A draft directive outlining tougher penalties for cyber-criminals was declared on 4 July and introduced new offences as well as building on current Europe-wide provisions that have been in place since 2005.
The directive raises the minimum penalties to be imposed on cyber-criminals. Under the framework, those guilty of botnet attacks and infiltrating home PCs should serve at least three years in jail. The penalisation of tools such as botnets is one of the new elements contained in the directive.
Cyber-criminals guilty of causing serious damage are to serve at least five years, with the same minimum imprisonment in place for those targeting critical infrastructure such as power plants, transportation or government servers.
The directive also outlines an improvement of cross-Europe criminal justice and police co-operation to aid investigations, together with the introduction of ‘illegal interception’ of information systems as a criminal offence.
Cecilia Malmstrom, European Commissioner for Home Affairs, said the directive is an “important step” to help Europe defend itself against cyber-attacks.
She added: “Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users’ confidence in the safety and reliability of the Internet.
“The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions. Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation.”