 Welcome and good afternoon. Welcome to this press conference. Welcome here in the room and on the live stream and a special welcome to my wonderful panelists here The topic we're Dedicating this press conference to is the topic of cybercrime For those of you who've been here last year have been watching the press conferences last year you'll remember We've been talking about this this topic last year and in fact the World Economic Forum has started Working on cybercrime in 2015 the purpose of this press conference here today is to give you an update on where we stand What we've learned and what we believe or the panelists here believe the next steps are Let me quickly introduce the panelists to you to my immediate left I'm joined by Jean-Luc V who's the head of public security policy and security affairs at the World Economic Forum And also a member of its executive committee Next to him. We're joined by Noburo Nakatani. He's the executive director of Interpol global complex for innovation based in Singapore and Right at the heart of our panel. We're joined by Michelle Koenig's She's the president of Eurojust in Den Haag and last but definitely not least We're joined by Andrei Kudelsky who's the chairman of the board and the CEO of Kudelsky Group here in Switzerland Thank you very much for being here without further ado Jean-Luc, I pass on to you We launched the recommendations for public-private partnership and cybercrime to fight cybercrime last year What's the update where do we stand today? Thank you very much. Good afternoon everyone Last year during the annual meeting 2016 top executives from our partners forum partners and the top representatives from the law enforcement agencies acting on the global level regional level and national level Decided to enhance to increase the efficiency common efficiency against the fight In the fight against the cybercrime so they launched five recommendations the purpose of which the main purpose of which was to Increase the collaboration between the private sector and the public one by furthering Namely the creation of information sharing platforms During the year 2016 a the recommendations one and two have begun to be Implemented mr. Nakatani will inform you on What has been achieved on the global level at the Interpol and Michel Connings who is to a certain extent the first prosecutor of the European Union will inform you and What has been achieved on that field on the regional European? Union based on those recommendations the community composed by high representative from the private sector and High representative from the law enforcement decided to go ahead and to a Implement on the practical way the recommendation one and two so they have elaborated during the year 2016 Guidance guidance on public private information sharing against cybercrime The purpose of which is to help the partners private sector and law enforcement To exactly know what has to be shared within these information sharing platforms and how Should the information be shared so you understand the idea was not and is not only to set up information sharing platform to Participate to further the participation to informations sharing platform But also and it is important to help the participants to Practically work together a couple of elements regarding these guidance these guidance is Driven by a couple of principles Regarding the what four principles have been listed Share first principle share all information not limited by legal constraints try to share Try to share it is important It is good in order to fight Effectively fight the cybercrime second principle Information sharing should be a two-way street or let's say a two highway street If only the private sector is sharing it doesn't bring anything is the Law enforcement alone by the sharing it doesn't bring anything so two-way street sharing third principle No sharing of information without checking applicable legal framework especially important with regard to the sharing of personal data and force Better to share process data than raw data because by sharing process data You help the partner to better understand what you are saying what kind of information you are sharing Said otherwise it helps this principle helps the partner to speak the same language Regarding the how the other aspect covered by these guidance of three principles Have driven the guidance first real-time information. That means 24-7 information capacity Cybercrime is going very fast ahead if the partners who are ready to share are not able to Build this capacity to share on the real-time It won't bring anything second use secure channels very important as well All the questions around the encryption have to be discussed in in that field, of course But secure channel have to be set up and third know your counterpart as several private sectors have Done so far especially the banking sector Which is led since many years by the principle know your customer The idea here is to help the partners to better know each other It is important that the chief information security officer when something is happening in the business Knows with who is the counterpart by the law enforcement. Who is the prosecutor? He has to Ask in order to get his support So you see we decided together with our partners to really go ahead based on a very practical approach of the fight against the cybercrime Thank you very much and the good news is that you don't have to hack our website to get these documents that Jean-Luc so teasingly waived at you earlier. You'll find them a freely available there Without further ado Nakatani son Jean-Luc breezed over it already. You're