The government has announced legislation to toughen the Computer Misuse Act by increasing the maximum jail sentence for hackers and strengthening legal protection against denial of service attacks.
The reforms, part of the Police and Justice Bill published last week, follow a long-running campaign by Computer Weekly, backed by police, lawyers and business, for an update of the UK's crime laws.
The bill will increase the penalty for unauthorised access offences from six months to two years, and for unauthorised modification of computer systems from five to 10 years.
The move will open the way for police to bring extradition proceedings against hackers suspected of simple unauthorised access offences.
"The penalties reflect the seriousness of the crime. The estimated cost to business is thought to be more than £3bn a year and the sophistication of attacks has grown," said a Home Office spokesman.
The Home Office plans to modify the Computer Misuse Act to ensure all forms of denial of service attack are illegal, by explicitly making it an offence to impair the operation of a computer.
The move follows police concerns that some forms of denial of service attack may not have been covered by existing law.
Chris Simpson, head of the Metropolitan Police Computer Crime Unit, said, "I welcome the proposed increases in maximum sentencing, as they reflect the potential financial cost of attacks.ÊThe changes will also assist law enforcement in tackling the escalating problems of unauthorised accesses for the purpose of industrial espionage and the deliberate infection of machines for use as proxies."
Security expert Peter Sommer of the London School of Economics, said, "The extension of the act is something that is long overdue and many of us have been campaigning for."
The changing face of police IT
The Police IT Organisation (Pito) is to be disbanded and its functions incorporated into the new National Police Improvement Agency.
The move follows an independent Home Office review last year, which advised creating a new body following concerns that local forces were not following Pito's direction.
The review said the relationship between Pito and the forces it served had irretrievably broken down. "The structure and organisation of police IT in general lacks clear definition of purpose, results in confused lines of responsibility and is almost certainly poor value for money," it said.