In-depth

Eurocrats versus the cyber criminals

Inside the enterprise: The European Commission is setting up a cyber-crime centre and proposing minimum jail terms for hackers. Are the authorities now getting serious?

ENISA

It has not been a good news day for hackers and cyber criminals, at least not in Europe.

Not only is the European Commission set to open a new CyberCrime Centre in The Hague next year, but, as The Independent reports, a proposed EU Directive could set a minimum jail term of two years for hackers.

More serious offences, such as stealing someone's online identity to use for hacking, would attract three years in jail, and companies that use hackers to attack rivals could be shut down.

The European Parliament's rapporteur, Monika Hohlmeier, describes the type of incident authorities aim to combat as "serious criminal attacks, some of which are even conducted by criminal organisations."

Advertisement
Advertisement - Article continues below

This is true. And it is also true that law enforcement agencies, as well as companies seeking civil damages against cyber criminals, have found their efforts hampered by legal inconsistencies. Nor have the courts always taken cyber crime as seriously as many IT professionals believe they should: cyber crime is not victimless, after all.

But there will be questions about the effectiveness of setting up another cyber crime agency, and indeed whether any one legal jurisdiction can tackle the problem alone.

The EU already has a cyber security body, in the form of Crete-based ENISA, which aims to support businesses and governments from cyber attack at the systems and network level. ENISA works with the EU's national CERTs, or computer emergency response teams. Then there are the national police computer crime units.

It is not yet clear how the new body, which is based within Europol, will fit in with these organisations. And already, the EU press release announcing the new agency suggests some overlap with ENISA's work, especially when it comes to warning governments of cyber threats.

More serious still, though, is whether any European organisation can be effective, on its own, in tackling a global problem.

It is very easy for cyber criminals to base themselves outside the EU; there are plenty of locations around the world where laws on computer crime are either weak, weakly enforced, or both. It is also quite easy for cyber crime gangs to mask their true physical location, not least by turning innocent user's machines into "bots."

More resources to fight cyber crime are welcome. The EU can set an example and, according to Ron Gula, CEO at Tenable Network Security, act as a co-ordinator for incidents such as cyber terrorist attacks. But the real challenge facing politicians is lies in improving laws, investigative capabilities and law enforcement internationally.

"The challenge of pursuing criminals across borders of course remains and nothing in the proposed new Directive is going to change that," warns Martha Bennett, of analyst firm Freeform Dynamics.

"No law will ever be able to protect EU citizens [fully] from attack, again because there is nothing that can be done about nasty stuff coming across the internet.

"But making certain actions a criminal offence is a good idea. At the moment, many so-called cybercrimes' can't be prosecuted at all because there's no punishable offence until an actual crime (under existing legislation) has been committed, such as money being stolen from a bank account."

Advertisement
Advertisement - Article continues below

But if the EU's defences can be bolstered, then perhaps cyber criminals might find other, more productive ways to employ their talents or at least, go elsewhere.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/policy-legislation/34789/breaking-up-big-tech-will-cause-more-problems-than-it-solves-says-eu
Policy & legislation

Breaking up big tech 'will cause more problems', says EU

8 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/security/ransomware/354171/microsoft-issues-statement-debunking-teams-ransomware-rumours
ransomware

Microsoft issues statement debunking Teams ransomware rumours

21 Nov 2019
Visit/public-cloud/34850/salesforce-takes-aws-relationship-to-the-next-level
News

Salesforce takes AWS relationship to the next level

19 Nov 2019
Visit/mobile/5g/354161/tests-show-uks-5g-network-is-450-faster-than-4g
5G

Tests show UK's 5G network is 450% faster than 4G

20 Nov 2019