Abstract
Cybersecurity has been attracting a lot of attention lately in EU. Cybersecurity is a top priority as a necessary condition for EU’s Digital Single Market. Recent EU and Greek activity in the field resulted in the current legislation on cybersecurity, which was adopted after a long law-making process aiming at the modernization of the institutional framework for combating cybercrime. This process brought forward significant as well as indispensable amendments. Full implementation of the newly voted texts demands various initiatives for the implementation of an institutional framework that will include inter alia the development of official structures and methods of response to events that threaten the security of information systems by criminal acts. This chapter analyses these, the new EU cybersecurity legislative framework with reference to its Greek implementation, and describes the major key players in combating cybercrime and traces the remaining challenges.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”) COM (2017) 477 final.
- 2.
Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An open, safe and secure cyberspace, JOIN (2013) 1 final.
- 3.
European Commission (2019).
- 4.
See McAfee (2016).
- 5.
Encyclopedia Britannica (2018).
- 6.
US v. Jeanson James Ancheta, United States District Court for the Central District of California, Feb 2005 Grand Jury, Case No 05-1060.
- 7.
See ENISA (2019).
- 8.
Tikk et al. (2010).
- 9.
Technopedia (2019).
- 10.
Trend Micro (2019).
- 11.
Accenture (2019).
- 12.
See ENISA (2016a), p. 4.
- 13.
Ibid.
- 14.
Ibid.
- 15.
Ibid.
- 16.
Ibid.
- 17.
Supra n. 5.
- 18.
Ibid.
- 19.
Ibid.
- 20.
See Facebook Notes (2014).
- 21.
United Nations General Assembly (1990) A/RES/45/121.
- 22.
United Nations General Assembly (2002) A/RES/56/121.
- 23.
See Politis et al. (2009).
- 24.
Article 35.
- 25.
Council Framework Decision 2001/413/JHA: of 28 May 2001 combating fraud and counterfeiting of non-cash means of payment, OJ L 149/1.
- 26.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201/37.
- 27.
Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems, OJ L 69/67.
- 28.
Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on the assessment of the effects of certain public and private projects on the environment Text with EEA relevance, OJ L 26/1.
- 29.
Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, OJ L 218/8.
- 30.
EU cybersecurity strategy: An open, safe and secure cyberspace, P7_TA (2013) 0376.
- 31.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Digital Single Market Strategy For Europe, COM (2015) 192 final.
- 32.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry, COM (2016) 410 final.
- 33.
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194/1.
- 34.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on the Mid-Term Review on the implementation of the Digital Single Market Strategy, COM (2017) 228 final.
- 35.
Report from the Commission to the European Parliament and the Council on the evaluation of the European Union Agency for Network and Information Security (ENISA), COM (2017) 478 final.
- 36.
Proposal for a Directive of the European Parliament and of the Council on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA, COM (2017) 489 final.
- 37.
Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”), COM (2017) 477 final.
- 38.
Communication from the Commission to the European Parliament, the European Council and the Council, Seventeenth Progress Report towards an effective and genuine Security Union, COM (2018) 845.
- 39.
European Parliament legislative resolution of 12 March 2019 on the proposal for a regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”) (COM(2017)0477 – C8-0310/2017 – 2017/0225(COD)) P8_TA(2019)0151.
- 40.
ENISA (2013).
- 41.
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194/1.
- 42.
European Cybercrime Centre - EC3 (2019).
- 43.
European Commission (2014).
- 44.
Official Gazette of the Greek Government No. 142/a/03-08-2016.
- 45.
Ethical hacking or penetration testing refers to the exploitation of an IT system with the permission of its owner to determine its vulnerabilities and weaknesses. It is an essential process of testing and validating an organization’s information security measures and maturity. The results of ethical hacking are typically used to recommend preventive and corrective countermeasures that mitigate the risk of a cyber-attack. An ethical hacker is an individual who is trusted to attempt to penetrate an organization’s networks and/or computer systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner. See at https://www.itgovernance.co.uk/ec-council.
