A shortage of legislation covering European cyber crime is threatening investigative leads and the ability to effectively prosecute online criminality, Europol has warned.
Officials claim in a new report that the dramatic rise in cyber attacks over the last year has exposed a dearth of legislation dedicated to policing different forms of online crime.
Among the most pressing issues, the authors say, is the emergence of cyber attacks in elections. An entire chapter is devoted to the legislative hurdles impeding subsequent investigations.
But Europol’s officials say the legislative deficit is only one of the legal challenges facing prosecutors: “A key issue in relation to cybercrime issues in particular is the lack of case law, which can be a valuable tool to compensate for a lack of specific legislation.”
“Unfortunately little case law exists with regard to the new technological developments at the heart of cybercrime activity,” they add.
The report sets out the scale of the cyber threat facing Europe. In the last year more than two billion records related to EU citizens were leaked, it claims, while ransomware continues to cause disruption across the continent.
“Ransomware has eclipsed most other cyber-threats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors,” officials state.
Responding to the publication of the report, Dimitris Avramopoulos, EU commissioner for home affairs, said cross-border cyber threats threaten not only citizens and economies, but also democracy itself.
“Cybercrime has become increasingly instrumental in geopolitics and conflicts,” he said. “With a new EU cyber strategy, and a stronger role for European agencies, including ENISA and Europol, we will be better equipped to increase cybersecurity collectively, in Europe and beyond.”
The European Commission (EC) recently pledged to beef up the EU’s cyber security agency, ENISA, with the introduction of new powers in a “Cybersecurity Act”.
The legislation would help ENISA counter threats by becoming a “centre of expertise on cyber security certification”, according to EC president Jean Claude-Juncker.
Under the proposals, the agency would play a key role in managing crises, operating a cybersecurity certification scheme and standardising ICT products and services. But the legislation would not cover the policing of cyber crime.
ENISA’s executive director Dr Udo Helmbrecht said the plan would improve the Digital Single Market and strengthen the European IT industry.
“[It] forms a good basis for the upcoming discussions with the Council and Parliament on the future of the Regulation for ENISA and the building of a stronger cybersecurity framework for Europe,” he said.