Hack biz rivals or hire cyber-warriors and we'll shut you down, warns EU

Behave on the interwebs, or we'll, er, wind you up

Website security in corporate America

Businesses could be wound up if they engage in cyber attacks or fail to prevent staff from engaging in computer hacking or other cyber crimes under new draft laws backed by the European Parliament.

MEPs last week voted to support a new EU Directive on attacks against information systems. The new framework would require member states to "take the necessary measures" to ensure businesses can be held liable for offences such as the illegal accessing of information systems, illegal system or data interference or illegal interception.

Under the Directive, member states would be able to levy a number of sanctions on companies engaged in such cyber attacks.

Member states would also be able to serve punishments on companies where failings in their "supervision or control" has allowed "a person under its authority" to commit any of the listed offences.

Sanctions could include "exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence", according to the Directive.

Sanctions imposed would have to be "effective, proportionate and dissuasive" in order to be justified.

The European Commission said that the new laws, which would update an existing framework in place since 2005, have been particularly designed to combat cyber crime such as "the illegal entering of or tampering with information systems" and "the massive spread of malicious software creating 'botnets' - networks of infected computers that can be remotely controlled to stage large-scale, coordinated attacks".

Individual perpetrators of the crimes could face at least five years in prison in some cases where the crime they have committed "cause serious damage" or "are committed against a critical infrastructure information system".

EU member states will have two years from the date that the new Directive is published in the Official Journal of the EU to implement the new laws.

"This is an important step to boost Europe's defences against cyber-attacks," the EU's Commissioner for Home Affairs, Cecilia Malmström, said in a statement.

"Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet."

"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions.

"Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation," she said.

On Friday the UK's Ministry of Defence announced that it had formed a new Defence Cyber Protection Partnership (DCPP) with a range of security industry organisations.

"By sharing experience of operating under the constant threat of sophisticated cyber attack, the DCPP will identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole," a MoD statement said.

"In particular they will highlight the need for protective measures which should increase the security of the wider defence supply chain and define an approach to implementing cyber security standards across its members and its supply chain partners."

The MoD, intelligence agency GCHQ and the Centre for the Protection of National Infrastructure will work with BAE Systems, BT, Cassidian, CGI, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK under the new partnership.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.