EU Parliament gets serious about hackers

The EU Parliament, with 541 to 91 votes and 9 abstentions,adopted the EU Commission's draft directive on attacks against information systems. A two year sentence is recommended for the illegal accessing of network devices such as servers, the unlawful interfering with systems, and the unauthorized interception of non-public data communications. The sentence can be lengthened to five years in serious cases. Not only that, but it has also made illegal to produce and sell tools that can be used to commit such crimes. The draft directive has yet to be ratified by the Council of Europe. After that, member states will have two years to incorporate it into their national legislation.

When botnets are used, a prison sentence of at least three years will be imposed. A five year sentence can be imposed when attacks are made against "critical infrastructure" such as power plants, transport networks and government networks.

National contact points must be established by EU member states that can respond within eight hours of urgent assistance requests related to cyber-attacks. The directive also stipulates that companies can be held liable for offenses that are committed for their benefit, for example when they hire a hacker to get access to a competitor's database. Liable companies can lose their entitlements to public benefits in such cases.