clearly representing the global perspective here. Please share with us your perspective. Thank you First of all, it's great pleasure for me to participate in the annual meeting of Davos World Economic Forum Especially the project of a public-private partnership against cybercrime under the leadership Mr. Beds. Thank you so much From an interval perspective, this is very important as because most of the cyber threat and the evidence law enforcement need To prevent investigate cyber crimes less to be a private sector So actually we need to change the mindset on the both Public and private sector from need to know to need to share so need to share mindset. That's very important In that context, we really appreciate World Economic Forum as a global platform That's enable us law enforcement Easily to interact with world renowned companies as well as the global leaders to discuss cybercrime Which is clearly disrupting world economy as well as the public safety and security Regarding to the 2016 the recommendations Interpol is committed to facilitating information sharing between the public sector, especially law enforcement and private sector in fact as a collaboration with Private sector and academia Liberating their technologies expertise is at the heart of the Interpol strategy to combat cybercrime Our Interpol global complex for innovation in Singapore. We call it IGCI for which I'm responsible Is designed to be one-stop shop to assist our member country to combat cybercrime and actually It has several experts from different Private companies working together with Interpol staff side-by-side and then providing operational assistance to our member countries in investigating cybercrime and This effort has already delivered result contributing to member countries successful cybercrime investigation for instance business email compliments I believe you know that In Nigeria last summer. This is just one example and This collaboration has been already extended to the digital forensic field By leveraging expertise of the private companies expert To support our member countries digital forensic activities on the field in the field So we deploy the teams to our member countries upon their request In with regard to the 2017 guidance Interpol has actually just shared its lesson learned and the best practices coming from the our daily activities During the cities of sessions to discuss this guidance I Think this guidance is clearly one big step forward to respond to new digital economy Where the technology goes faster than policy and the legislative framework so currently Company not country Define certain set of rules which we follow Say encryption It's not country Enforcement cannot compare tech companies to decrypt This is not starting point of finding solutions in this matter So what is important at least in the global context is to discuss what could be done Legally and the technologically rather than what should be done That is more is Discussed at national in the national context Having said that it is very much fundamentally important for reinforcement to learn the principles of the information sharing with private sector, especially cross-border information sharing moving forward 2017 we will make outreach effort to our membership 190 member countries on the introduction and the practical application of these guidance Through our activities These effort may include awareness raising to the chief of police or minister of Ministry of Interior and Capacity building activities that are designed to help law enforcement, especially in developing countries to understand and Establish the most appropriate Process to elicit information and to collaborate with private companies in fighting cybercrime Last but not least I'm happy to share in this context that Interpol has a great pleasure to co host the forum cybercrime the workshop Actually the session which we had today at the Interpol global complex for innovation in Singapore this July You know that to further promote practical way of implementing the 2016 recommendation based on the newly Developed guidance which you can see in the on the online So this is a brief update in 2016 recommendation as well as newly developed Guidance. Thank you. Thank you very much Michelle. Let's move to the European perspective What are your what are your thoughts on this? Well, thanks a lot Let's move to the view of the justice and look at the issue from In your perspective and with I would say judicial magnifying glass are with judicial eyes without any doubt the seriousness the complexity and the pace with which the Cyber criminals are acting and the cyber threat is supposed to is of an Unpresented level. We have never seen this and it's evolving every single year more and more and hence We need to respond To a common need a common threat in a common way and so far where you start the corporate security Was only talking about cyber security. Let's disrupt Cyber and attacks. Let's have Take down of cyber hackers. Let's focus on Reducing the impact of a cyber attack and let's focus on business Business continuity good not good enough and from the side of the public sector we used to work with not only Criminal activity but also with evidence this time e evidence not only stopping criminal activity But also having to stop criminals with this a little bit different And we saw that working in silos focusing on cyber security only or cyber justice on the other side Working in silos was not giving the right response. So the answer is definitely What the web has been promoting under the leadership of dr. Jean-Luc Vesse is bringing the partners together working in a triple