EU governments agreed on a general policy for dealing with...

of cyberassaults; and improve cooperation among national authorities in this area, the Justice and Home Affairs Council said. The new rules retain most of the current provisions penalizing illegal access to computers, system interference and data interference as well as aiding and abetting those crimes, it said. But the proposal also: (1) Makes it illegal to produce and make available tools such as malicious software designed to create botnets for committing the offenses. (2) Criminalizes illegal interception of computer data. (3) Strengthens existing 24/7 contact points among governments. (4) Requires the collection of basic statistical data on cybercrimes. The EC also proposed hiking penalties to a maximum jail time of two years, unless an attack is against a significant number of IT systems, in which case the maximum is three years, the council said. If the attack is the work of organized crime or caused serious damage, it said, the maximum will be five years. The new forms of aggravating circumstances are intended to address the emerging threats posed by large-scale cyberattacks, it said. Also Friday, the EC said Europe took an “important step” toward countering the threat of cybercrime against EU institutions by setting up a computer emergency response pre-configuration team made up of IT experts from those bodies. After a year’s preparatory work, the EU will decide what conditions are needed to establish a full-scale CERT, the EC said.