The European Commission is seeking to strengthen cooperation between law enforcement and private industry worldwide as well as increase penalties for those engaged in cybercrime, a senior official said on Wednesday.
Countries such as Estonia and Lithuania have been victimized by cyberattacks, but officials in those countries have complained they didn’t get support fast enough from other nations, said Radomir Jansky, one of the top cybercrime officials within the Commission’s Directorate-General for Justice, Freedom and Security.
“Large-scale attacks are on the rise, and we need to deal with them,” Jansky said at the Messaging Anti-Abuse Working Group meeting in Amsterdam. The conference is attended by ISPs and industry professionals who discuss issues such as spam, e-mail marketing issues and botnets.
In April and May 2007, Estonian Web sites belonging to banks, schools and government agencies fell under denial-of-service attacks after a World War II memorial to Russian soldiers was moved from a public square. Georgia experienced cyberattacks in August 2008 as Russia invaded Georgia’s South Ossetia and Abkhazia regions.
The Commission is updating the Council Framework Decision on Attacks Against Information Systems, which went into force in 2005, Jansky said. European Union countries are not bound by law to abide by the framework, but it is recommended that they follow it.
The update, which has not been published yet, will likely recommend that countries across Europe increase the sentences for those convicted of cybercrime since there doesn’t appear to be much of a deterrent effect now, Jansky said.
Sentences now range from one to three years, but countries such as Estonia, France, Germany and the U.K. have longer ones, he said.
The updated framework may also recommend that countries respond to a request for help in a cybercrime investigation from other countries faster, such as within eight hours. Now, there is no time limit, Jansky said.
There is also a need for a unified system that enables E.U. countries to report cyberattacks, prosecutions and other criminal reports. The data would help create a more complete picture on the scope of cybercrime, Jansky said. Countries also need to agree on an acceptable format for reporting that data.
“We need to have more data,” Jansky said.
In March, the Commission published a draft of a second framework under revision, the Council Framework Decision on Combating the Sexual Exploitation of Children and Child Pornography.
That framework is seeking to tackle new scenarios of concern regarding Internet-related child abuse. The framework will likely recommend new criminal offenses related to grooming, the viewing of child pornography without downloading images and allowing the use of covert tools during investigations, Jansky said.
The framework will likely be published by the end of the year, as the Council of the European Union is still working out the details, Jansky said.