Hack biz rivals or hire cyber-warriors and we'll shut you down, warns EU

Behave on the interwebs, or we'll, er, wind you up

Choosing a cloud hosting partner with confidence

Businesses could be wound up if they engage in cyber attacks or fail to prevent staff from engaging in computer hacking or other cyber crimes under new draft laws backed by the European Parliament.

MEPs last week voted to support a new EU Directive on attacks against information systems. The new framework would require member states to "take the necessary measures" to ensure businesses can be held liable for offences such as the illegal accessing of information systems, illegal system or data interference or illegal interception.

Under the Directive, member states would be able to levy a number of sanctions on companies engaged in such cyber attacks.

Member states would also be able to serve punishments on companies where failings in their "supervision or control" has allowed "a person under its authority" to commit any of the listed offences.

Sanctions could include "exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence", according to the Directive.

Sanctions imposed would have to be "effective, proportionate and dissuasive" in order to be justified.

The European Commission said that the new laws, which would update an existing framework in place since 2005, have been particularly designed to combat cyber crime such as "the illegal entering of or tampering with information systems" and "the massive spread of malicious software creating 'botnets' - networks of infected computers that can be remotely controlled to stage large-scale, coordinated attacks".

Individual perpetrators of the crimes could face at least five years in prison in some cases where the crime they have committed "cause serious damage" or "are committed against a critical infrastructure information system".

EU member states will have two years from the date that the new Directive is published in the Official Journal of the EU to implement the new laws.

"This is an important step to boost Europe's defences against cyber-attacks," the EU's Commissioner for Home Affairs, Cecilia Malmström, said in a statement.

"Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet."

"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions.

"Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation," she said.

On Friday the UK's Ministry of Defence announced that it had formed a new Defence Cyber Protection Partnership (DCPP) with a range of security industry organisations.

"By sharing experience of operating under the constant threat of sophisticated cyber attack, the DCPP will identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole," a MoD statement said.

"In particular they will highlight the need for protective measures which should increase the security of the wider defence supply chain and define an approach to implementing cyber security standards across its members and its supply chain partners."

The MoD, intelligence agency GCHQ and the Centre for the Protection of National Infrastructure will work with BAE Systems, BT, Cassidian, CGI, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK under the new partnership.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Security for virtualized datacentres

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.