In-depth

Eurocrats versus the cyber criminals

Inside the enterprise: The European Commission is setting up a cyber-crime centre and proposing minimum jail terms for hackers. Are the authorities now getting serious?

ENISA

It has not been a good news day for hackers and cyber criminals, at least not in Europe.

Not only is the European Commission set to open a new CyberCrime Centre in The Hague next year, but, as The Independent reports, a proposed EU Directive could set a minimum jail term of two years for hackers.

Advertisement - Article continues below

More serious offences, such as stealing someone's online identity to use for hacking, would attract three years in jail, and companies that use hackers to attack rivals could be shut down.

The European Parliament's rapporteur, Monika Hohlmeier, describes the type of incident authorities aim to combat as "serious criminal attacks, some of which are even conducted by criminal organisations."

This is true. And it is also true that law enforcement agencies, as well as companies seeking civil damages against cyber criminals, have found their efforts hampered by legal inconsistencies. Nor have the courts always taken cyber crime as seriously as many IT professionals believe they should: cyber crime is not victimless, after all.

But there will be questions about the effectiveness of setting up another cyber crime agency, and indeed whether any one legal jurisdiction can tackle the problem alone.

The EU already has a cyber security body, in the form of Crete-based ENISA, which aims to support businesses and governments from cyber attack at the systems and network level. ENISA works with the EU's national CERTs, or computer emergency response teams. Then there are the national police computer crime units.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It is not yet clear how the new body, which is based within Europol, will fit in with these organisations. And already, the EU press release announcing the new agency suggests some overlap with ENISA's work, especially when it comes to warning governments of cyber threats.

More serious still, though, is whether any European organisation can be effective, on its own, in tackling a global problem.

It is very easy for cyber criminals to base themselves outside the EU; there are plenty of locations around the world where laws on computer crime are either weak, weakly enforced, or both. It is also quite easy for cyber crime gangs to mask their true physical location, not least by turning innocent user's machines into "bots."

More resources to fight cyber crime are welcome. The EU can set an example and, according to Ron Gula, CEO at Tenable Network Security, act as a co-ordinator for incidents such as cyber terrorist attacks. But the real challenge facing politicians is lies in improving laws, investigative capabilities and law enforcement internationally.

Advertisement - Article continues below

"The challenge of pursuing criminals across borders of course remains and nothing in the proposed new Directive is going to change that," warns Martha Bennett, of analyst firm Freeform Dynamics.

"No law will ever be able to protect EU citizens [fully] from attack, again because there is nothing that can be done about nasty stuff coming across the internet.

"But making certain actions a criminal offence is a good idea. At the moment, many so-called cybercrimes' can't be prosecuted at all because there's no punishable offence until an actual crime (under existing legislation) has been committed, such as money being stolen from a bank account."

But if the EU's defences can be bolstered, then perhaps cyber criminals might find other, more productive ways to employ their talents or at least, go elsewhere.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020