you're reading...
Institutional and Legal Affairs, PUBLICATIONS

Attacks against information systems

To fight cross-border crimes affecting information and communications networks (cybercrime) is a priority for the EU internal security strategy. To counter so-called cyber-attacks in a borderless space, both the Council of Europe and the EU have drawn up common strategies, operational measures and legislation.

Crimes beyond national borders

Security Lock on Hi-Tech Digital Background

© kreizihorse / Fotolia

The internet, while opening up information flows, has also created a range of new possible transnational crimes. Criminals can threaten the security of nation states and/or the civil liberties of their citizens. Organised crime may exploit cyberspace to steal money, to commit fraud or for other illicit activities, such as breaking into computer networks to steal data or business secrets or to destroy documents. Cybercrime can damage infra­structure essential for vital functions of society, for people’s health, safety, security, and economic or social well-being (for instance power plants, transport networks or govern­ment networks).

International protection

The first global instrument to deter action directed against the confidentiality, integrity and availability of computer systems, networks and computer data was the 2001 Budapest Convention promoted by the Council of Europe. This legal instrument aims to facilitate detection, investigation, criminalisation and prosecution of such activities at both domestic and international levels.

The EU approach

The proposed directive

The EU adopted the 2005 Council Framework Decision (FD) on attacks against information systems. Under the legal base of the Lisbon Treaty, the Commission proposed a new Directive, to replace the FD. It would establish minimum rules concerning definitions and sanctions for criminal offences in this field. The Civil Liberties, Justice and Home Affairs Committee (rapporteur Monika Hohlmeier, EPP, Germany), has adopted its report, following agreement on the text in trilogue.

Criminal sanctions

The main crimes defined in the proposed Directive are illegal access to information systems, illegal interference with systems or data, and illegal interception of data trans­missions (articles 3-6). In particular, stricter criminal sanctions would be required for so-called “botnet” attacks, in which a large number of computers are infected in order to control them remotely, performing tasks auto­matic­ally without users’ knowledge. Large-scale cyber-attacks can thus spread rapidly over the internet. Penalties would also be imposed on legal persons, such as companies, in case of infringement for their benefit. The directive also takes a careful approach to prevent possible over-criminalisation.

Operational cooperation and legislation

The proposed Directive would also improve operational cooperation between MS’ national law enforcement services and competent EU agencies (Eurojust, Europol and its European cyber crime centre, as well as the European Network and Information Security Agency). Member States (MS) would have to respond within eight hours to an urgent request related to cyber attacks. EU agencies would conduct threat assessments and strategic analyses of cybercrime on the basis of the information submitted by MS. All these activities should also comply with existing EU legislation on privacy and electronic communication and data protection, which is an essential part of the comprehensive approach to effectively counteracting cybercrime.

Other initiatives

In the context of shaping a new EU cybercrime strategy, the European Commission proposed in February a Directive concerning measures to ensure a high common level of network and information security (NIS) across the Union This Directive would require all MS to set up Computer Emergency Response Teams (CERTs) and to adopt national NIS strategies and cooperation plans. It is being considered by the EP’s Internal Market Committee.


One thought on “Attacks against information systems

  1. Fine way of explaining, and fastidious article to get information about my presentation focus, which i am going to deliver in school.


    Posted by Margarito | October 4, 2014, 02:49

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Download the EPRS App

EPRS App on Google Play
EPRS App on App Store
What Europe Does For You
EU Legislation in Progress
Topical Digests
EPRS Podcasts

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3,499 other followers

Disclaimer and Copyright statement

The content of all documents (and articles) contained in this blog is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non-commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy.

For a comprehensive description of our cookie and data protection policies, please visit Terms and Conditions page.

Copyright © European Union, 2014-2019. All rights reserved.

<span>%d</span> bloggers like this: