New EU Rules Against Cyber-crime
Today the European Parliament has adopted new EU legislation to fight cyber-crime, such as large-scale cyber-attacks. The lawmakers agreed to toughen criminal penalties across the European Union for cyber attacks.
The Directive on attacks against information systems builds on rules that have been in force since 2005. It introduces new offences, such as the use of tools to commit large-scale attacks, new aggravating circumstances and higher criminal sanctions that are necessary to fight more effectively large scale attacks against information systems.
The Directive mandates national maximum sentences of at least two years in prison for attempting to illegally access information systems. The maximum penalty for attacks against infrastructure such as power plants, transport, or government networks will be set at five years or more.
The use of tools (uch as malicious software - e.g. 'botnets' - or unrightfully obtained computer passwords is also penmalized. The term botnet indicates a network of computers that have been infected by malicious software. Such network of compromised computers may be activated to perform specific actions such as attacks against information systems. These 'zombies' can be controlled - often without the knowledge of the users of the compromised computers - by another computer. The people who control this centre are among the offenders, as they use the compromised computers to launch attacks against information systems. It is very difficult to trace the perpetrators, as the computers that make up the botnet and carry out the attack, might be located elsewhere than the offender himself.
Moreover, the Directive improves cross-border cooperation between the judiciary and the police of the European Member States, introducing the obligation to make better use of the existing 24/7 network of contact points by treating urgent requests within 8 hours.
Finally, the Directive provides for the obligation to collect statistical data on cyber-attacks and for Member States to have reporting channels in place for reporting of the offences to competent authorities.
The Directive mandates national maximum sentences of at least two years in prison for attempting to illegally access information systems. The maximum penalty for attacks against infrastructure such as power plants, transport, or government networks will be set at five years or more.
The use of tools (uch as malicious software - e.g. 'botnets' - or unrightfully obtained computer passwords is also penmalized. The term botnet indicates a network of computers that have been infected by malicious software. Such network of compromised computers may be activated to perform specific actions such as attacks against information systems. These 'zombies' can be controlled - often without the knowledge of the users of the compromised computers - by another computer. The people who control this centre are among the offenders, as they use the compromised computers to launch attacks against information systems. It is very difficult to trace the perpetrators, as the computers that make up the botnet and carry out the attack, might be located elsewhere than the offender himself.
Moreover, the Directive improves cross-border cooperation between the judiciary and the police of the European Member States, introducing the obligation to make better use of the existing 24/7 network of contact points by treating urgent requests within 8 hours.
Finally, the Directive provides for the obligation to collect statistical data on cyber-attacks and for Member States to have reporting channels in place for reporting of the offences to competent authorities.
