{"id":12501,"date":"2022-07-30T17:58:54","date_gmt":"2022-07-30T17:58:54","guid":{"rendered":"http:\/\/legalblog.ie\/?p=12501"},"modified":"2022-09-25T07:33:20","modified_gmt":"2022-09-25T07:33:20","slug":"protecting-information-systems","status":"publish","type":"post","link":"https:\/\/legalblog.ie\/protecting-information-systems\/","title":{"rendered":"Protecting Information Systems [EU]"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_63 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Information_Systems_Offences\" title=\"Information Systems Offences\">Information Systems Offences<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#EU_restrictive_measures_against_cyber-attacks\" title=\"EU restrictive measures against cyber-attacks\">EU restrictive measures against cyber-attacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Cybersecurity_of_network_and_information_systems\" title=\"Cybersecurity of network and information systems\">Cybersecurity of network and information systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Improving_national_cybersecurity_capabilities\" title=\"Improving national cybersecurity capabilities\">Improving national cybersecurity capabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Improving_EU-level_cooperation\" title=\"Improving EU-level cooperation\">Improving EU-level cooperation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Context\" title=\"Context\">Context<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#European_Cybercrime_Centre_at_Europol\" title=\"European Cybercrime Centre at Europol\">European Cybercrime Centre at Europol<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Functions\" title=\"Functions\">Functions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/legalblog.ie\/protecting-information-systems\/#Communication\" title=\"Communication\">Communication<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Information_Systems_Offences\"><\/span>Information Systems Offences<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>2013 Directive introduces new rules harmonising criminalisation and penalisation of a number of offences directed against information systems.\u00a0 The rules include outlawing the use of so-called botnets, which are malicious software designed to take remote control of a network of computers.<\/p>\n<p>The types of criminal offence covered by the Directive include attacks against information systems, ranging from denial of service attacks designed to bring down a server to interception of data and botnet attacks.<\/p>\n<p>The Directive requires approximation of criminal law systems between States and the enhancement of cooperation between judicial authorities concerning:<\/p>\n<ul>\n<li>Illegal access to information systems,<\/li>\n<li>illegal system interference,<\/li>\n<li>illegal data interference,<\/li>\n<li>illegal interception.<\/li>\n<\/ul>\n<p>An act must be intentional in order to be criminal.\u00a0 Instigating, aiding, abetting and attempting to commit the above offences is also liable to punishment.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"EU_restrictive_measures_against_cyber-attacks\"><\/span>EU restrictive measures against cyber-attacks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SUMMARY OF:<\/p>\n<p>Decision (CFSP) 2019\/797 \u2014 restrictive measures against cyber-attacks threatening the EU or its Member States<\/p>\n<p>Regulation (EU) 2019\/796 \u2014 restrictive measures against cyber-attacks threatening the EU or its Member States<\/p>\n<p>WHAT ARE THE AIMS OF THE DECISION AND THE REGULATION?<\/p>\n<p>They introduce a framework which allows the EU to impose sanctions to deter and respond to cyber-attacks* constituting an external threat to the EU or to EU countries. These cyber-attacks include those against non-EU countries or international organisations where action is considered necessary to achieve the EU\u2019s common foreign and security policy objectives.<\/p>\n<p>KEY POINTS<\/p>\n<p>Sanctions for listed persons and entities<\/p>\n<p>This framework allows the EU to impose sanctions on persons or entities responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on persons or entities associated with them. Restrictive measures include bans on persons travelling to the EU, and asset freezing.<br \/>\nPersons subject to such sanctions will be listed in Annex I of the decision, as identified by the Council; all funds and economic resources belonging to, owned, held or controlled by any natural or legal person, entity or body listed in Annex I will be frozen.<br \/>\nEU countries are responsible for setting out rules on penalties for infringements.<br \/>\nCyber-attacks<\/p>\n<p>The cyber-attacks falling within the scope of this new sanctions regime are those which have significant impact and which:<\/p>\n<p>originate or are carried out from outside the EU; or<br \/>\nuse infrastructure outside the EU; or<br \/>\nare carried out by persons or entities established or operating outside the EU; or<br \/>\nare carried out with the support of person or entities operating outside the EU.