Activities of Teresa RIERA MADURELL related to 2010/0273(COD)
Shadow opinions (1)
OPINION on the proposal for a directive of the European Parliament and of the Council on attacks against information systems and repealing Council Framework Decision 2005/222/JHA
Amendments (18)
Amendment 12 #
Proposal for a directive
Recital 1
Recital 1
(1) The objective of this Directive is to approximate rules on criminal law in the Member States in the area of attacks against information systems, and improve cooperation between judicial and other competent authorities, including the police and other specialised law enforcement services of the Member States and the Union; this objective forms part of the Union’s general strategy aimed at combating organised crime, increasing the resilience of computer networks, protecting critical information infrastructure and data protection.
Amendment 16 #
Proposal for a directive
Recital 1
Recital 1
(1) The objective of this Directive is to approximate rules on criminal law in the Member States in the area of attacks against information systems, and improve cooperation between judicial and other competent authorities, including the police and other specialised law enforcement services of the Member States and the Union; this objective forms part of the Union’s general strategy designed to combat organised crime, secure information networks more effectively, protect critical information infrastructures and safeguard data.
Amendment 16 #
Proposal for a directive
Recital 1 a (new)
Recital 1 a (new)
(1a) Information systems are a key element of political, social and economic interaction in Europe. Society is highly and increasingly dependent on such systems. The smooth operation and security of these systems in Europe is vital for the development of the European single market and of a competitive and innovative economy. At the same time as providing great benefits, however, information systems carry a number of risks to our security on account of their complexity and vulnerability to various types of computer crime. The security of information systems is thus a matter of constant concern that requires an effective response from the Member States and the Union.
Amendment 17 #
Proposal for a directive
Recital 1 a (new)
Recital 1 a (new)
(1a) Information systems are vital to political, social and economic interaction in Europe. Society today is highly dependent on such systems and is becoming even more so. However, despite their major benefits, they also embody a number of risks to our security because of their complexity and vulnerability to various types of cybercrime. The security of information systems is therefore a constant concern and requires effective responses from the Member States and the Union.
Amendment 17 #
Proposal for a directive
Recital 2
Recital 2
(2) Attacks against information systems, in particular as a result of the threat from are a growing menace and may come from a variety of actors such as terrorists, organiszed crime, are a growing menace, and tStates or isolated individuals. There is increasing concern about the potential for terrorist or politically motivated attacks against information systems which form part of the critical infrastructure of Member States and the Union. The cross-border nature of certain offences and the relatively low risk and cost for offenders, coupled with the huge benefits that may be gained and damage that may be caused through the attacks, adds greatly to the level of this menace. This constitutes a threat to the achievement of a safer information society and an area of freedom, security and justice, and therefore requires a response not just at the level of the European Union but also by the international community.
Amendment 18 #
Proposal for a directive
Recital 2
Recital 2
Amendment 23 #
Proposal for a directive
Recital 3
Recital 3
(3) There is evidence of a tendency towards increasingly dangerous and recurrent large scale attacks conducted against information systems which are critical to states, to the Union or to particular functions in the public or private sector. This tendency is accompanied by the rapid development of computer technology and, as a result, increasingly sophisticated tools that can be used by criminals to launch cyber-attacks of various types, some of which have a great potential to cause economic and social damage.
Amendment 23 #
Proposal for a directive
Recital 3
Recital 3
(3) There is evidence of a tendency towards increasingly dangerous and recurrent large scale attacks conducted against information systems which are critical to states, the Union or to particular functions in the public or private sector. This tendency is accompanied by the rapid development of information technology and thus of increasingly sophisticated tools that can be used by criminals to launch cyber-attacks of various types, some of which have significant potential to cause economic and social damage.
Amendment 28 #
Proposal for a directive
Recital 6
Recital 6
(6) Member States should provide for penalties in respect of attacks against information systems. The penalties provided for should be effective, proportionate and dissuasive. which should be adopted within broader national strategies to deter and combat such attacks. The penalties provided for should be effective, proportionate and dissuasive. Convergence in the sanctions and penalties applied by Member States is necessary on account of the often cross-border nature of the threats and is aimed at reducing differences between Member States when it comes to dealing with offences committed within the Union.
Amendment 29 #
Proposal for a directive
Recital 6
Recital 6
(6) Member States should provide for penalties in respect of attacks against information systems. The penalties provided for should be effective, proportionate and dissuasive. , as part of a broader set of national strategies designed to deter and combat attacks of this nature. The penalties provided for should be effective, proportionate and dissuasive. Given the cross-border nature of the threats, it is necessary for Member States to bring sanctions and penalties into line thereby reducing differences between them regarding the treatment of infringements in the Union.
