Cybercrime is a major threat in today’s world, and this will continue to be the case in the years to come. Large-scale cyberattacks cause significant social and economic damage, affecting European citizens’ fundamental rights, posing threats to the rule of law, security and defence and jeopardising the stability of our democratic societies.
Many studies and statistics show that cybercrime is increasing in intensity, complexity and magnitude; in a number of EU countries reported cybercrime exceeds traditional crime.
In some member states, 50 percent of annual crime happens online. Just last year, there were more than 4000 ransomware attacks per day and 80 percent of European companies experienced at least one cybersecurity incident. In addition, there was a 20 percent increase in attacks on the Commission’s servers in 2016 over 2015. According to these statistics, the key focus of the current cyberattacks continues to be malware.
Nevertheless, recent attacks on industrial control systems and networks were aimed at destroying critical infrastructure and economic structures as well as destabilising societies. This was the case with the ‘WannaCry’ ransomware attack of May 2017, which affected hospitals, train lines and internet networks across Europe. How can we tackle cybercrime at European level, and protect EU citizens better?
As Parliament’s rapporteur on the fight against cybercrime, I have tried to come up with some answers and handle this complicated legal and social issue efficiently.
However, fighting cybercrime is no easy feat; it requires highly specialised skills, continuous training and education, greater coordination, cooperation with third countries and legal certainty.
On this basis, my report included all those elements that give cybercrime particular form, which make it more difficult to control and prevent.
Preventing cybercrime includes strengthening cyber resilience against new threats, raising awareness of online risks for all users and particularly children, the most vulnerable users, as well as regular assessments of the situation in all member states. These important elements have been included in the report.
With regard to the responsibility and liability of service providers, I believe that there should be a stronger commitment on their part, so that illegal content is quickly and efficiently eliminated online.
In addition, enhanced cooperation with law enforcement authorities is a key factor in accelerating and rationalising mutual legal assistance and mutual recognition of judicial decisions between member states.
We should also bear in mind that detecting, investigating and prosecuting cybercrime is more complicated than for traditional crime.
Unfortunately, in most cases the legislation lags behind technology. As a result, criminals are always a step ahead of law enforcement authorities and European legislation. This is why my report urges member states to increase their e orts in the fight against cybercrime in order to respond to cybersecurity breaches.
Moreover, improved police and judicial cooperation will help align the conditions for lawful interception by law enforcement authorities, as a measure of last resort and under special circumstances; a large number of cybercrimes still remain unpunished.
From a legislative perspective, when it comes to cybercrime jurisdiction it is difficult to determine the which law applies in cross-border cases. This creates legal uncertainty and prevents cross-border cooperation, which is necessary to tackle illegal and abusive behaviour on the internet effectively.
Another important element for legal certainty, due to the lack of a harmonised legislative framework, is collecting, using and evaluating eEvidence by judicial authorities across member states. This is why I support full implementation of the directive on effective electronic evidence and acquisition of evidence within the EU.
I also call for a European framework on eEvidence.
I believe that ENISA, Europol, CEPOL and Eurojust should cooperate closely and in the fight against cyber-attacks. They should be strengthened in terms of tasks, staff and resources. As such, I welcome the Commission’s proposal to give ENISA a stronger mandate, permanent status and sufficient resources.
Also, since cybercrime knows no borders, close cooperation with third countries, through the exchange of information and best practices, joint research and the improvement of mutual legal assistance, is essential.
I am convinced that the first important step has been taken. The report sends an urgent political message in the fight against cybercrime.
It is high time that the EU took more effective measures to eradicate the roots of the problem.