<br \/>\nCyber-attacks which are a threat to EU countries include those affecting information systems relating to:<\/p>\n<p>critical infrastructure essential to the vital functions of society, or citizens\u2019 health, safety, security, and economic or social well-being;<br \/>\nservices necessary for essential social and economic activities, in particular energy, transport, banking; finance, healthcare, drinking water, digital infrastructure;<br \/>\ncritical state functions, in particular defence, the governance and functioning of institutions, public elections, economic and civil infrastructure, internal security, and external relations, including diplomatic missions;<br \/>\nthe storage or processing of classified information; or<br \/>\ngovernment emergency response teams.<\/p>\n<p>FROM WHEN DO THE DECISION AND THE REGULATION APPLY?<\/p>\n<p>They have applied since 18 May 2019.<\/p>\n<p>BACKGROUND<\/p>\n<p>A joint communication issued in June 2018 pointed out that activities by State and non-state actors such as cyber-attacks disrupting the economy and public services, through targeted disinformation campaigns, to hostile military actions continue to pose a serious and acute threat to the EU and to EU countries. It identified areas where action should be intensified to further deepen and strengthen the EU contribution to addressing these threats, and called upon EU countries and the Commission to ensure swift follow-up.<\/p>\n<p>In October 2018, in the wake of the cyber attacks on the Organisation for the Prohibition of Chemical Weapons, the European Council adopted conclusions calling for measures to be drawn up to further strengthen the EU\u2019s deterrence, resilience and response to hybrid, cyber as well as chemical, biological, radiological and nuclear threats. The Council was called upon to devise a sanctions regime specific to cyber-attacks.<\/p>\n<p>See also:<\/p>\n<p>Resilience, Deterrence and Defence: Building strong cybersecurity in Europe (European Commission)<br \/>\nReform of cybersecurity in Europe (European Council and Council of the European Union)<br \/>\nCyber-attacks: Council is now able to impose sanctions \u2014 Press release (European Council and Council of the European Union).<br \/>\nKEY TERMS<\/p>\n<p>Cyber-attacks: unauthorised actions involving access to and interference with information systems, data interference or data interception.<br \/>\nMAIN DOCUMENTS<\/p>\n<p>Council Decision (CFSP) 2019\/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (OJ L 129I, 17.5.2019, pp. 13-19)<\/p>\n<p>Council Regulation (EU) 2019\/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (OJ L 129I, 17.5.2019, pp. 1-12)<\/p>\n<p>RELATED DOCUMENTS<\/p>\n<p>Joint communication to the European Parliament, the European Council and the Council \u2014 Increasing resilience and bolstering capabilities to address hybrid threats (JOIN(2018) 16 final, 13.6.2018)<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cybersecurity_of_network_and_information_systems\"><\/span>Cybersecurity of network and information systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SUMMARY OF:<\/p>\n<p>Directive (EU) 2016\/1148 \u2014<\/p>\n<p>WHAT IS THE AIM OF THE DIRECTIVE?<\/p>\n<p>It proposes a wide-ranging set of measures to boost the level of security of network and information systems (cybersecurity*) to secure services vital to the EU economy and society. It aims to ensure that EU countries are well-prepared and are ready to handle and respond to cyberattacks through:<\/p>\n<p>the designation of competent authorities,<br \/>\nthe set-up of computer-security incident response teams (CSIRTs), and<br \/>\nthe adoption of national cybersecurity strategies.<br \/>\nIt also establishes EU-level cooperation both at strategic and technical level.<\/p>\n<p>Lastly, it introduces the obligation on essential-services providers and digital service providers to take the appropriate security measures and to notify the relevant national authorities about serious incidents.<\/p>\n<p>KEY POINTS<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Improving_national_cybersecurity_capabilities\"><\/span>Improving national cybersecurity capabilities<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>EU countries must:<\/p>\n<p>designate one or more national competent authorities and CSIRTs and identify a single point of contact (in case there is more than one competent authority);<br \/>\nidentify providers of essential services in critical sectors such as energy, transport, finance, banking, health, water and digital infrastructure where a cyberattack could disrupt an essential service.<br \/>\nEU countries must also put in place a national cybersecurity strategy for network and information systems*, covering the following issues:<\/p>\n<p>being prepared and ready to handle and respond to cyberattacks;<br \/>\nroles, responsibilities and cooperation of government and other parties;<br \/>\neducation, awareness-raising and training programmes;<br \/>\nresearch and development planning;<br \/>\nplanning to identify risks.