Reimagining Cyber - real world perspectives on cybersecurity
Explore the critical intersection of cybersecurity and business impact while gaining insights into CISO priorities with "Reimagining Cyber." Stay informed on the latest cybersecurity news, trends, and solutions tailored for today's CISOs and CIOs. Hosted by Rob Aragao a seasoned security strategist with CyberRes, this podcast is your go-to resource for staying updated on cybersecurity developments and addressing common challenges in the rapidly evolving digital landscape.
Reimagining Cyber - real world perspectives on cybersecurity
INTERPOL and the Fight Against Global Cyber Crime - Ep 113
In this episode of "Reimagining Cyber," host Rob Aragao interviews Craig Jones, the former Director of the Global Cyber Crimes Directorate at Interpol. Jones provides a comprehensive overview of Interpol's role in combating cybercrime, emphasizing its unique position as a non-executive body that facilitates international law enforcement collaboration among 196 member countries.
Jones discusses the structure and function of Interpol, noting how it connects various national police forces to coordinate cybercrime operations, despite being unable to directly run investigations. He explains how Interpol's cybercrime efforts are organized around prevention, detection, investigation, and disruption, aiming to reduce the global impact of cybercrime and protect communities worldwide.
The conversation also delves into the challenges of dealing with borderless cybercrime, such as ransomware, business email compromise, and data theft. Jones highlights the complexities of international cooperation, especially when cybercriminals operate across different jurisdictions. He also touches on the recruitment process for Interpol's cybercrime division, stressing the importance of diverse backgrounds and expertise.
Finally, the discussion explores the evolving landscape of cybercrime, the rise of the cybercrime economy, and the critical role of cyber resilience in protecting organizations. Jones and Aragao underscore the importance of involving board-level executives in cybersecurity decisions and the need for a comprehensive approach to cyber resilience, emphasizing the long-term benefits of such strategies in the face of ongoing cyber threats.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com
[00:00:00] Rob Aragao: Welcome everyone to another episode of Reimagining Cyber. Rob here. We're very excited for today's guest, Craig Jones, the recent director of the Global Cyber Crimes Directorate at Interpol. In addition to managing many significant international projects, Craig holds various advisory roles in prominent organizations, including the World Economic Forum's Center for Cybersecurity and Global Forum for Cyber Expertise.
[00:00:23] Prior to joining Interpol, Craig held key roles in the U. K. law enforcement, coordinating responses with the National Cybersecurity Program. Welcome, Craig. Is there anything else you would like to share on your background?
[00:00:34] Craig Jones: Thanks very much, Rob. Thanks for having me on the, uh, on the program. Really, really appreciate it.
[00:00:38] I suppose the only other thing to say is now I'm officially a retiree from public service. Uh, I finished with a national crime agency, my home organization here in the uk, uh, last week. Um, so over 40 years of public service effectively. Um, as of today, uh, or yesterday, I, I start working, uh, for myself. So it's a very long retirement.
[00:00:58] I've had 24 hours. So, uh, looking forward to working. In the same field, but maybe coming at it from a different angle now, effectively.
[00:01:09] Rob Aragao: Yeah, why does that not surprise me? That little short window of time that you gave yourself to go off and do your own thing. Well, great. Listen, we're really looking forward to the conversation with you today.
[00:01:18] I'm sure there's plenty, plenty to talk about. I want to get started by having you provide more of an overview. On Interpol's role in fighting cybercrime, um, the cybercrime programs that you've grown to close to over 200 countries now within coverage, um, and just discuss, you know, what the core areas are of the programs that are being focused on with Interpol, and as well as, you know, anything you may be able to gain, kind of, for the audience to have better buy in and understanding of, you know, how to get countries actually engaged, involved, and get on board as part of the program.
[00:01:47] Craig Jones: Yeah, absolutely. I think, you know, Interpol is this, by some people seen as, you know, this amazing organization with people jumping out of helicopters, um, kicking down doors with guns and things like that, but actually that's That's what we don't do. Um, Interpol is, uh, effectively a international governmental organization.
[00:02:06] Um, we're made up of seconded officials from our 196 countries. So, any official can be seconded into Interpol if there's a position available. And countries can put up law enforcement officials or anybody working in the sort of crime space within that country. Um, but they have to be, um, they can't work for the private sector effectively, they have to come from the sort of public sector side of things.
