In the speech delivered at the start of the parliamentary session, Queen Elizabeth II revealed the UK government’s plans to hand out tougher sentences for those found guilty of launching cyber attacks.
The British government has proposed the Serious Crime Bill, under which the Computer Misuse Act 1990 will be amended “to ensure sentences for attacks on computer systems fully reflect the damage they cause.”
The Serious Crime Bill “will be brought forward to tackle child neglect, disrupt serious organized crime and strengthen powers to seize the proceeds of crime,” the Queen said in her speech.
In the current version of the Computer Misuse Act, individuals who cause “a significant risk of severe economic or environmental damage or social disruption” face a 10-year prison sentence, but if the legislation is updated, the maximum sentence will become 14 years.
Cyberterrorists ─ those responsible for cyber attacks that result in “loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof” ─ will face life in prison once the Computer Misuse Act is updated.
The proposed changes would also allow those suspected of committing cetrain terrorism-related offences overseas to be prosecuted in the UK.
In addition to the changes made to the Computer Misuse Act, the Serious Crime Bill also targets those who possess “pedophilic manuals.”
Cyber security experts in Britain are not happy about the changes, highlighting the fact that the government also needs to ensure that those involved in security research are not erroneously identified as cybercriminals.
“I have serious concerns regarding the proposed changes to the Computer Misuse Act; I suspect it’s more smoke and mirrors than anything of real substance,” Paul Moore, a UK-based IT security consultant, told SecurityWeek.
“We already have sufficient laws in place to prosecute where there are clear cases of cyber crime, but they’re rarely put to good use. Without a general consensus on what constitutes ‘cyber crime,’ penetration testers/research firms are often unfairly tarred with the same brush,” Moore added.
“Purely from a technical standpoint, it’s true there are many similarities. The difference however is intent; itself notoriously difficult to prove. If security issues are handled according to the principles of responsible disclosure, there should be no need to pursue the matter through the courts.”
In October 2013, the United Kingdom launched the National Crime Agency, which has been responsible for tackling organized crime, economic crime, border policing, child exploitation and cybercrime. The government is also involved in several initiatives aimed at teaching the public about cyber threats, such as CyberStreetWise and GetSafeOnline.
However, these programs have been heavily criticized by security experts over the past period, with many agreeing that the UK is still far from being properly prepared against cyber threats.
“The recent issues surrounding GetSafeOnline, NCA and CyberStreetWise are testament enough to how woefully ill-prepared we are to the threat of cyber crime. If we can’t discuss and raise awareness to, let alone mitigate, the threat of malware without vital pieces of national infrastructure collapsing for 16+hrs, you have to wonder what’s gone wrong,” Moore told SecurityWeek.