How is cybercrime regulated on a national level?

Introduction

According to a poll done among Maltese firms in the fourth quarter of 2018, 40% of respondents were directly affected by a cyber security issue, with attack vectors ranging from fraudulent emails or scam calls to the unknowingly installation of harmful software or ransomware. Surprisingly, 83 percent of the major organisations polled stated that they have been the victim of at least one cyber security incident. An organisation becomes more vulnerable the more moving elements it has. Therefore, given their size, large organisations have a higher attack surface due to the greater number of individuals they employ and/or conduct business with, which leads to a greater number of transactions and communication channels. Small businesses, on the other hand, made up 46% of all respondents in the Micro, Small to Medium Sized Enterprises group and were the most adversely impacted type of business. In light of this, the majority of respondents (75 percent of SMEs and 83 percent of big organisations) concurred that it is crucial to conduct a cyber risk assessment of their digital assets in order to assure preparation for cyberattacks.[1]

Unfortunately, when it comes to cyberattacks, the question to ask is not whether we will be attacked, but rather when we will be hit and what the implications will be.

The increased need for Internet and computer connectivity has resulted in the incorporation of computer technology into things that previously did not work without it, such as automobiles and buildings. Almost all modern services rely on the usage of ICTs, including electricity supply, transportation infrastructure, military services, and logistics.

Although the development of new technologies is mostly focused on serving the needs of consumers in developed nations, developing countries may also profit from new technology. Many more individuals in developing nations should have better access to the Internet and related products and services now that long-distance wireless communication technology and computer systems are accessible.

The impact of ICTs on society extends far beyond the establishment of fundamental information infrastructure. The availability of ICTs serves as a basis for growth in the development, availability, and use of network-based services. E-mail has surpassed traditional letters in importance; online web representation is now more significant for firms than printed publicity materials.

The availability of ICTs and new network-based services provides a lot of benefits to society in general, particularly developing countries.

Internet service costs are frequently substantially lower than equivalent services outside the network. E-mail services are frequently free or extremely low-cost when compared to traditional postal services. The online encyclopaedia Wikipedia, as well as hundreds of internet hosting providers, are both free to use. Lowering expenses is crucial because it allows many more individuals to access services, even those with limited means. Because many individuals in underdeveloped nations have little financial means, the Internet allows them to access services that they would not otherwise have access to outside of the network.

Cybersecurity and cybercrime

Cybersecurity is critical to the continuous growth of information technology and Internet services. Improving cybersecurity and safeguarding key information infrastructure are crucial to any country’s security and economic well-being. Making the Internet safer (and safeguarding Internet users) has become an essential component of both the creation of new services and government policy. Cybercrime prevention is an essential component of a national cybersecurity and critical infrastructure protection plan. This involves, in particular, the development of suitable legislation prohibiting the use of ICTs for criminal or other objectives, as well as actions that threaten the integrity of national essential infrastructures. At the national level, this is a shared obligation that necessitates concerted effort on the part of government authorities, the business sector, and individuals. The development and execution of a national cybersecurity framework and strategy consequently necessitates a comprehensive approach. Cybersecurity methods, such as the creation of technological protection systems or user education to keep people from being victims of cybercrime, can serve to lower the risk of cybercrime. The creation and implementation of cybersecurity strategies are critical components in the battle against cybercrime. The Global Cybersecurity Agenda is comprised of seven major strategic goals organised around five action areas:

1) Legal measures;

2) Technical and procedural measures;

3) Organizational structures;

4) Capacity building; and

5) International cooperation.

The battle against cybercrime necessitates a multifaceted strategy. Technical safeguards alone cannot prevent every crime, it is vital that law enforcement our authorities to have the ability to properly investigate and penalise cybercrime. “Legal measures” focuses on how to meet the legal problems provided by criminal actions carried out through ICT networks in a way that is globally compatible. “Technical and procedural measures” focuses on critical steps to encourage the use of upgraded techniques to improve cybersecurity and risk management, such as accreditation schemes, procedures, and standards. “Organizational structures” focuses on cyberattack prevention, detection, response, and crisis management, including critical information infrastructure system protection. “”Capacity development” is concerned with developing strategies for capacity-building processes in order to increase awareness, transfer know-how, and improve cybersecurity on the national policy agenda. Finally, “International collaboration” is concerned with international cooperation, consultation, and coordination in the face of cyber dangers. The establishment of suitable laws, including the creation of a cybercrime-related legal framework, is a critical component of a cybersecurity strategy. First and foremost, substantive criminal law provisions are required to prohibit these actions.

Malta Cybercrime regulations

On October 30, 2015, the Minister of Business, Investment, and the Economy published a Green Paper for a National Cyber Security Strategy. The Green Paper was the result of significant research into cyber security based on numerous public sources.