[00:02:29] Um, we also have contract staff, so as an organization we have like a, Our base is in Lyon, in France. It's been there, or we've been an organization for over a hundred years. So, as an organization, we're non executive bodies, as I've mentioned, so we can't run an investigation operation. So, certainly my first few months in Interpol, coming from an operational background in the United Kingdom, uh, and with governments and things like that, I found it quite difficult.
[00:02:57] quite a change for me in the way that I had to work. Um, and you know, five years of doing that by understanding now and the experience I had there has really enhanced my abilities to look at that cybercrime problem from a different angle. So Interpol's role is connecting policing for safer world. If you were to say, right, let's start from scratch and create an international organization today where we'd have nearly 200 countries, law enforcement agencies working together.
[00:03:27] Right. It just it wouldn't happen in the team I had so My cyber crime program was based in singapore We'll probably go into that in a little bit more detail a bit later, but we have uh, four crime programs We have counter terrorism organized emergent crime, uh financial crimes and and cyber crime So within that basis there, we look to help coordinate and facilitate operational activities between countries So almost we we become that neutral interlocker Us Our organization's mandate is we can't, under our Article 3, which is very important for us, is coming into Interpol, I then become an international civil servant, so I work to Interpol.
[00:04:07] So the UK government cannot tell me what to do. Now, the UK government is still paying my salary. Of course they are. But actually, I work for Interpol in 196 countries. So, we can't be involved in anything that's political, military, racist, or religious. And within cybercrime, that could mean we've got to work a very fine tightrope at times.
[00:04:26] And we'll probably cover that again in some operational discussions in a bit. But within my team, I had an assistant director for operations from the US. Um, I think it's currently, uh, someone from Spain in that position. Um, my threat response assistant director was a seconded official from South Korea.
[00:04:43] Uh, my assistant director for strategy and outreach was from China. I had people from Germany, Brazil. I had someone from the Iranian cyber police within our team. So you can really see there, When you have those conversations with people, they're like, you see the eyebrows start raising, they're like, really?
[00:05:00] How does that work? And I think as cops, we've got this basic premise that we want to protect our communities from harm. So for the program, our core ambition there is reducing the global impact of cybercrime and protecting communities for a safer world. So we've got a very key strapline there. So everything that we do is, is, is based on that.
[00:05:21] So we look at the cybercrime through the lens of prevention. How, how do we prevent that? And that comes back to that law enforcement piece about protecting communities. You know, if we don't have the crimes committed, then that's great. The harm isn't caused to our communities. We then got, how do we detect cybercrime?
[00:05:37] So again, what can we do with our countries? to detect it. We then look at the investigation side to how we can support the investigations and then finally that disruption side. Now I think probably within this space is a wider conversation to have here about Well, how do you go from local policing? And I noticed on the news here in the UK today that they're talking about Um street robberies of mobile phones so people going past people whipping the phone off them And then away they go.
[00:06:05] Well, they can come up with a number of different plans to deal with that Well, how do you then actually deal with the cyber criminals? and You know for us in the industry So so to speak we know that you can have the cyber criminals in one space You can have the infrastructure another space you have that The victims in another, and we talk about cybercrime being borderless.
[00:06:26] I will bang my head on the desk every time I hear that because the law enforcement we are constrained by our borders and our boundaries effectively. So our core capabilities that we look at is understanding that threat landscape. Coordinating operations, helping countries build out their capabilities capacities, and then finally raising Interpol into those global forum now, such as the United Nations or different regional meetings, where we can have that voice and speak on behalf of law enforcement globally, but again, bringing it back to protecting our communities effectively.
[00:06:59] Rob Aragao: That's great. And I think, as you said, you know, as you're describing it, just connecting the dots between all those different stakeholders, in essence, all the different, you know, countries that are involved. I think that's just an incredible feat that you've been able to accomplish in your time there. One question I wanted to kind of ask, though, before I go into more of the depth of the cyber crimes that you've and the team gotten involved with, is what fits the mold?
[00:07:21] of an individual, right, to come into the cybercrimes division? How do you look at and kind of what are the characteristics, the interests that you're trying to kind of say, hey, we're going to recruit, or how does the whole process work, if you will?
