The cooperation is part of the National Infrastructure Against CyberCrime (NICC) sponsored by the Dutch Ministry of Economic Affairs. Now, with the support of the European Network and Information Security Agency (ENISA), the aim is to implement a similar PPP model at European level. Although national approaches already exist in some countries, they do not always go far enough in the view of the Dutch. "What we are aiming for is a public-private partnership that brings together banks, executive and computer emergency response teams (CERTs), " says Wim Hafkamp, Program Manager for Information Risk Management, Strategy & Policy at Rabobank with press text.
Launched in 2006, the NICC relies on the already existing structure of FI-ISAC, a partnership between Dutch banks for IT security launched in 2003. It is based on a protected exchange of information, trusting that particularly sensitive information is not carried by any participant to a wider public. This collaboration now also involves government agencies, which promises to be more effective against cybercrime threats. For example, it is easier for banks to take phishing websites offline and thus protect their customers. The exchange of information also fosters understanding of threats such as hacker ATM attacks by all parties involved.
It is obvious that extending such cooperation across national borders promises advantages. After all, the technical methods of cybercriminals remain the same across borders. According to Hafkamp, in some other countries, including the United Kingdom and Switzerland, there are national initiatives in contact with one another. Relevant connections with German or Austrian institutes exist so far but rather on a personal level. Cross-border cooperation based on the Dutch model has been pursued since last year. A meeting in Bern is scheduled for November this year. Hafkamp hopes for 18 participating countries, whereby non-EU states should also be represented.
"An important question is currently the leadership, " said the Dutchman. Cooperation should be under the authority of a major international organization, such as ENISA or the European Central Bank. It remains to be seen whether national organizational differences can be an obstacle. While the Dutch GOVCERT is a state organization, the Austrian CERT, for example, is under the domain registry nic.at and thus part of the private sector. (Pte)