The Directive on attacks against information systems : good practice collection for CERTs on the Directive on attacks against information systems

This Good Practice Collection was produced at the initiative of ENISA in the context of its support activities to ensure the efficient functioning of CERTs/CSIRTs and their cooperation with law enforcement agencies (LEAs) in the face of a new development in European cybercrime policy. In 2010, the European Commission published a Proposal for a Directive of the European Parliament and the Council on attacks against information systems. This proposal was intended to further streamline the legal framework in the Member States in relation to the definition and punishment of certain cybercrime incidents, and tackled several challenges which were not adequately dealt with under prior rules, such as notably the creation, use and dissemination of cybercrime tools, the penalisation of illegal interception, the use of botnets, and identity theft. The proposal was adopted by the European Parliament on 22 July 2013 and published in the Official Journal on 14 August 2013 as Directive 2013/40/EU. The Directive, which Member States will need to transpose by 4 September 2015, imposes new obligations, tasks and expectations on certain key stakeholders, including CERTs/CSIRTs, LEAs, security specialists, telecommunications service providers, etc. This report serves two major goals, which both aim at supporting CERTs/CSIRTs: Firstly to provide an analysis of the legal framework created by the Directive, coupled with a stock taking on relevant existing national activities and good practices; Secondly, the identification of key areas and, where appropriate, guidelines and recommendations derived from these good practices In this manner, the Collection endeavours to be a useful support tool for all stakeholders.