Cyberattacks could become a criminal offence across Europe punishable by at least two years in jail under a draft law cleared by a European Parliament committee on Tuesday. Attacks against a website, network or database, and attempts to interfere with or illegally intercept data, would see two years in prison under proposals backed by the European Parliament Civil Liberties Committee. Aggravating circumstances would include the use of tools designed for use in large-scale botnet attacks, and loss of financial data.
The aim is to harmonise European law regarding attacks on computer systems, according to a European Parliament justice and home affairs statement published on Wednesday.
"We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations," said rapporteur Monika Hohlmeier. "The financial damage caused for companies, private users and the public side amounts to several billions each year."
Tools that can be used in cyberattacks would also be criminalised under the proposals, which will now be discussed by the European Parliament and Council.
In the UK, laws including the Computer Misuse Act have criminalised the possession and use of tools that can be used in a cyberattack, leading to potential problems for IT professionals over possession of 'dual-use' tools.