<\/p>\n<p>The national competent authorities monitor the application of the directive by:<\/p>\n<p>assessing the cybersecurity and security policies of providers of essential services;<br \/>\nsupervising digital service providers;<br \/>\nparticipating in the work of the cooperation group (comprising network and information security (NIS) competent authorities from each of the EU countries, the European Commission and the European Union Agency for Network and Information Security (ENISA));<br \/>\ninforming the public where necessary to prevent an incident or to deal with an ongoing incident, while respecting confidentiality;<br \/>\nissuing binding instructions to remedy cybersecurity deficiencies.<\/p>\n<p>The CSIRTs are responsible for:<\/p>\n<p>monitoring and responding to cybersecurity incidents;<br \/>\nproviding risk analysis and incident analysis and situational awareness;<br \/>\nparticipating in the CSIRTs network;<br \/>\ncooperating with the private sector;<br \/>\npromoting the use of standardised practices for incident and risk-handling and information classification.<br \/>\nSecurity and notification requirements<\/p>\n<p>The directive aims to promote a culture of risk management. Businesses operating in key sectors must evaluate the risks they run and adopt measures to ensure cybersecurity. These companies must notify the competent authorities or CSIRTs of any relevant incident, such as hacking or theft of data, that seriously compromises cybersecurity and has a significant disruptive effect on the continuity of critical services and the supply of goods.<\/p>\n<p>To determine incidents to be notified by providers of essential services*, EU countries should take into account an incident\u2019s duration and geographical spread, as well as other factors, such as the number of users relying on that service.<\/p>\n<p>Key digital service providers (search engines, cloud computing services and online marketplaces) will also have to comply with the security and notification requirements.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Improving_EU-level_cooperation\"><\/span>Improving EU-level cooperation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The directive sets up the cooperation group whose tasks include:<\/p>\n<p>providing guidance to the CSIRTs network;<br \/>\nexchange best practice on the identification of providers of essential services;<br \/>\nassisting EU countries in building cybersecurity capabilities;<br \/>\nsharing information and best practice on awareness-raising and training, research and development;<br \/>\nsharing information and collecting best practice on risks and incidents;<br \/>\ndiscussing modalities of incident notification.<\/p>\n<p>It also sets up the CSIRT network comprising representatives of EU countries\u2019 CSIRTS and the Computer Emergency Response Team (CERT-EU). Its tasks include:<\/p>\n<p>sharing information on CSIRT services;<br \/>\nsharing information concerning cybersecurity incidents;<br \/>\nsupporting EU countries in the response to cross-border incidents;<br \/>\ndiscussing and identifying a coordinated response to an incident reported by an EU country;<br \/>\ndiscussing, exploring and identifying further forms of operational cooperation, including:<br \/>\ncategories of risks and incidents;<br \/>\nearly warnings;<br \/>\nmutual assistance;<br \/>\nco-ordination between countries responding to risks and incidents which affect more than one EU country;<br \/>\ninforming the cooperation group of its activities and requesting guidance;<br \/>\ndiscussing lessons learnt from cybersecurity exercises;<br \/>\ndiscussing the capabilities of individual CSIRTs at their request;<br \/>\nissuing guidelines on operational cooperation.<br \/>\nPenalties<\/p>\n<p>EU countries must apply effective, proportionate and dissuasive penalties to ensure that the terms of this directive are applied.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Context\"><\/span>Context<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It applies from 8 August 2016. EU countries have to incorporate it into national law by 9 May 2018, and identify providers of essential services by 9 November 2018.<\/p>\n<p>BACKGROUND<\/p>\n<p>Cybersecurity (European Commission)<br \/>\nCybersecurity: The Commission scales up its response to cyber attacks \u2014 press release (European Commission)<br \/>\nDirective on Security of Network and Information Systems \u2014 press release (European Commission)<br \/>\nResilience, Deterrence and Defence: Building strong cybersecurity in Europe \u2014 factsheet (European Commission).<br \/>\nKEY TERMS<\/p>\n<p>Cybersecurity: the ability of network and information systems to resist action that compromises the availability, authenticity, integrity or confidentiality of digital data or the services those systems provide.<br \/>\nNetwork and information system: an electronic communications network, or any device or group of interconnected devices which process digital data, as well as the digital data stored, processed, retrieved or transmitted.<br \/>\nEssential services: private businesses or public entities with an important role for the society and economy, as for example water supply, electricity services, etc.