P fashion public private partnership with the recommendations and the guidance joining the forces and Joining the knowledge Changing the attitude and behavior and hence changing the culture Have we been successful in that sense in the European Union? Initiatives have been taken at EU level from the police side and from the justice side the European cyber crime Center has been established some years ago and is deeply involved in exchange of information and the stepping up of the context with the private sector and we from the justice side at you just have made a bridge between the ec3 and the jcat platform and a newly established network of European judicial specialist cyber crime prosecutors from the 28 countries designated because of their skills and knowledge and ability and that together has been Leading to more successes and if you go on a website's your point you just will show you examples that like the avalanche Operation which was operated in November never seen before such a serious hacking Globally organized lasted for years and years and because we so far only focus on the takedown of the criminal infrastructure we stopped criminal activity, but we didn't stop the criminals hence We joined the forces and the duties throughout coordination meetings Meeting with prosecutors and policemen from 30 countries were not used to work with and we were using Legal remedies which we were not used to work with in the national context And that is what we have been doing with success five persons were arrested never happened before New systems have been used based on new legal initiatives and on inventivity creativity of prosecutors of 30 countries The thing that is against us is time. We all know that the classic MLA mutual legal assistant international judicial cooperation is too lengthy and that is where the combat to the fight becomes Asymmetric criminals also sophisticated creative and inventive and we lose time The only way forward is to step up the cooperation with the private sector with the CSB's the ISP's the ESP's With working more closely with the private sector beats the banking sector as we have been doing in the Emma Actions one and two last year where we managed to work with the European Federation of Banks and where we had the information in real time Allowing us to go after a lot of persons being arrested What I also tried to say is that? Networking is needed to beat networks and these cybercrime networks help together the good practices The best experiences the lessons learned and this is something we are capturing also in the convictions monitor at Euro Just and spreading the good news and also the bad news in order to ensure Punity not allow ourselves to fail because we are the voice of the victims We are there in a state of the rule of law to ensure Correct responses in stopping not only criminal activity, but also the criminals all we dare yet Not at all. We will focus in the next years on the convention of Budapest It's not having a white adherence We should look at the widening of the adherence and a lot of legal and practical challenges ahead encryption anonymization access to e evidence or a Short list of problems will have to face We have to build up the knowledge and build up the trust in other terms besides the triple P Public-private partnership. We also have to threat thrive and think about the triple T time trust and Thinking out of the box and that's what we are going to do all together. Thanks a lot. Thank you very much So whatever doubts might have been discussed in recent weeks about globalization Clearly cybercrime is a global phenomenon and thank you for sharing the sense of urgency and the need for speed here with us Andre I'll make you work twice as hard as the other panelists because not only are you the representative for the private sector here But you also represent a company that works in the field. So please share your perspective with us Thank you. I would just start by saying We are speaking here about the moving targets because we are not in a static situation We have at the same time So digitalization that is coming at a very high speed So fundamentally more and more function are now digital. So said in a different way We are coming from a small shop to a supermarket and in the supermarket You have more to be stolen than a small shop. So fundamentally for the parrots You have real opportunities having said that So the first ones that have been able to really take advantage of the internet are the parrots Why because they are by definition not regulated. So fundamentally they have not the same limits That's a normal actor have now we can ask ourselves, but why Security is so important. So some people may think is to avoid to have money stolen But it's the same time you have Some data or some information that are even much more valuable than just money because money I would say money can buy money But fundamentally you have some elements that money cannot buy like for example If you have some personal data for personalized medicine Knowing that in the future to be able to better treat Person will need to have more and more personal data And this data need absolutely to be protected and if they are not protected well Or that is creating a big risk for the person in terms of privacy or this treatment will just not happen Now we can ask ourselves, but why Private sector cannot act alone or public sector cannot act alone and there is Fundamental difference between the two sector and the real complementarity if I'm looking at first-states actors they lack sometimes some flexibility due to their own rules, but They have also and that is I think