[00:07:33] Craig Jones: That's a, that's a great question. I mean, people, first of all, people can go online and see what positions are available in Interpol.
[00:07:39] Just go in and search Interpol vacancies and you can see what positions available. So you can see the different roles Interpol has. So we might have Project managers, we might have program managers, we might have intelligence officers, we might have directors of cybercrime. Um, so there's a number of different positions there, and we're like any organization.
[00:07:57] So within my director, we had a director. What's the position? I just occupied that sort of set the direction, uh, set the strategy, looked at the operational priorities. Then we had on the threat response side, we've got a team there that look at the threats. So how do we identify those threats? What's what's gonna cause the highest harm?
[00:08:17] highest impact, high volume or high interest type cybercrimes. How do we then turn that into operations? So how do we create operational desks? Remembering that we can't go through the door, but what we can do is help coordinate and facilitate those operations. And the way that we've done that is making sure that we have people on the ground as close as possible to law enforcement working directly with them.
[00:08:41] Uh, then we look at, you know, as I said, those capabilities, capacities, the, you know, I always got asked whatever country I went to is we need more training. We need more X, Y, and Z. Well, okay, what do you need to be trained in? Because if you don't have the capabilities, you don't have the cyber criminals, you don't have the identification in that country, maybe you don't need that sort of training.
[00:09:02] You need something else. And then the last part, as I said, is having Interpol and people there with a policy background. So how can we sit at the United Nations and make statements at the Security Council? Or during the open ended working group, um, on ICT or the recent, um, information communications technology, um, misuse by criminal of the criminal, the criminal acts effectively.
[00:09:28] So how we've got a real range of people that we try and bring in. And I think that's the challenge for Interpol in terms of, you know, we are put up by our countries. We're interviewed for our positions. No one just flies magically into one of these positions. They're interviewed for the positions and it's a very competitive process.
[00:09:47] Um, you know, it's almost, I never thought I'd be ending up at Interpol as the director of cybercrime when I started policing in 1990. Effectively, it wasn't on my career aspirations then at that time. Um, so. Yeah, we've got a real cross range of officers, staff, male, female, from all around the globe. I think my last count was we had something like over 120 countries represented at Interpol within staffing of about just over a thousand, roughly, of how many people are Interpol, but also each country has a national central bureau.
[00:10:22] So, you know, let's talk about American audience here. In Washington, D. C., there's a National Central Bureau. Every country has a National Central Bureau, and they're connected through a secure Comslick defective email system. So again, they're able to communicate directly between countries. So you have a basis within each country as well.
[00:10:40] So it's not all about working directly for Interpol. It's using those Interpol tools and channels to share information and data as well. Yeah, the collaboration
[00:10:50] Rob Aragao: aspect. That's, that's the key, obviously, behind all of this. So, let's delve a little bit into the, the cyber crimes. Themselves the examples and we know right everyone sees in the news all the different examples about, uh, cybercrimes that are occurring, you know, tied back into literally an underground economy, right?
[00:11:08] It's truly a business behind the scenes for the most part, at least, and we see many different things around ransomware. Ransomware is a service, right? Um, affiliate programs. I mean, it's it's a true economy that they've built. Um, what I would like to get better understand from you is. What's Interpol currently seeing as some of the top cybercrime trends that are occurring?
[00:11:27] And then, you know, what are the challenges or the main challenges that you've seen in dealing with those types of cybercrimes themselves?
[00:11:35] Craig Jones: Yeah, quite a lot to unpack on that side, effectively. Um, so as I said, what we try and do is we first of all try and understand that threat landscape. So what are those cybercrimes?
[00:11:47] What's the impact within the communities? And we look at it on a harm level, first of all. So what's the harm it's causing? Is it Well, we've seen some cybercrimes potentially causing a physical harm when there is disruption to, um, country services such as the health care service and things like that. So, you know, that, that's part of it.
[00:12:07] That's high up there. So what we're looking at there is okay. Has there been an infiltration on the network? Has there been an exfiltration of a data set and information? Has there been a disruption because, you know, there's been that ransomware, that encryption then of those networks and services, which would then impact that country or number of countries effectively?
[00:12:30] You then look at business email compromise and the phishing campaign. So that's got that high financial impact effectively. And let's be very clear on this, you know, the cyber criminals are the majority of the people that we deal with are in it for the money. It's like any crime normally. Yes, you've got the, the sort of violent crimes that go on as well.