<br \/>\nMAIN DOCUMENT<\/p>\n<p>Directive (EU) 2016\/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, pp. 1-30)<\/p>\n<p>RELATED DOCUMENTS<\/p>\n<p>Commission Implementing Regulation (EU) 2018\/151 of 30 January 2018 laying down rules for application of Directive (EU) 2016\/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact (OJ L 26, 31.1.2018, pp. 48-51)<\/p>\n<p>Commission Implementing Decision (EU) 2017\/179 of 1 February 2017 laying down procedural arrangements necessary for the functioning of the Cooperation Group pursuant to Article 11(5) of the Directive (EU) 2016\/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union (OJ L 28, 2.2.2017, p. 73-77)<\/p>\n<p>Communication from the Commission to the European Parliament and the Council: Making the most of NIS \u2013 towards the effective implementation of Directive (EU) 2016\/1148 concerning measures for a high common level of security of network and information systems across the Union (COM(2017) 476 final 2, 4.10.2017)<\/p>\n<p>Commission Recommendation (EU) 2017\/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises (OJ L 239, 19.9.2017, pp. 36-58)<\/p>\n<p>Joint communication to the European Parliament and the Council \u2014 Resilience, Deterrence and Defence: Building strong cybersecurity for the EU (JOIN(2017) 450 final, 13.9.2017)<\/p>\n<p>Commission staff working document \u2014 Assessment of the EU 2013 cybersecurity strategy (SWD(2017) 295 final, 13.9.2017)<\/p>\n<p>Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC (OJ L 257, 28.8.2014, pp. 73-114)<\/p>\n<p>Council Decision 2013\/488\/EU of 23 September 2013 on the security rules for protecting EU classified information (OJ L 274, 15.10.2013, pp. 1-50).<\/p>\n<p>Successive amendments to Decision 2013\/488\/EU have been incorporated into the original document. This consolidated version is of documentary value only.<\/p>\n<p>Directive 2013\/40\/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005\/222\/JHA (OJ L 218, 14.8.2013, pp. 8-14)<\/p>\n<p>Regulation (EU) No 526\/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460\/2004 (OJ L 165, 18.6.2013, pp. 41-58)<\/p>\n<p>Joint communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions \u2014 Cybersecurity Strategy of the European Union: An open, Safe and Secure Cyberspace (JOIN(2013) 1 final, 7.2.2013)<\/p>\n<h3><span class=\"ez-toc-section\" id=\"European_Cybercrime_Centre_at_Europol\"><\/span>European Cybercrime Centre at Europol<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>European societies are increasingly dependent on electronic networks and information systems. The evolution of information communication technology (ICT) has also seen the development of criminal activity that threatens citizens, businesses, governments and critical infrastructures alike. To help fight it, in 2013 the European Union set up the European Cybercrime Centre (EC3) as part of Europol.<\/p>\n<p>ACT<\/p>\n<p>Communication from the Commission to the Council and the European Parliament: Tackling crime in our digital age: establishing a European Cybercrime Centre (COM(2012) 140 final of 28 March 2012).<\/p>\n<p>SUMMARY<\/p>\n<p>Cybercrime refers to criminal acts that are committed online using computers and communications networks (for example, the Internet). Cybercrime\u2019s borderless nature calls for coordination and cooperation among law enforcement agencies. The European Cybercrime Centre (EC3), part of Europol and based in the Netherlands, plays a crucial role in disrupting the operations of the criminal gangs who commit cybercrime.<\/p>\n<p>Focus<\/p>\n<p>EC3 targets cybercrimes:<\/p>\n<p>\u2014committed by organised crime groups, particularly those generating substantial illicit profits such as online fraud;<br \/>\n\u2014which cause serious harm to their victims, such as online child sexual exploitation; and<br \/>\n\u2014affecting critical infrastructure and information systems in the EU (including denial of service attacks designed to make targeted websites unusable).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Functions\"><\/span>Functions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>1.European cybercrime information focal point: to gather information on cybercrime from a wide range of sources, identify trends and threats and improve intelligence.<\/p>\n<p>2.Pooling expertise to support EU countries in capacity building: mainly focusing on police and judiciary training.<\/p>\n<p>3.Operational support to member countries: encouraging the establishment of cross-border joint investigation teams to tackle specific cybercrime issues and the exchange of operational information in ongoing investigations. They will also provide storage, encryption (encoding messages or data to prevent unauthorised access) expertise and other online tools and facilities.<\/p>\n<p>4.The collective voice of European cybercrime investigators across law enforcement and the judiciary: in discussions with the ICT industry and other private sector companies as well as with the research community, users\u2019 associations and citizens\u2019 groups.<\/p>\n<p>RELATED ACT<\/p>\n<p>European Cybercrime Centre, First year report, February 2014.<\/p>\n<p>Last updated: 18.06.2014<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Communication\"><\/span>Communication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Communication from the Commission to the European Parliament, the Council and the Committee of the Regions: Towards a general policy on the fight against cyber crime (COM(2007) 267 final of 22.5.2007)<\/p>\n<p>SUMMARY<\/p>\n<p>WHAT DOES THE COMMUNICATION DO?