New legal provisions to fight off electronic attacks on EU and member states
The European Union’s Council of Ministers has adopted new rules on the defence against cyber-crime, including large-scale attacks on information systems.
A new directive on attacks against information systems was approved by the Foreign Affairs Council yesterday (23 July), following its endorsement by the European Parliament in plenary on 4 July.
The directive defines what constitutes a criminal offence in the area of cyber-security and sets certain penalties, for example setting maximum prison terms at five years or more for attacks against critical infrastructure information systems or for attacks that cause serious damage.
The new rules also outlaw the use of certain types of malicious code such as botnets or illegally obtained passwords in committing a crime.
The draft directive obliges member states’ contact points to respond within eight hours to urgent requests from cyber-crime officials in another member state.
The member states now have two years to implement the new provisions. Cecilia Malmström, the European commissioner for home affairs, said that the new directive “will significantly boost Europe’s defences against cyber-attacks and contribute to strengthening the EU citizens’ confidence online.”