[00:12:47] You've got the drug crimes, but actually even the drug crimes, there's normally a, there is always a financial motivation behind it. So you're looking at that financial motivation. You're also looking at what's the risk to the cybercriminals in all of this, you know, what's the likelihood. Of being caught or being prosecuted and like, you know, speaking very honestly, it's quite low So when you look at that traditional policing model of disruption, we look at judicial outcomes I know when we looked at this back in my days in the uk law enforcement in cyber We we had sort of key performance indicators were set by number of arrests of cyber criminals in the uk Well, the majority of cyber criminals that are impacting the uk didn't come from the uk so if we're Concentrating our resources on the side of criminals in the UK.
[00:13:32] Are we actually concentrating our resources effectively in the right place? Where we can then mitigate those risks more effectively. And I think that's matured in the last sort of 10, 15 years effectively. Where countries are looking to support organisations such as Interpol. who's got that global reach, that regional reach, or they're looking to support other organizations who are able to implement programs or projects in certain countries.
[00:14:01] And we're looking at Africa and Asia and South Pacific at the moment in terms of some of those. funding for programs and activities that Interpol was doing. Um, the, the, the types of crimes were seeing, as we said, those financial ones. And I think I've mentioned business email compromised, but a lot of it's about that data.
[00:14:18] It's that information. How can we extract the information and what can we do with it? And even as I just mentioned earlier about the phones being stolen, quite often now the phones have been stolen for the data on there, not for the phone, but the handset. But the criminals know they've got data information on there.
[00:14:30] They can extract Or they can sell on to a criminal network. And you talked about that sort of cyber crime as a business, the underground economy, the internet's a marvellous thing. It's allowed us all to connect. It's allowed businesses to grow exponentially. It's allowed, you know, We saw in COVID, even more expansion of people being online, digital economies working.
[00:14:54] This is no different. We've always got a private economy in a physical sense. It's moved online now. So how do we then address that? And I think these are some of the wider questions that governments, law enforcement, private sector are asking. And myself working, we know those are the things we need. We need to start looking at how do we do that prevention more effectively?
[00:15:15] How do we make organizations more resilient? How do we make people understand that, you know, when they're on their phones speaking to the world or, you know, online? You know, there is an attack surface there that the cyber criminals are looking to take advantage of. And then we've got the cyber security industry which has grown from, you know, next to nothing when the internet first came around to, you know, this almost billion trillion pound business now where they are selling services which are needed.
[00:15:43] It's a bit like selling a burglar alarm or door locks. Um, but it's done in that online space effectively. So you've got lots of different business models that have developed. So coming back to the financial aspect of it, that's what we're seeing. I think ransomware, you've got a political undertone to this as well, where Countries talk about ransomware attacks and the likely impact of ransomware attacks within their countries.
[00:16:07] And you have like minded countries coming together and forming coalitions, such as the Counter Ransomware Initiative. We have sort of 40 to 50 countries now, which are looking to see how they can work effectively on the policy side, what they can do on the disruption side, what they can do on the capacity or diplomacy side.
[00:16:26] Um, but again, sometimes you'd look at that and say, well, actually, you've still got those like minded countries when the criminals are coming from Russian speaking countries or non English as a first language countries impacting into those countries. Where's that jurisdictional reach? How can you then disrupt the criminals?
[00:16:47] In those countries and again looking at the financial aspect. That's one of the main areas But why did that financial piece grow? We saw so we ransomware attacked once the virtual currencies came along It gave them the opportunity for the cyber criminals to adapt their business model and expand their business model and that's grown exponentially um in the last sort of seven eight years where There's vulnerabilities in networks and systems and the criminals will take advantage of it effectively You
[00:17:15] Rob Aragao: Yeah, totally.
[00:17:16] And I mean, we've had some conversations on past episodes about the cyber underground economy. Um, you know, and we've talked a lot about, about you, you, you made this term, which is near and dear to my heart and kind of why we actually started the podcast a few years ago, which is resiliency, cyber resiliency, digital resiliency, like that mindset and understanding that You have to really focus your attention on realizing that unfortunately things are still going to continue to happen no matter how good you put your control mechanisms in place.
