The UK government is set to introduce stricter penalties for computer-related crimes, including life sentences for any deadly hacking incidents.
The Queen’s Speech on Wednesday outlined several pieces of proposed legislation for the forthcoming parliament, including a Serious Crime Bill which will introduce amendments to the Computer Misuse Act 1990.
These will “ensure sentences for attacks on computer systems fully reflect the damage they cause”, the government said.
Specifically, any online attack which causes "significant risk of severe economic or environmental damage or social disruption” will carry a maximum sentence of 14 years, up from 10, according to The Independent.
In addition, a possible life sentence awaits for those who launch a cyber attack resulting in “loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof”.
Lancope CTO, TK Keanini, argued that although the amendment is necessary, it could raise some difficult issues.
“Care must be taken when the outcome is to fully reflect something purely in the information space. Certainly if there are financial loses the sentences can reflect that but there are many scenarios of computer misuse that are damaging but may not be directly tied to financial loses,” he said.
“The other very complicated issue is the person doing the theft of the data is not always the one monetizing that data in some criminal manner. The supply chain of the attackers has gotten very specialized and modularized as each of them sell capabilities on anonymous marketplaces via crypto currency.”
FireEye EMEA CTO, Greg Day, branded the proposed changes “a big step forward”.
“However getting the sentencing right is hard, as most companies are unable to qualify the extent of the attack or the commercial damage it has on their business, meaning that it will continue to be hard to implement and get the sentencing right,” he added.
“In other countries sentencing on cyber attacks appear to be lighter than other more physical crimes too but the crime must match the punishment.”