New EU rules to fight cybercrime

The spread of malicious software creating 'botnets' - networks of infected computers that can be remotely controlled - is adressed by new EU legislation. Photo: Ines Teijeiro/sxc.hu

"This is an important step to boost Europe's defences against cyber-attacks. Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet", Commissioner Malmström  said in a comment.

In recent years, the number of attacks against information systems has risen steadily in Europe. Large-scale and dangerous attacks against the information systems of companies, such as banks, the public sector and even the military, have been observed in EU Member States.

The EU directive will now require EU countries to set their maximum terms of imprisonment at not less than two years for crimes of illegally accessing or interfering with information systems, or intentionally producing and selling tools used to commit these offences. "Minor" cases are excluded. The text also sets up a penalty of at least three years' imprisonment for using "botnets", i.e. establishing remote control over a significant number of computers by infecting them with malicious software.

"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions. Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks", Cecilia Malmström said.

Earlier this year, Cecilia Malmström inaugurated the European Cyber Crime Centre (EC3) at Europol headquarters in the Hague. The aim of the Centre is to strengthen Europe's defences against cybercrime, with a focus on illegal activities by organised crime groups such as large-scale banking fraud and attacks on critical infrastructure.