its launch, the CEPOL Cybercrime Academy has trained 465 experts face to face and 6,987 participants online from 26 member states. For 2020, we have planned 17 training activities.

Topics covered are extensive and include undercover operations targeting child sex offenders, dark web, and cryptocurrencies or forensic searches in various IT devices.

We also provide courses, which are very much in demand, in accordance with research we conducted with our EU Strategic Training Needs Assessment (EU-STNA) – namely on Open Source Intelligence (OSINT) and IT solutions.

All the network equipment is accessible and configurable by the course experts. They are capable of running various advanced software in their PC stations, including virtual simulators with [the] ability to emulate multiple cyber-scenarios.

Mailis Pukonen / CEPOLMailis Pukonen is CEPOL’s head of operations

Our recent interview with the chairman of Europol’s Joint Cybercrime Action Taskforce suggests you both share a common goal of fostering cross-border cooperation in the fight against cybercrime. How could the academy’s work help J-CAT and Europol function more effectively?

MP: CEPOL frequently organises J-CAT training activities, especially webinars – also accessible in different languages – to allow better understanding and broader use of the offer.

We help Europol in introducing participation schemes and cooperation possibilities to [a broad range of participants of] CEPOL law enforcement courses.

Expertise from Europol’s European Cybercrime Centre (EC3) is essential when it comes to training on combating cybercrime.

We have very close cooperation with Europol in many CEPOL activities, not only limited to cyber. CEPOL is also a permanent member of the programme board of EC3 to assure that our actions are aligned most efficiently and cost-effectively.

By involving closely our partners, we make sure that relevant knowledge from Europol is shared. In every residential activity, a small cross-national network of trained officers is created, that continue to cooperate.

YOU MIGHT ALSO LIKE Europol issues warning over rise in SIM-swap attacks

What impact might the UK’s departure from the EU have on the academy?

MP: Brexit has not affected the work of our agency as much as the other EU bodies. The United Kingdom, in line with the Lisbon Treaty, had an opt-out clause and could decide in which areas of justice and home affairs they want to participate.

When the latest EU regulation establishing CEPOL was adopted, [the UK] – together with Denmark – decided not to be part of it.

[Therefore] our British colleagues have not been treated as a member state in relation to the training activities since the CEPOL-establishing regulation’s entry into force in 2016.

On the other hand, however, UK-based companies were able to compete in tender procedures and provide us with their services.

This will not be the case anymore. In the same way, we will not be able to recruit British colleagues [to] positions within the agency.

It remains an open question whether any form of cooperation with the United Kingdom in law enforcement training will be established.

What are your priorities for developing the cybercrime academy in the coming years?

MP: Developing the necessary knowledge and expertise in law enforcement authorities across Europe is key in addressing the evolving challenge of cybercrime.

According to our estimations, around 144,000 officials across the EU require EU-level training on cyber.

With emerging technologies [like] 5G robotics, drones, and other autonomous vehicles, artificial intelligence is knocking on our doors.

Technological transformation is happening and reskilling people, estimating the needed volume [and] right target groups, and providing training in a structured, holistic, and timely manner is essential. Both national strategies and EU-level strategic guidance on artificial intelligence needs to be in place.

The EU-STNA findings are clear, and core capability gaps are identified – i.e. on open source intelligence, data collection, analysis and application, e-evidence, large scale IT systems, and interoperability. Expertise is clearly lacking, and the skilled workforce is needed.

Our agency would like to expand our capacity and develop the CEPOL Cybercrime Academy further.

By focusing on quality and attracting subject matter experts to provide expertise in our training activities, we will attempt to become the hub for EU law enforcement training in combating cybercrime.

With substantial investment in human capacity and infrastructure, we should be able to achieve that. Besides, by investing more resources in online learning activities, we shall be able to offer opportunities to a law-enforcement audience beyond [the EU].

RELATED Interview – Corelight’s Richard Bejtlich on cyber warfare and the origin of the term ‘APT’