Brussels, 30/09/2010 (Agence Europe) - The European Union is doing all it can to improve the effectiveness of its efforts against cybercrime. On Thursday 30 September, the European Commission unveiled two new measures that will allow European countries to react rapidly, collectively and effectively to attacks on their computer systems. A proposal for a Directive to deal with new cyber crimes, such as large-scale cyber attacks, is complemented by a proposal for a Regulation to strengthen and modernise the European Network and Information Security Agency (ENISA). “Our EU institutions and governments must work ever closely together, to help us understand the nature and scale of the new cyber-threats. We need ENISA's advice and support to help design efficient response mechanisms to protect our citizens and businesses online,” said Digital Agenda Commissioner Neelie Kroes. Home Affairs Commissioner Cecilia Malmström stated that “it is time for us to step up our efforts against cyber crime, also often used by organised crime. The proposals we are putting forward today are one important step, as we criminalise the creation and selling of malicious software and improve European police cooperation”.
Like developed countries across the globe, the European Union takes full advantage of the potential of network and information systems, making it particularly vulnerable to cyber-disruption, whether caused by accidental or natural events or through malicious actions. Cybercrime is now a major threat and is carried out by organised gangs, often international, moving targets which are difficult to identify, using more and more sophisticated tools which hijack large numbers of computers and manipulate them simultaneously as an army of robots on the internet (“botnets”) without their owners' knowledge. These infected computers can later be used to carry out devastating cyber-attacks against public and private IT systems, as happened in Estonia in 2007. The number of attacks against information systems has risen steadily since the EU first adopted rules on attacks against information systems in February 2005. The new measures presented by the Commission, while not a silver bullet, try to coordinate a response at European level and to improve cooperation between legal and police authorities. They provide for heavier criminal sanctions, necessary to fight more effectively the growing threat and occurrence of large scale attacks against information systems. Strengthening and modernising ENISA will also help the EU, member states and private stakeholders develop their capabilities and preparedness to prevent, detect and respond to cyber-security challenges. To achieve these objectives, ENISA's mandate will be extended to 2017 (its current mandate lapses in March 2012) and it will receive an increase in financial and human resources. Both proposals will be forwarded to the European Parliament and the EU's Council of Ministers for adoption. In November, the Commission will take part in a high-level meeting to discuss cybercrime. At this meeting, it may raise the issue of a code of good conduct which would require signatory states to abide by certain principles so that the security of other states' IT systems is not compromised. (I.L./transl.rt)