<\/p>\n<p>It sought to present a general policy to better coordinate the fight against cybercrime.<\/p>\n<p>KEY POINTS<\/p>\n<p>Objective and actions<\/p>\n<p>This was to strengthen the fight against cybercrime at national, European and international levels by:<\/p>\n<p>1.Improved operational law enforcement cooperation by strengthening and clarifying responsibilities between Europol, Eurojust and other structures.<\/p>\n<p>2.Coordinated and interlinked training programmes for EU countries\u2019 law enforcement and judicial authorities involving Europol, Eurojust, the European Police College and the European Judicial Training Network.<\/p>\n<p>3.Better political cooperation and coordination between EU countries by creating a permanent EU contact point for information exchange and an EU cybercrime training platform.<\/p>\n<p>4.Political and legal cooperation withnon-EU countries via the Council of Europe\u2019s 2001 Convention on cybercrime (and its Additional Protocol), the G8 Lyon-Roma High-Tech Crime Group and Interpol-administered projects.<\/p>\n<p>5.Improved public-private sector dialogue to create mutual confidence and share relevant information.<\/p>\n<p>6.Standardising EU countries\u2019 legislation and definitions in the area of cybercrime.<\/p>\n<p>7.Developing measures\/indicators of the extent of cybercrime.<\/p>\n<p>8.Raising awareness of the dangers and costs of cybercrime.<\/p>\n<p>9.EU research programmes, such as under the Internal Security Fund &#8211; Police.<\/p>\n<p>ACHIEVEMENTS<\/p>\n<p>These include:<\/p>\n<p>a directive on combating the sexual exploitation of children online and child pornography;<br \/>\nthe EU\u2019s Cybersecurity Strategy (2013);<br \/>\nthe establishment of the European Cybercrime Centre (2013);<br \/>\na directive on attacks against information systems (2013).<br \/>\nFor more information see the European Commission&#8217;s web pages on cybercrime.<\/p>\n<p>BACKGROUND<\/p>\n<p>Article 68 of the Treaty of the Functioning of the European Union, which came into force in 2009, formally recognised the European Council&#8217;s pre-eminent role in lawmaking in the area of home affairs. This allows action against cybercrime to be complemented by EU laws and more wide-ranging initiatives.<\/p>\n<p>KEY TERM<\/p>\n<p>Cybercrimes: criminal acts committed using electronic communications networks and information systems or against such networks and systems.<\/p>\n<p>It may be broken down into 3 forms:<\/p>\n<p>traditional forms of criminal activity, but using the internet to commit crimes (like fraud or forgery). These range from identity theft to \u2018phishing\u2019 (where online criminals set up a fake banking website to trick customers into giving them their password or data so as to steal their money). The internet has also transformed international trade in drugs, arms and endangered species;<br \/>\npublication of illegal content, such as material inciting terrorism, violence, racism, xenophobia or child sexual abuse;<br \/>\ncrime unique to electronic networks, new and often wide-ranging and large-scale crimes, unknown in the pre-internet age. Here, criminals attack information systems, sometimes threatening critical information infrastructures of the state and thus directly its citizens. These attacks can be via \u2018botnets\u2019 (an acronym of \u2018robot networks\u2019) where criminals distribute \u2018malware\u2019 (malicious software) that, when downloaded, turns a user&#8217;s computer into a \u2018bot\u2019. A network of such infected computers is then used to commit crimes without their users knowing.<br \/>\nRELATED ACTS<\/p>\n<p>Joint communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions &#8211; Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (JOIN (2013) 1 final of 7 February 2013).<\/p>\n<!--themify_builder_content-->\n<div id=\"themify_builder_content-12501\" data-postid=\"12501\" class=\"themify_builder_content themify_builder_content-12501 themify_builder tf_clear\">\n    <\/div>\n<!--\/themify_builder_content-->\n","protected":false},"excerpt":{"rendered":"<p>Information Systems Offences 2013 Directive introduces new rules harmonising criminalisation and penalisation of a number of offences directed against information systems.\u00a0 The rules include outlawing the use of so-called botnets, which are malicious software designed to take remote control of a network of computers. The types of criminal offence covered by the Directive include attacks [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[123],"tags":[],"_links":{"self":[{"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/posts\/12501"}],"collection":[{"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/comments?post=12501"}],"version-history":[{"count":5,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/posts\/12501\/revisions"}],"predecessor-version":[{"id":18641,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/posts\/12501\/revisions\/18641"}],"wp:attachment":[{"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/media?parent=12501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/categories?post=12501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalblog.ie\/wp-json\/wp\/v2\/tags?post=12501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}