Cybercrime Strategy Guidebook | Page 8 of 37
1. Introduction
Background
This Guidebook has been produced as part of phase two of the ASEAN Cyber Capacity Development
Project (ACCDP II). The ACCDP is a project that is funded by the Japan-ASEAN Integration Fund (JAIF)
2.0 via the ASEAN Secretariat and with the Singapore Ministry of Home Affairs as the project
proponent. INTERPOL is the implementing agency.
This project aims to strengthen the ability of countries to combat cybercrime and work together as a
region and internationally. The ACCDP specifically addresses the need for criminal justice authorities
to develop their cyberskills, knowledge and regional partnerships through tailored activities and
products.
The ACCDP forms part of INTERPOL’s global cybercrime response and supports the implementation
of its global cybercrime strategy. INTERPOL supports national efforts to combat cybercrime and
considers it a global focus area alongside terrorism and organized crime.
Methodology and approach in the development of the Guidebook
The consolidated findings of in-country assessments (National Cyber Reviews) conducted in the first
phase of the ACCDP revealed that there was a clear need in many ASEAN member states (AMS) for
a cybercrime strategy. Thus in phase two of ACCDP this Guidebook was developed.
The development of the Guidebook started with a one-week workshop attended by representatives
from law enforcement, national cyber agencies and external advisors and continued with the input of
various experts from INTERPOL and its member countries.
The information contained in this Guidebook is not tailored to any specific region but instead details
identified good practices which are in use internationally.
Purpose of the Guidebook
The Guidebook is designed to be used by any country looking to develop, review or enhance its
national cybercrime strategy.
The project observed a significant disparity between the anti-cybercrime initiatives, laws and
processes in force in INTERPOL member countries and underlined the importance of more closely
aligning them with international good practices.
This Guidebook was created to provide a methodological approach to the potentially challenging
task of creating or updating a cybercrime strategy.
2. Cybercrime and Cybersecurity
2.1 The challenge of defining cybercrime
There is no universally accepted definition of cybercrime. The most common approach is to define
the key terms used in cybercrime investigations. Examining frequently-used definitions will allow us
to identify key concepts and use those definitions consistently in a country’s cybercrime strategy.
Cybercrime Strategy Guidebook | Page 9 of 37
One example of this approach is the Commonwealth's 2017 Model Law on Computer and Computer
Related Crime (“Commonwealth Model Law”)
1
. This law begins by defining some key terms:
“computer data”, “computer data storage medium”, “service provider”, and “traffic data”. Following
these definitions of key terms, the Commonwealth Model Law then identifies the core offences which
it considers to fall within the scope of cybercrime – (1) illegal access, (2) interfering with data, (3)
interfering with computer systems, (4) illegal interception of data, (5) illegal devices and (6) child
pornography.
This approach is very similar to the Convention on Cybercrime of the Council of Europe (the Budapest
Convention)
2
, which contains initial definitions for “computer system”, “computer data”, “service
provider”, and “traffic data”. The Convention then defines four categories of offences committed by
means of computer systems and information technology. These categories are:
Title 1: Offences against the confidentiality, integrity and availability of computer data and
systems – illegal access, illegal interception, data interference, system interference, and misuse
of devices;
Title 2: Computer-related offences – computer-related forgery, computer-related fraud;
Title 3: Content-related offences – child pornography;
Title 4: Offences related to infringements of copyright and related rights;
Title 5: Ancillary liability and sanctions – attempt and aiding or abetting, corporate liability.
Table 1: Comparison of Key Cybercrime Terms
“Computer data” means any representation of
facts, information or concepts in a form suitable
for processing in a computer system, including a
program suitable to cause a computer system to
perform a function.
“Computer data" means any representation of facts,
information or conc
epts in a form suitable for
processing in a computer system, including a
program suitable to cause a computer system to
perform a function.
storage
medium
“Computer data storage medium” means any
article or material (for example, a disk) from
which information is capable of being
reproduced, with or without the aid of any other
(does not define this term)
system
“Computer system” means a device or a group of
inter-connected or related devices, including the
internet, one or more of which, pursuant to a
program, performs automatic processing of data
or any other function;
"Computer system" means any device or a group of
interconnected or related devices, one or more of
which, pursuant to a program, performs automatic
processing of data.
“Service provider” means: (a) a public or private
entity that provides to users of its services the
ability to communicate by means of a computer
system; and (b) any other entity that processes or
stores computer data on behalf of that entity or
“Service provider" means: (i) any public or private
entity that provides to users of its service the ability
to communicate by means of a computer system,
and (ii) any other entity that processes or stores
computer data on behalf of such communication
service or users of such service.
“Traffic data” means computer data: (a) that
relates to a communication by means of a
computer system; and (b) is generated by a
computer system that is part of the c
hain of
communication; and (c) shows the
communication’s origin, destination, route, time
date, size, duration or the type of underlying
services.
“Traffic data" means any computer data relating to a
communication by means of a computer system,
generated by a computer system that formed a part
in the chain of communication, indicating the
communication’s origin, destination, route, time,
date, size, duration, or type of underlying service.
1
https://thecommonwealth.org/sites/default/files/key_reform_pdfs/P15370_11_ROL_Model_Law_Computer_Related_Crime.pdf
2
https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680081561