- 46.
Article 5, paragraph 11 of L.2225/1994.
- 47.
“24/7 Network”.
- 48.
In the upcoming international developments, it is worth mentioning Russia’s proposal for a new Convention on Cybercrime, considering that the Budapest Convention has been in operation for 18 years, as well as the proposal of the Norwegian Judge Stein Schjolber for a new Convention on Cybercrime under the UN and the establishment of an International Tribunal for Cyberspace (Court or International Tribunal for Cyberspace—ICTC) see Schjolberg (2012).
- 49.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119/89.
- 50.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281/31.
- 51.
Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJ L 119/132.
- 52.
Grzadkowska (2018).
- 53.
Proofpoint (2016).
- 54.
ENISA (2016b).
References
2001/413/JHA: Council Framework Decision of 28 May 2001 combating fraud and counterfeiting of non-cash means of payment, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32001F0413
Accenture & Ponemon Institute (2019) “The Cost of Cybercrime”. https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf
Encyclopedia Britannica (2018) Denial of service attack. https://www.britannica.com/technology/denial-of-service-attack
ENISA (2013) Mission and Objectives. https://www.enisa.europa.eu/about-enisa/mission-and-objectives
ENISA (2016a) The cost of incidents affecting CIIs. https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis
ENISA (2016b) Annual Incident Reports 2015. https://www.enisa.europa.eu/publications/annual-incident-reports-2015
ENISA (2019) Botnets. https://www.enisa.europa.eu/events/botnets
European Commission (2014) Migration and Home Affairs, We Protect Global Alliance to End Child Sexual Exploitation Online. http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/organized-crime-and-human-trafficking/global-alliance-against-child-abuse/index_en.htm
European Commission (2019) Shaping the Digital Single Market. https://ec.europa.eu/digital-single-market/en/policies/shaping-digital-single-market
European Cybercrime Centre - EC3 (2019). https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
Facebook Notes (2014) Taking Down the Lecpetex Botnet. The Telegraph. https://www.telegraph.co.uk/technology/internet-security/10959158/Arrests-as-Facebook-spam-botnet-is-shut-down.html
Grzadkowska A (2018) How cybercrime and coverage evolved in 2018. Insurance Business America. https://www.insurancebusinessmag.com/us/news/cyber/how-cybercrime-and-coverage-evolved-in-2018-118721.aspx
Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An open, safe and secure cyberspace, Join (2013). https://eur-lex.europa.eu/procedure/EN/202369
McAfee (2016) Economic Impact of Cybercrime Report. http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
Politis D et al (eds) (2009) Socioeconomic and Legal Implications of Electronic Intrusion, Information Science Reference, 2009, Athens, Greece, ISBN 978160566205
Proofpoint (2016) “The Human Factor”. https://www.proofpoint.com/sites/default/files/human-factor-report-2016.pdf
Schjolberg S (2012) A paper for the EastWest Institute (EWI) Cybercrime Legal Working Group. http://www.cybercrimelaw.net/documents/ICTC.pdf. 19 Apr 2019
Technopedia (2019) Data Theft. https://www.techopedia.com/definition/26274/data-theft
Tikk E et al (2010) International cyber incidents: legal considerations. CCDCOE Publications. https://ccdcoe.org/uploads/2018/10/legalconsiderations_0.pdf
Trend Micro (2019) What is Ransomware?. https://www.trendmicro.com/vinfo/us/security/definition/Ransomware
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Vagena, E., Ntellis, P. (2020). Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation in the Greek Legal System. In: Synodinou, TE., Jougleux, P., Markou, C., Prastitou, T. (eds) EU Internet Law in the Digital Era. Springer, Cham. https://doi.org/10.1007/978-3-030-25579-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-25579-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25578-7
Online ISBN: 978-3-030-25579-4
eBook Packages: Law and CriminologyLaw and Criminology (R0)