It is no longer unthinkable for a large-scale cyber attack to have serious repercussions on the physical world, paralysing an entire sector or certain sections of society. To prepare for the main cross-border cyber attacks, the European Council has adopted a response protocol to address emergencies in the European Union. This Protocol assigns a central role to the European Cyber Crime Centre(EC3) and is part of the EU plan to provide a coordinated response to incidents and large-scale cross-border cyber security crises.
This Protocol serves as a tool to provide support to police authorities in the EU when giving an immediate response to the main cross-border cybernetic attacks, with a rapid assessment, safe and timely sharing of high-value information and effective coordination of international aspects of investigations.
In 2017, cybernetic attacks without precedent from WannaCry and NotPetya stressed to what point responses caused by incidents and reactions were not enough to effectively address the cyber criminal modus operandi that is evolving very quickly.
The response Protocol to European Union emergencies determines procedures, roles and responsibilities of key actors within the EU and beyond: secure channels of communication and points of contact 24 hours for the exchange of vital information, and with general coordination.
The Protocol details the complementing of current mechanisms for crisis management in the EU with the rationalising of transnational activities and facilitating collaboration with the pertinent European and international actors, taking full advantage of Europol resources. Moreover, it facilitates collaboration with the web and information security community and members of the relevant private sectors.
Only cybernetic security events of a suspicious and criminal nature are within the scope of the Protocol; it does not include incidents or crises caused by a natural disaster, a mistake caused by man or a failure in the system. Therefore, in order to determine the criminal nature of the attack, it is vital that the first reactions involves all the necessary measures to preserve electronic tests that could be found in the computer systems affected by the attack, which are essential for any penal investigation or legal proceeding.
Being an Agency of the EU for cooperation in police matters, Europol is obliged to provide support for member states in order to effectively detect, investigate, interrupt and deter large-scale cyber crime, if it appears to be of a criminal nature.