[00:17:44] But again, that resiliency aspect is minimizing the impact to the at least highest risk operational component in organization and then how do you actually bounce back as quickly as possible. So I think those are key attributes that we've driven at.
[00:17:57] Craig Jones: And I think, Robbie, you've hit. Obviously for your previous discussion as well, but when you look at the board levels now, these are all decisions that you make, um, whether it's cyber, whether it's a physical risk or harm, you know, the board make those decisions and what is, what is the risk they're willing to carry, or how do they mitigate those risks?
[00:18:16] So, you know, you could have someone say, right, we need to spend 1 million pounds on cybersecurity, and this will protect us. And then someone else, so actually you, I could spend 500, 000 and I could give you a return of 10 million. So those are those business decisions that are made, but I think in terms of that understanding, that awareness, and that culture around cyber security, which gives us that resiliency, you know, there is a cost to this in operating in that digital space, there is a cost, and it's quantifying that cost can be very difficult at times.
[00:18:49] And, you know, previously, and also my whole time speaking with companies, organizations, governments that have suffered. some sort of breach or a ransomware attack, you know, they, they're, they're surprised quite often it's happened to them. And actually I think most of us are like, we're not surprised. No, exactly.
[00:19:08] And you, you, you come in and look at some of the control mechanisms are put in place and, you know, it doesn't take a rocket scientist to work out that they, they were pretty, pretty, pretty vulnerable
[00:19:20] Rob Aragao: effectively. They were right for the picking. That's right. Yeah. Yeah. Yeah, but you know, you just also amplified another key point, which is that connection back to the board, the connection back to understanding that, you know, how do you Um, risk, digital risk and make those decisions.
[00:19:35] And to me, you know, I think it was COVID that kind of shifted the thinking as it related to us driving more of the cyber resiliency principle. And the reason why I say, I think the resiliency, um, terminology and, and, and kind of the linkage back to the board buying in now worked is because. Think about it.
[00:19:53] The board from an operational resiliency aspect. Understands the requirements, the elements, right? And so now when you take it and map it back into, let's not talk cyber security. Let's talk about cyber resiliency. It's baked in to the conversation, but now understanding of measuring risk, what the right appetite is, as we're going to look at it within our organization and make these decisions.
[00:20:14] To your point, it really played a critical kind of pivotal point of Getting us to actually be sitting at the table to have these conversations as we should be effectively.
[00:20:23] Craig Jones: And I think, you know, that comes back to the wider point about business continuity, isn't it? You know, what's that planning that goes into a business, you know, historically?
[00:20:31] Companies and boards or leaders and managers are very used to those physical resiliency pieces, and that's understandable, but when it starts talking about the technology side, one, there's quite often a fear of ignorance here. So there's a fear that you want, don't want to be seen to be ignorant rather than embrace it and say, look, do you know what?
[00:20:50] I don't know the answer here, but what we need to look at is. a position or something, and don't just throw it out to the IT department and say, there you go, go and sort it. You've got to have someone or people with feet in both camps, understand the business, but understand the technology. And if they don't understand that technology, bringing in, whether it's a payful service, whether you create a position, you know, there is a need now.
[00:21:14] So as companies develop and organizations develop, They've got to bring that in. And we talk about the scarcity as well within skills and people that have those skills to do that. And yeah, that is going to continue for a number of years. Effectively, we never have enough doctors. We never have enough dentists.
[00:21:32] We never have enough cybersecurity experts yet. That's the reality of that space. We work it. Um, so again, Putting that resilience level in there. So almost people don't need to do anything because the resiliency is in there, but it's how quick you bounce back after there's been an attack. How quickly can you get those customer systems back online?
[00:21:52] How quickly can you get back in touch with your customers effectively? But then on the flip side of that, how do you then deal with the aftermath of the cyber attack when you've had a large data breach and you know, what happens thereafter as well?
[00:22:03] Rob Aragao: How do you respond to it effectively? How do you take those lessons learned?
[00:22:05] So absolutely, we're on the same page for sure, Craig, on the resiliency aspect. No question about that. I want to get into, um, kind of back to getting these different countries to work with one another, that collaboration aspect. I can only imagine how difficult, um, it is in dealing with all these different countries and getting, you know, their engagement and wanting to actually, maybe not wanting, but like just how do you connect the dots in the geopolitical landscape of We know this information over here in country X, I'll call it.
