By Jacopo Bellasio, Erik Silfversten, Eireann Leverett, Anna Knack, Fiona Quimbre, Emma Louise Blondes, Marina Favaro, Giacomo Persi Paoli

The government of Estonia requested support from the European Commission under Regulation (EU) 2017/825 to analyse new and emerging technological developments and identify their potential application in cybercrime. In May 2019, RAND Europe was commissioned by the European Commission Structural Reform Support Service to conduct a study (ref: SRSS/C2018/092) aimed at:Conducting an analysis of future technologies and how these could be used to commit or prevent cybercrimes.Proposing possible ways to prevent future technologies from being exploited for criminal purposes.

To meet the objectives of the study, RAND Europe (i) took stock of current knowledge of and policy on cybercrime as well as of completed and ongoing research on future trends in cybercrime; (ii) conducted horizon scanning activities to identify new and emerging technologies that may have an impact on cybercrime; (iii) engaged with stakeholders and experts to elicit their views on current and future cybercrime and technology trends; and (iv) designed and delivered a table-top exercise to help identify possible policy and legislative measures and initiatives to be adopted in order to prevent new and emerging technologies from being exploited for cybercrime purposes. This document presents an overview of results emerging from activities conducted under the study.

Key Findings

The next decade will likely see an increase in the speed and coverage of connectivity which will contribute to an overall increase in the volume and speed at which different types of cybercrime are conducted.The proliferation of Information Technology-enabled devices, systems, and services will result in an increase in the attack surface and vulnerabilities that could be leveraged by malicious actors.Developments in the fields of computing and data storage technologies, paired with a proliferation of devices, are expected to result in an increased ability to record, generate, store, access and manipulate data.Advances in computing power, accompanied by developments in the fields of artificial intelligence and machine learning, are expected to contribute to a growing ability to process and analyse data, allowing to infer from these new insights and results which are beyond the reach of current analytical capabilities.Technological advances are expected to result in increasing complexity as regards the tracking and attribution of criminal and malicious activities.The consolidation of the internet economy around a limited number of key players, and an increasing societal reliance on their products and services, may raise challenges such as contributing to the widespread emembedding of vulnerabilities with the potential to yield large-scale systemic effects when leveraged.While this study focuses on the impact that technology may have on cybercrime, a wide variety of other non-technical drivers and factors are also expected to influence this phenomenon over the coming decade.

Recommendations

Pursue broad cybercrime capacity building in light of technological development.

Strengthen the overall cybersecurity resilience of Estonia through awareness, education and capacity building.

Seek legal, regulatory and organisational agility.

Prepare the Estonian legal, regulatory and organisational environment to adequately respond to cybercrime challenges resulting from technological change.

Invest in technologies relevant to the Estonian context.

Ensure that Estonia has sufficient technological expertise, skills and research in relation to high-priority emerging technologies.

Santa Monica, CA: RAND, 2020. 13p.