the most important limits They have a limited territory. They can work on on the other side private sector I'm not saying that all company are flexible, but they can be potentially flexible. They can be global But on the other side, they have a lack of legitimacy So fundamentally they may have good idea. They may see the right thing But on the other side, they will not have the right to do what is needed Then we have these needs to have a dynamic combination between the two Because as it was just said before We are living in a asymmetrical world said in a different way If you want to have something that is secure, you need to have it 100% secure If you have someone that is interested to hack an information or to make an exploit from a cyber attack He needs to be successful once for 1000 per one million Let's imagine that you have one million wallets with ten thousand dollars You need to be successful once per million or two times per million to still get some things that is interesting So just to say that the rules are done in such way that the parrot have much less to achieve to be successful than the Guardian and in such situation We just need to have solution that are at internet speed and not in the old-day speed I would say it's not slow food. So fundamentally what we need is the capability to act much faster than if we use a traditional way and that is requiring a real-time communication between two different actors and for that a Combination between public and private is really optimum because we can at the same time get the flexibility of some Goods how to say private actors that are maybe better than others and on the other side To get all the legitimacy and the backbone that do that's what is done is better than what the parrot or the bad guys are doing and That is really a fundamental way to be able to address it But what is interesting? I think that this is one of the first example where we can use the private public partnership to Be able to act faster in sectors that are fast-moving and I'm not sure that it will be the only one Where such new technique will be implemented? So it's a real opportunity to be able to be more performing now We just give you a few example of elements that we as a company have already done in this field a few years ago fundamentally to be able to Trace and to be able to Arrest some parrots that were operating cross boundary when Most of our clients were just active in one country We have seen that we found a collaboration Between the private and public sector that would not have been possible and we see that in term of public partner Public private partnership not all country are equal Some country have been much faster in using such type of approach and some have been more reluctant But if we look at the results the countries that have been much more receptive for such type of the partnership Have been far better in addressing all type of parrots. I'm not only speaking about cyber parrots See, but all other different form So finally just as a short conclusion is to say that we are living in Very fast-moving digital world and we cannot use the old recipes to address So new threats and we need to be creative But at the same time to respect some rule of flow and here the role of the state is absolutely essential Thank you very much Jean-Luc, I know that Professionals like we have on the panel here are usually reluctant to share like concrete cases I'll put you on the spot anyways Because you're on camera and you can't run away Can you share some examples that we have from the work since 2015? Well, I think I think the essential has been has been said and and the main the main challenge that the actors are facing is really the speed and and What all actors said and all are agreed on on that is the fact that that a usual normal a Forms of of collaboration and the usual normal form of Transformation of legislations are not efficient anymore. So there is a huge need for a innovative Regulation regulation forms and it is exactly what what we have tried to to do since since Since two years and especially since the launch of the recommendation find new innovative clever forms of regulations and It is especially a Remarkable by the guidance The philosophy behind the guidance the purpose of which again is to help the partners to know what is to share and how Are the information to be shared was really to and is still to address the fields of Information Which can be shared without to address very complicated legal aspects linked for example with international conventions linked with the mutual legal assistance treaties or existing Legislation regarding the personal data and and it was the main philosophy is remaining the main philosophy And what was interesting to to see is that all actors Working on on this project had to admit had to admit that this field is is bigger than than than thought and Just to to give you a couple of examples Indicators of compromises can be can be shared like your usual network activity login failures Modules super and I tools technique procedures lessons learned and so on a lot of things We can really be shared without to ask too many questions around the legal aspect and in in said otherwise the main principle and philosophy behind that is Share a rich in everything which is not forbidden to share legally forbidden to share and it is a Transformation of the mindset, you know, and I have the impression it is it is feasible. It is feasible and So my assessment is that the recommendation and the guidance Have enabled the the to create To create on the ridge on the global level But also on the original level as as the Michel