The Green Paper idea was consolidated into the National Cyber Security Strategy, which was unveiled in 2016. The National Cyber Security Strategy acknowledges that in order to handle cyber security, it is necessary to:

  • Safeguard the rule of law in line with Malta’s Constitution and Malta’s role as a European Union Member State;
  • Adopt a multi-disciplinary approach;
  • Ensure that all stakeholders of cyber-space: government, private sector, and civil society understand their shared responsibility and thus commitment to collaboration and cooperation, to ensure a safe, stable and secure environment;
  • Adopt a risk based approach, based upon the premise that it is impossible to guarantee immunity from any cyber-attack.

The following Maltese laws address various areas of cybersecurity:

  • The Maltese Criminal Code does deal with cybercrime in a chapter entitled ‘Of Computer Misuse;
  • Processing of Personal Data (Electronic Communications Sector) Regulations (Subsidiary legislation 440.01); and
  • The Electronic Communications Networks and Services (General) Regulations (Subsidiary Legislation 399.28)

Since 2001, Malta has been a signatory to the Council of Europe Cybercrime Convention, which was ratified in April 2012. The ISO 27001 standard is the primary international standard used by data-centric enterprises in Malta to manage data security. There is no requirement to follow this standard. Nonetheless, implementation of this standard is recommended in both the public and commercial sectors, as it assists to indicate attempts to implement suitable cybersecurity safeguards. The Malta Cyber Security Strategy 2016 recognises this standard.

The Maltese Criminal Code makes it a crime to gain unauthorised access to or use information, notably through the use of computers or other technologies. The unlawful use of a computer or other device or equipment to access any data, unauthorised acts that impede access to any data, unlawful disclosure of data or passwords, and abuse of hardware are all criminal offences.

The Information and Data Protection Commissioner is the entity charged for regulating and enforcing cybersecurity elements of personal data processing.

The Malta Communications Authority is the body in charge of ensuring the security of Malta’s public communication networks.

The Maltese Police Force is in charge of discovering, investigating, and punishing cybercriminals, principally through the Cyber Crime Unit.

Other industry-specific agencies, such as the Malta Financial Services Authority and the Malta Gaming Authority, would be the appropriate authorities to report to for operators who possess licences from such authorities.

Four main categories of Cybercrime

Offences against confidentiality, integrity and availability of computer data and systems

Offenses that involve the confidentiality, integrity, and availability of computer data and systems, as well as unauthorised access. Unauthorized access to a computer or system or any component of it and illegal interception.

Computer-related offences

Computer-enabled crimes are done “for personal or financial benefit or injury” are classified as computer-related offences.

Content-related offences

These include illicit content. Child sexual abuse material is a prominent example of prohibited content.

Offences related to infringements of copyright

Unauthorized reproduction, importation, possession, sale, display, and distribution Offenses can be committed in relation to literary, theatrical, and musical works that have been documented, in writing or otherwise.

Four various forms of Cybercrime

Viruses and Malware

Coding is required for computer programmes and apps to work effectively. Unfortunately, highly smart programmers find security flaws in large applications every day. They produce viruses and malware to disrupt computer operations. Some of them steal data or hijack systems until a user or business agrees to pay a fee to be re-entered. Other viruses can either harm a device or provide unauthorised access to your data.

Identity Theft

Identity theft and credit card fraud are both crimes in which a person takes data and utilises it for personal gain. This might be as easy as using a stolen credit card to make purchases or as complicated as obtaining credit cards and bank account information using a person’s Social Security number.

Hacking

Computer Hackers steal or guess passwords in order to get access to individual user accounts, or they exploit security flaws in order to steal massive volumes of data from businesses. Major data breaches occur often, with businesses losing their customers’ personal or financial information, which may cost a business millions of dollars.

Phishing

Phishing schemes are spread via spam emails or phoney adverts on websites. When a user clicks on the link, the sender gains access to everything on the machine or network. They have gotten increasingly difficult to detect as phishing techniques have become more complex.

Conclusion

The existence of provisions in the penal law that apply to identical activities conducted outside the network does not imply that they can also be applied to acts committed through the Internet. As a result, a detailed examination of present national legislation is required to detect any potential loopholes. Aside from substantive criminal law requirements, law enforcement authorities require the means and equipment needed to investigate cybercrime. Such inquiries bring a variety of difficulties. Perpetrators can act from almost anywhere in the globe and conceal their identities. The tools and techniques required to investigate cybercrime differ significantly from those required to investigate traditional crimes and Malta needs to keep abreast on any developments on a daily basis.

[1] https://cybersecurity.gov.mt/bsecure/ (Cyber Security – Maltese Landscape)