Brussels, 28/03/2012 (Agence Europe) - Cyber attack on IT systems would become a criminal offence punishable by at least two years in prison throughout the EU under a draft law backed by the European Parliament (EP) civil liberties committee on Tuesday 27 March. Possessing or distributing hacking software and tools would also be an offence, and companies would be liable for cyber attacks committed for their benefit, a press release says.
The proposal seeks to establish harmonised penal sanctions against those carrying out cyber attacks on information systems, with penalties of at least five years where there are aggravating circumstances, such as large-scale attacks. Using another person's electronic identity (e.g. by “spoofing” his/her IP address) to commit an attack, and causing prejudice to the rightful identity owner would also be aggravating circumstances, for which MEPs say member states must set a maximum penalty of at least three years.
MEPs propose tougher penalties if the attack is committed by a criminal organisation and/or if it targets critical infrastructure such as the IT systems of power plants or transport networks. No criminal sanctions should apply to “minor” cases, that is, where the damage caused by the offence is insignificant, MEPs say. The draft directive is still at the discussion stage though the rapporteur is aiming for a political agreement between the Parliament and Council on this directive by the summer. (SP/transl.rt)