mentioned a momentum and if everybody is Going ahead with these mindset. I think a the cyber criminals Which are supposed are supposed to be to be caught a Will will fear both the private sector and the law enforcement. Thank you very much Exactly, let's open the floor for for questions I see a hand raised here. We have a microphone if you could state your name and organization also for the sake of our online audience, please Angela Charlton from the Associated Press. I have a question about a particular kind of cyber crime the US has accused Russian hackers of meddling in the US election campaign The Russian government has also accused unspecified hackers in the West possibly the US of doing the same in Russia How can you stop that kind of cyber crime and Relatedly to that Europe is having elections this year. There are concerns among European governments that the same thing will happen here Do you see any signs of hacking by Russia or other actors? And are you doing? What are you doing to prevent that? Thank you very much. Do we have any volunteers on the panel to take their question? Again, okay, please when it comes to the cyber threat was a Simon cyber attack at the people in different country have a different Understanding of the same word. So actually Interpol practically categorize it a cyber attack in two folk categories Based on the actors involved one is a cyber criminals. They just work for money The second is a hacktivist. They don't work for money, but they just work for their Puppets on purpose maybe process of those kind of things. That is a terrorist. They are using Internet to attack certain at a target the force is a nation state which is involved in the cyber espionage and Then having said that actually the for instance Interpol international criminal police organization So we are working in the boundary of the criminal justice There's something related to the cyber attack especially the fourth category is It's not something that can be solved in the framework of the criminal justice Perhaps that might be outside of criminal justice Maybe in the diplomacy politics those kind of things So I think it depending on the nature of the cyber attack and then the procedure or I would say the way We could solve would be different. So this is my answer to your question Thank you very much. You want to add to that, please? Yes, it is a very important question your question a at the World Economic Forum and together with our constituents representative from several private sectors and and law enforcement we discussed those kind of questions two years ago and it has been decided to Address only the fields where all actors do have the same interests Which is the case by the fight against cyber crime? Which is obviously not the case as soon as cyber is used as tool of war or Propaganda or you can you can call that as you as you want and and we we are convinced that by doing so we will achieve results and I have the impression that those results have been achieved But not not only because the actors represented were very good one and professionals But because the actors Had common common interest and we're therefore able to find common measures Because they have the same interests. You understand what I mean Please entry if you want to add to that. I would just take This issue from a completely different angle Very often some people may ask but what are the consequences of cyber attacks and I think that what have happened recently is Crystal clear making us aware that cyber security is something that is Really important and at the end I would say that there are some doubts about Who can do something and cannot do something But it's clearly show that there is a need to improve the level of Resilience against cyber attacks and better trust ability So that is for me that are the two main lesson learned here rather than to try to guess who is doing what Please could you wait for the microphone? America our members of Interpol so if they're doing this there's essentially nothing that you can do To stop this kind of what you call cyber war That's basically another field entirely and even all of the expertise and knowledge you have can't be applied in any way to this kind of situation So that's the focus of these initiatives indeed cyber crime. That is correct. We have time for one more question. Maybe If I can see a show of hands. Yes, we have the lady in the back the microphone is coming. Thank you Farah Bushback from Frost 24 We've seen the rise in biometrics at the borders in Payment methods. How worried are you with the spread of biometrics and how can we ensure data privacy? Andrea would that be a question for you That may be a question for me and so the question is first What are the possibility and the second element is how it's done now if I imagine? That done in a classical way Then yes, there is a risk because you have some element of fingerprinting that Are collected and stored in a database now if I'm taking the next step Where the goal is not to collect but to check is to have system where you get some Signature in a way that you have never the information that is In clear but that is stored in a way that it cannot be used just to check if it's much or don't match But I don't think that we are at this state now So I would say that that is one of the elements where we really need to be extremely careful because once more if there is a doubt So doubts can create some confusion Thank you very much Mindful of the advanced time. I'm closing this press conference. Thank you for watching. Thank you for being here and a special Thank you to all our panelists today. Thank you very much