Legislation to tackle cyber attacks on IT systems published

Legislation aimed at tackling cyber attacks on computer information systems has been published by Minister for Justice Frances Fitzgerald.

The Criminal Justice (Offences relating to Information Systems) Bill 2016 will create new offences relating to the unauthorised accessing of information systems, including the planting of malicious software and the use of “botnets” and illegally obtained passwords.

Botnets are networks of computers infected with malicious software and controlled without the owners’ knowledge to perform functions such as sending spam emails.

The legislation aims, in particular, to address access to information systems, such as that held in government databases, as part of organised crime and terrorist activities.

Seize computers

It also stipulates that gardaí investigating such offences can obtain a warrant from a District Court judge to search and seize computers and other equipment.

The proposed new law, based on an EU directive, was supposed to have been in place by September 2015.

The Minister has said the offences being created in the Bill will focus on unauthorised accessing of information systems, interference with information systems or with data on such systems, interception or transmission of data to or from information systems, and the use of tools to facilitate the offences.

They will carry sentences of up to 10 years’ imprisonment on conviction before a jury. The EU directive, 2013/40/EU, stipulated sentences of between two years and five years at least should be imposed by member states.

The directive aimed to harmonise criminal law across the EU in the area of attacks against information systems, and to enhance co-operation between authorities.

Growing problem

The Minister said the directive recognises that attacks against information systems are a growing problem in the EU and globally.

She said the legislation aims to define criminal offences in the area of attacks against information systems and to establish effective, proportionate and dissuasive penalties for such offences.

“It is of paramount importance that we seek to safeguard modern information and communication systems and to maintain users’ confidence in the safety and reliability of such systems,” she said.

“ This is arguably even more important and appropriate in Ireland, which has become somewhat of a global cyber hub given the number of high tech IT and internet-based companies that have major operations here.”