Airmen update anti-virus software for Air Force units to assist in the prevention of cyberspace hackers at Barksdale Air Force Base, La.

RAND Solution

Advising the EU on Development of a Cybercrime Center


Although the full scope and impact of cybercrime are difficult to measure concretely, attacks against national and private interests have spurred international efforts to defend critical information infrastructures. In Europe, however, the involvement of a wide range of political, economic, law enforcement, defense, and legal organizations makes coordination difficult. Could the development of a multinational center help in the fight against cybercrime?


Firewall lock on mainboard

With so much communication and commercial activity taking place via the Internet, the threat from cybercrime is increasing at a rapidly growing rate. Europe is a key target because of its advanced Internet infrastructure and proliferation of Internet-based economies and payment systems.

The scale of cybercrime represents a considerable challenge to law enforcement agencies, and the total cost of cybercrime to society is significant. One report suggested that losses each year worldwide as a result of cybercrime are greater than the global trade in marijuana, cocaine, and heroin combined.

In Europe, cyber security strategies are viewed as increasingly important for addressing these challenges and risks. However, the bodies in charge of leading or coordinating cyber security policy across the countries vary from cabinet offices to interior ministries to defense or national security directorates — an unevenness that can hinder international cooperation.

“The establishment of the European Cybercrime Centre will be a landmark development in the EU's fight against cybercrime. I am delighted that the Commission has proposed its establishment at Europol.”

Rob Wainwright, director of Europol

Project Description

In 2010, the European Council commissioned a feasibility study on the creation of a European cybercrime center “through which Member States and EU institutions will be able to build operational and analytical capacity for investigations and co-operation with international partners.”

RAND Europe was asked to collect the data on nature, extent, and impacts of cybercrime, as well as law enforcement responses within 15 EU Member States. The researchers also systematically consulted representatives of both national- and European-level law enforcement and the criminal justice community to develop a set of scenarios. The team then considered a range of options, including a virtual cybercrime center (the status quo), and an actual center hosted by either the European Judicial Co-operation Unit (Eurojust), the European Network and Information Security Agency (ENISA), or the European Police Office (Europol).

Research Questions

  1. What is the state of efforts to deal with cybercrime in Europe?
  2. How feasible is the development of a European cybercrime center given different mandates, resources, activities, risks, impacts and interoperability with other organizations?
  3. Who should host the cybercrime center, and what should its mandate be?

Key Findings & Recommendations

  • Many Member States have specialized law enforcement units to address cybercrime. Europol has had an emergent capability to address cybercrime and has supported Member State investigations alongside Eurojust, while also driving training and developing best practices for addressing cybercrime in conjunction with the European Police College (CEPOL).
  • Poor cooperation among countries can foster cybercrime; a European cybercrime center should have a broad capability to tackle cybercrime, coordinate efforts, and exploit the strengths of partnering organizations that possess existing competencies, skills and knowledge.
  • Of the four options, there was little difference in cost but major differences in institutional complexity and organization; Europol was objectively the best fit.
  • The ECC’s four main activities should include:
    • providing criminal intelligence analysis and operational support to Member State investigations
    • offering broad-based training, education, and professional development for all members of the criminal justice community
    • cooperating and collaborating with a broad range of non-criminal justice stakeholders
    • facilitating a common, standards-based reporting platform to support the sharing of cybercrime data among members of the public, law enforcement, and private industry.
Binary code and laptops


In March 2012, following RAND Europe’s advice, the EU Commissioner for Home Affairs announced plans to establish the European Cybercrime Center (EC3) within Europol in the Hague. Neil Robinson, RAND Europe’s lead researcher on the feasibility study, was invited to the opening ceremony in January 2013. Robinson suggested in a RAND blog post that challenges remain, but the EC3 is a welcome start.

“The opening of the EC3 at Europol, in line with our first-choice scenario, is very welcome.”

Neil Robinson