THE UK GOVERNMENT will hand out harsher sentences for "serious" acts of cyber crime under plans outlined in the Queen's speech on Wednesday.
Hackers who carry out cyber attacks which result in "loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof" could receive a full life sentence, thanks to the serious crime bill proposed in the Queen's speech this week.
The crime bill also looks amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause".
Cyber attacks carrying "a significant risk of severe economic or environmental damage or social disruption" would carry sentences of up to 14 years, instead of the present 10 years, even though no such serious cyber attacks have yet hit the UK.
Minister for Organised Crime Karen Brady thinks the new proposals are needed, and will see hackers getting what they deserve.
"Our reliance on computer systems and the degree to which they are interlinked is ever increasing and a major cyber attack on our critical infrastructure would have grave consequences," she said.
"This Bill would ensure that in the event of such a serious attack those responsible would face the justice they deserve."
However, Jim Killock, executive director of the Open Rights Group, told The Guardian that the bill would be difficult to justify. "If a supposed cyberterrorist endangers life or property, there are existing laws that can be used to prosecute them," he said.
Greg Day, CTO of security firm Fireeye agreed, saying, "Getting the sentencing right is hard, as most companies are unable to qualify the extent of the attack or the commercial damage it has on their business, meaning that it will continue to be hard to implement and get the sentencing right."
That isn't the only criticism the proposed bill has received, with some members of the public slamming the government for not addressing issues with the existing computer crime law, which can see experts such as penetration testers subseptible to punishment for carrying out actions similar to hackers in order to spot vulnerabilities and improve security.
Trey Ford, global security strategist at penetration testing firm Rapid7 said, "It's concerning that the law designed to protect people from cybercrime also penalises activity designed to identify areas of cyber risk." µ
Sign up for INQbot – a weekly roundup of the best from the INQ