In-depth

Eurocrats versus the cyber criminals

Inside the enterprise: The European Commission is setting up a cyber-crime centre and proposing minimum jail terms for hackers. Are the authorities now getting serious?

ENISA

It has not been a good news day for hackers and cyber criminals, at least not in Europe.

Not only is the European Commission set to open a new CyberCrime Centre in The Hague next year, but, as The Independent reports, a proposed EU Directive could set a minimum jail term of two years for hackers.

Advertisement - Article continues below

More serious offences, such as stealing someone's online identity to use for hacking, would attract three years in jail, and companies that use hackers to attack rivals could be shut down.

The European Parliament's rapporteur, Monika Hohlmeier, describes the type of incident authorities aim to combat as "serious criminal attacks, some of which are even conducted by criminal organisations."

This is true. And it is also true that law enforcement agencies, as well as companies seeking civil damages against cyber criminals, have found their efforts hampered by legal inconsistencies. Nor have the courts always taken cyber crime as seriously as many IT professionals believe they should: cyber crime is not victimless, after all.

But there will be questions about the effectiveness of setting up another cyber crime agency, and indeed whether any one legal jurisdiction can tackle the problem alone.

The EU already has a cyber security body, in the form of Crete-based ENISA, which aims to support businesses and governments from cyber attack at the systems and network level. ENISA works with the EU's national CERTs, or computer emergency response teams. Then there are the national police computer crime units.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It is not yet clear how the new body, which is based within Europol, will fit in with these organisations. And already, the EU press release announcing the new agency suggests some overlap with ENISA's work, especially when it comes to warning governments of cyber threats.

More serious still, though, is whether any European organisation can be effective, on its own, in tackling a global problem.

It is very easy for cyber criminals to base themselves outside the EU; there are plenty of locations around the world where laws on computer crime are either weak, weakly enforced, or both. It is also quite easy for cyber crime gangs to mask their true physical location, not least by turning innocent user's machines into "bots."

More resources to fight cyber crime are welcome. The EU can set an example and, according to Ron Gula, CEO at Tenable Network Security, act as a co-ordinator for incidents such as cyber terrorist attacks. But the real challenge facing politicians is lies in improving laws, investigative capabilities and law enforcement internationally.

Advertisement - Article continues below

"The challenge of pursuing criminals across borders of course remains and nothing in the proposed new Directive is going to change that," warns Martha Bennett, of analyst firm Freeform Dynamics.

"No law will ever be able to protect EU citizens [fully] from attack, again because there is nothing that can be done about nasty stuff coming across the internet.

"But making certain actions a criminal offence is a good idea. At the moment, many so-called cybercrimes' can't be prosecuted at all because there's no punishable offence until an actual crime (under existing legislation) has been committed, such as money being stolen from a bank account."

But if the EU's defences can be bolstered, then perhaps cyber criminals might find other, more productive ways to employ their talents or at least, go elsewhere.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

27 Feb 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020