Amendment 31 #
Proposal for a directive
Recital 8
Recital 8
(8) The Council Conclusions of 27-28 November 2008 indicated that a new strategy should be developed with the Member States and the Commission, taking into account the content of the 2001 Council of Europe Convention on Cybercrime. The Council and Commission must encourage those Member States that have not yet ratified the Convention to do so as soon as possible. That Convention is the legal framework of reference for combating cybercrime, including attacks against information systems. This Directive builds on that Convention.
Amendment 32 #
Proposal for a directive
Recital 8
Recital 8
(8) The Council Conclusions of 27-28 November 2008 indicated that a new strategy should be developed with the Member States and the Commission, taking into account the content of the 2001 Council of Europe Convention on Cybercrime. The Council and Commission should encourage Member States that have not yet ratified the Convention to do so as soon as possible. That Convention is the legal framework of reference for combating cybercrime, including attacks against information systems. This Directive builds on that Convention.
Amendment 34 #
Proposal for a directive
Recital 11 a (new)
Recital 11 a (new)
(11a) Cooperation on the part of the authorities with the private sector and civil society is of major importance in avoiding and combating cyber attacks. It is necessary to establish ongoing dialogue with them, given their extensive use of computer systems and the need for shared responsibility in ensuring reliable and functional systems. It is important to raise awareness among all computer system stakeholders, so as to create a data security mentality.
Amendment 36 #
Proposal for a directive
Recital 12
Recital 12
(12) There is a need to collect data on offences under this Directive, in order to gain a more complete picture of the problem at Union level and thereby contribute to formulating more effective responses. Member States must step up exchanges of information regarding cyber attacks with the support of the Commission and the European Network and Information Security Agency. The data will moreover help specialised agencies such as Europol and the European Network and Information Security Agency to better assess the extent of cybercrime and the state of network and information security in Europe. Improved knowledge of present and future risks will make it possible to take decisions which are more effective in deterring and combating cyber attacks or reducing the resulting damage.
Amendment 36 #
Proposal for a directive
Recital 11 a (new)
Recital 11 a (new)
(11a) Cooperation by the public authorities with the private sector and civil society is of great importance in preventing and combating attacks against information systems. A permanent dialogue should be established with these partners in view of the extensive use they make of information systems and the sharing of responsibility required for the stable and proper operation of these systems. The raising of awareness among all stakeholders in the use of information systems is important in creating a culture of IT security.
Amendment 37 #
Proposal for a directive
Recital 12
Recital 12
(12) There is a need to collect data on offences under this Directive, in order to gain a more complete picture of the problem at Union level and thereby contribute to formulating more effective responses. Member States need to improve the exchange of information on attacks against information systems, with the support of the Commission and the European Network and Information Security Agency. The data will moreover help specialised agencies such as Europol and the European Network and Information Security Agency to better assess the extent of cybercrime and the state of network and information security in Europe. Better knowledge about present and future risks will help reach more appropriate decisions on deterring, combating or limiting the damage caused by attacks against information systems.
Amendment 39 #
Proposal for a directive
Recital 13
Recital 13
(13) Significant gaps and differences in Member States’ laws in the area of attacks against information systems area may hamper the fight against organised crime and terrorism, and may complicate effective police and judicial cooperation in this area. The transnational and borderless nature of modern information systems means that attacks against such systems have a trans-border dimension, thus underlining the urgent need for further action to approximate criminal legislation in this area at Union level. The Union should also seek greater international cooperation in the field of data network security by collaborating closely with other organisations with the relevant terms of reference, such as the United Nations, NATO, the Council of Europe, or the OSCE and involving other international stakeholders. Besides that, the coordination of prosecution of cases of attacks against information systems should be facilitated by the adoption of Council Framework Decision 2009/948/JHA on prevention and settlement of conflict of jurisdiction in criminal proceedings.
Amendment 40 #
Proposal for a directive
Recital 13
Recital 13
(13) Significant gaps and differences in Member States’ laws in the area of attacks against information systems area may hamper the fight against organised crime and terrorism, and may complicate effective police and judicial cooperation in this area. The transnational and borderless nature of modern information systems means that attacks against such systems have a trans-border dimension, thus underlining the urgent need for further action at Union level to approximate national criminal legislation in this area. Likewise, the Union should pursue greater international cooperation in the field of network and information system security involving all relevant international actors. Besides that, the coordination of prosecution of cases of attacks against information systems should be facilitated by the adoption of Council Framework Decision 2009/948/JHA on prevention and settlement of conflict of jurisdiction in criminal proceedings.