[00:22:36] How do I share that? Because I'm concerned about country Y being part of. Right, our actual Interpol Cyber Crimes Directorate. So, how do you balance that? How does it effectively really allow the true collaboration to come to heart?
[00:22:51] Craig Jones: Yeah, and I think that's one of the main challenges for Interpol as an organization and will continue to be a challenge.
[00:22:58] So, the understanding of what Interpol's role is, is very important. So, we look at Interpol also being able to, um, produce red notices. So a country says a crime has been committed in our country, this is the person we're after, they are a wanted person and they can put forward then a red notice to Interpol, which is then stored on Interpol's network systems.
[00:23:21] Then countries can interrogate our systems at border controls or stuff like that, and if that person pops up and there's a red notice on there, there's an opportunity. for the country but where that person is at that moment in time to on the basis of that detain that person not because interpol say so but because they say a crime has been committed which is in commonality and you've got common laws within your country in this country wherefore then you can then potentially look at an extradition so that's one of interpol's roles effectively now Some countries and people, so hang on a second, that then can become a political vehicle.
[00:23:57] So you can have countries putting red notices into Interpol, which are politically motivated. And coming back to my point, our Article 3 precludes us from doing anything that is political, religious, um, or, or, or military, uh, of nature effectively. So we're very careful about how we issue a red notice that goes through a whole number of processes.
[00:24:18] So there's always going to be that bit at the back of people trying to go, Oh, Interpol, you know, you're You're full of all these countries and they're bad actors. Take it back to what we're dealing with. We're dealing with crime. We're looking at reducing harm to our communities. And I think this is where Interpol brilliantly plays in the cybercrime area.
[00:24:36] So when we look at the cybercriminals that are committing crime, they are using tools, techniques, and practices that everybody could use to facilitate some sort of nefarious act. So those threats are out there. So if Interpol are able to introduce mitigation, so if we're able to reduce that harm, so do that prevention work, doesn't matter who the threat actor is, we are going to stop communities being harmed.
[00:25:02] country upon country attacks always going to take place. Um, and in real term space, if those attacks took place, then, you know, quite often, that's when in a physical sense, countries might be going to war effectively. So we're looking at the cyber playing field, being used to commit those acts between countries.
[00:25:23] Interpol does not involve itself in those, we're not able to. So again, drawing it back to that, that, that crime element. So the cooperation then, we, we, we're divided, uh, up into four regions. We've got America's, Europe, Africa, Asian South Pacific. So the way we try and operate is doing operations and projects between those countries.
[00:25:43] Now I went into Interpol thinking, okay, well, that's, that's very doable. So what I found when I was there is, you know, we, we didn't have some of those basic processes in place. That's not a criticism. It's around looking at this through a different lens. So how do we get those countries to cooperate? Well, let's lay out a resolution, first of all, because we're a resolution based organization.
[00:26:05] So, in 2021 in Turkey, at our General Assembly, we laid out a resolution to all our countries about countering and combating cybercrime. And all countries signed up to it. Now, remember, we're only representing law enforcement here. So it's just the law enforcement agencies are signing up to it, but they signed up to it.
[00:26:22] And then we did it for our regional recommendations as well. And then through our heads of national central bureau. So we laid out documentation, first of all, which I and our secretary general, anybody can invoke with them. We're actually, you signed up, you said you would Counter and combat cybercrime by preventing, detecting, investigating and disrupting.
[00:26:40] So the first thing is, is um, getting that in, in place effectively. So we got all those processes in place, which is really important, because then we're all using the same sort of language in the first instance. So we're understanding what we're looking to prevent, detect, investigate, disrupt cybercrime.
[00:26:58] We also work very extensively with private partners, so the private sector. We're able to receive data sets from the private sector, so I don't need to rely on the police sharing data and information. And why that's really important is, first of all, Different countries, different law enforcement have different capabilities or access to different data sets.
[00:27:19] What we're able to do at Interpol is bring the police data sets in, the private sector data sets in, and we do that under our rules of processing data. So we've got a very strict methodology and regime for the way we handle data. We also then have very strict controls about who we share that data with.
