Electronic communication networks and information systems are now an essential part of the daily lives of EU citizens and are fundamental to the success of the EU economy. Networks and information systems are converging and becoming increasingly interconnected. Despite the many and obvious benefits of this development, it has also brought with it the worrying threat of intentional attacks against information systems.
At the Lisbon European Council of March 2000, the European Council stressed the importance of the transition to a competitive, dynamic and knowledge-based economy. The eEurope Action Plan which came out of this, includes actions to enhance network security and the establishment of a co-ordinated and coherent approach to cybercrime. As part of the Commission's contribution to this mandate on cybercrime, it published the Communication 'Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime' on 26 January 2001.
On 23 April 2002, the Commission adopted a draft Council framework Decision on "attacks against information systems". The proposal addresses new forms of criminal activity against information systems, such as hacking, viruses and denial of service attacks (DoS). Approval is still pending on this proposal which has to be in line with the Council of Europe's Convention on Cybercrime.
On year on, the Commission proposed to set up a European Network Security Agency which will be fully staffed and operational in the course of 2005. ENISA has a budget of € 34.3 million for five years and will mainly collect and analyse data on security incidents in Europe and report to the Commission.
Types of attacks could be:
- Unauthorised access to information systems;
- Disruption of information systems (denial of service attack);
- Execution of malicious software that modifies or destroys data;
- Interception of communications;
- Malicious misrepresentation ('identity theft');
Cybercriminals can launch an attack from anywhere in the world, to anywhere in the world, at any time. This means new, unexpected forms of attacks could occur. This makes the need for effective action to deal with threats to the authenticity, integrity, confidentiality and availability of information systems and networks all the more urgent and at the same time all the more complex.
The ultimate challenge is to find the right policy mix to find the best balance between cybercrime and cybersurveillance, two phenomena capable of hindering the free flow of information.
The Union of Industrial and Employers' Confederations of Europe (UNICE) welcomes initiatives aiming at the creation of a safer information society by improving the security of information infrastructures and combating computer-related crime. UNICE states the Commission's proposal on cybercrimewill help the Member States criminal laws to provide a "common response in an area of criminal activity which, by nature, knows no borders." It adds that "harmonisation of laws should improve police and judicial cooperation: if the same activity is considered an offence in all 15 Member States, criminals will no longer be able to find safe havens in EU Member States."
The International Chamber of Commerce (ICC) states that business "needs effective law enforcement and judicial networks to ensure that cyberspace does not become a criminal's charter."