The European Union and Cybercrime

The European Union (EU) approach to cybersecurity has five priority areas (Cybersecurity Strategy 2013), and essentially three central strands. The first relates to protecting against and combating cybercrime. The second focuses on Network and Information Security (NIS), Critical Infrastructure Protection (CIP) and Critical Information Infrastructure Protection (CIIP) and the third, less developed strand, on cyber defence. This chapter will focus on the former of these strands (Chapter 6 will focus on the latter two), although with the recognition that overlap does exist between them when analysing the security as resilience that underpins them within the EU institutional milieu. This is particularly important to be aware of in the context of the existing European Principles and Guidelines for Internet resilience and stability (2011) and the construction of a Cybersecurity Strategy for the European Union (EUCSS 2013). The EU institutional set up is still reflective of policy separation with DG Home leading on criminal law elements, DG Connect on network security and resilience, and cyber defence under the remit of the CSDP: the EU is, however, developing integrated working structures in order to facilitate a coherent approach to its cybersecurity strategy.