Hack biz rivals or hire cyber-warriors and we'll shut you down, warns EU

Behave on the interwebs, or we'll, er, wind you up

Top three mobile application threats

Businesses could be wound up if they engage in cyber attacks or fail to prevent staff from engaging in computer hacking or other cyber crimes under new draft laws backed by the European Parliament.

MEPs last week voted to support a new EU Directive on attacks against information systems. The new framework would require member states to "take the necessary measures" to ensure businesses can be held liable for offences such as the illegal accessing of information systems, illegal system or data interference or illegal interception.

Under the Directive, member states would be able to levy a number of sanctions on companies engaged in such cyber attacks.

Member states would also be able to serve punishments on companies where failings in their "supervision or control" has allowed "a person under its authority" to commit any of the listed offences.

Sanctions could include "exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence", according to the Directive.

Sanctions imposed would have to be "effective, proportionate and dissuasive" in order to be justified.

The European Commission said that the new laws, which would update an existing framework in place since 2005, have been particularly designed to combat cyber crime such as "the illegal entering of or tampering with information systems" and "the massive spread of malicious software creating 'botnets' - networks of infected computers that can be remotely controlled to stage large-scale, coordinated attacks".

Individual perpetrators of the crimes could face at least five years in prison in some cases where the crime they have committed "cause serious damage" or "are committed against a critical infrastructure information system".

EU member states will have two years from the date that the new Directive is published in the Official Journal of the EU to implement the new laws.

"This is an important step to boost Europe's defences against cyber-attacks," the EU's Commissioner for Home Affairs, Cecilia Malmström, said in a statement.

"Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet."

"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions.

"Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation," she said.

On Friday the UK's Ministry of Defence announced that it had formed a new Defence Cyber Protection Partnership (DCPP) with a range of security industry organisations.

"By sharing experience of operating under the constant threat of sophisticated cyber attack, the DCPP will identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole," a MoD statement said.

"In particular they will highlight the need for protective measures which should increase the security of the wider defence supply chain and define an approach to implementing cyber security standards across its members and its supply chain partners."

The MoD, intelligence agency GCHQ and the Centre for the Protection of National Infrastructure will work with BAE Systems, BT, Cassidian, CGI, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK under the new partnership.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.