[00:27:35] So if one country comes to us and says we're doing this investigation, but we don't want the data shared with this country, We can't share it with that country. It's really, really simple. And countries understand that. Also, when the private sector share data with us, if some of the private sector that we're working with are, um, from a certain country, there's sanctions from that country or another country, We can't use that data then into those sanctioned countries.
[00:28:01] So we're very careful in the way that we we use our data. And again, I think, you know, this is where Interpol is maturing as an organization, recognizing that, again, we can't be that Lead organization for the investigation, but when we're bringing data sets into the private sector that some countries aren't seeing at all We can share that in to those countries and help formulate that operation Effectively so we can help say well, look, this is the high harm.
[00:28:29] We're seeing at the moment Um from cyber criminal group in africa or from russia or from the far east or any other country How can we then bring the countries together to do that as an effective approach? Investigation
[00:28:45] Rob Aragao: so I can see examples of friction. We've seen domestically here in the US between that intelligence sharing of public to private sector and vice versa, more so private to public.
[00:28:58] Um, and I think we're making good strides in improving that. But. There's been this kind of hold back of, we don't want to provide this intelligence to the public sector because then, what are they going to do with it, or will it come back to bite us, or will it get into the wrong hands, will our competitors take advantage of it, that's a difficult kind of situation, but I do believe that there's good advice.
[00:29:21] Momentum in the direction of the real realization that you do benefit from actually sharing the intelligence. It will come back, be able to pay off for some sort of, you know, need that you may have in the future as well.
[00:29:34] Craig Jones: Yeah. And I think, you know, it's that double edged sword, isn't it? So when we share the information, I mean, I, I always say some of the countryside speeches.
[00:29:42] Look, don't share that information until you've completed your investigation, your operation, because then it's out there. It's in the open. What Interpol can do is act as an amplifier, so we can then take that information and push that into another 120 countries. And that's our role, that's our role, that's what we should be doing, so we can say, Here are some potential victims or here's some potential vulnerabilities within your network systems within your countries.
[00:30:06] You need to do X, Y, and Z. But also, I think what we haven't mentioned here is, is how do we then work effectively with government agencies that are charged with, um, securing a nation, making their cyber security more secure, whether it's the National Cyber Security Centre in the UK, CSA, um, in Singapore, whether it's, um, CISA in the US.
[00:30:29] So, you're never going to have an Interpol version of National Cyber Security Agencies. You're going to have that regional group. So actually, how could Interpol interlock? Those on a regional basis as well. There's a role there with Interpol and the private sector and those sort of national agencies.
[00:30:48] Again, just picking a simple mission, preventing cybercrime. You know, coming back to my point earlier, being able to identify those vulnerabilities, share that information out like we can do directly and very quickly into 196 countries for our secure network. We can share that straight into law enforcement, but also under rules of processing data, we're able to share that into national agencies as well.
[00:31:11] So there's different ways that we can share this information and make it work and protect our communities.
[00:31:18] Rob Aragao: Yeah, I think that's interesting the way you go about and the examples you shared of, um, how you can essence kind of filter what gets out to who, which I think is a way to help kind of make people feel a little bit more comfortable, if you will, to share in the future.
[00:31:32] Craig Jones: And I think that that's the nuanced part of this until you're actually in the organization. As I said, right at my opening up, what does Interpol mean to someone? Oh yeah, you know, jumping out of helicopters. No, it's flying 4, 000 miles, spending three days in a country, having meetings, attending a conference, speaking to people.
[00:31:48] Um, we sort of called it creating communities to protect communities. You know, it's, it's how do we bring those communities together? It's exactly the same as local law enforcement. You know, as a law enforcement official, you have to gain the trust of that community. And that can be very challenging at times for, for a Bobby on the beat or a, you know, a sheriff in a town or something like, like that.
[00:32:09] Rob Aragao: Yeah, for sure. For sure. So much I want to ask you where the cybercrime is coming from, jurisdiction issues, the future of Interpol, and just how to help with cybercrime overall. Will you be willing to come back next week, Craig?
[00:32:21] Craig Jones: Yeah, I think that sounds like a fantastic invitation. More than happy to join you again.
[00:32:26] Rob Aragao: Excellent. And if you want to hear that episode, as soon as it drops, best thing to do is follow or subscribe to re imagining cyber, wherever you listen to your podcasts.