The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?

Papakonstantinou, Vagelis

doi:10.5604/01.3001.0016.1237

Artykuł - szczegóły

Tytuł artykułu

The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?

Autorzy

Papakonstantinou Vagelis

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.5604/01.3001.0016.1237

Warianty tytułu

Języki publikacji

Abstrakty

Cybersecurity is a relatively recent addition to the list of preoccupations for modern states. The forceful emergence of the internet and computer networks and their subsequent prevalence quickly brought this to the fore. By now, it is inconceivable that modern administrations, whether public or private, can exist entirely outside the digital realm. Nevertheless, with great opportunities also comes great risk. Attacks against computer systems quickly evolved from marginalised incidents to matters of state concern. The exponential increase in the importance of cybersecurity over the past few years has led to a multi-level response. New policies, followed by relevant laws and regulations, have been introduced at national and international levels. While modern states have therefore been compelled to devise concrete cybersecurity strategies in response to potential threats, the most notable aspect of these strategies is their resemblance to one another. Such uniform thinking could develop into a risk per se: challenges may appear unexpectedly, given the dynamic nature of the internet and the multitude of actors and sources of risk, which could put common knowledge, or what may be called conventional wisdom, to the test at a stage where the scope for response is limited. This paper builds upon the idea of national states being perceived as platforms within the contemporary digital and regulatory environment. Platforms are in this context information structures or systems, whereby the primary role of states acting as platforms is that of an information broker for its citizens or subjects. This role takes precedence even over the fundamental obligation of states to provide security; it calls upon them first to co-create (basic) personal data, and then to safely store and further transmit such data. Once the key concept of states as platforms has been elaborated in section 2, this paper then presents the concrete consequences of this approach within the cybersecurity field. In section 3, former off-line practices for safely storing personal information, undertaken by states within their role as platforms, are contrasted with the challenges posed by the digitisation of information. The focus is then turned in section 4 to the EU, and the NIS Directive’s obligation upon Member States to introduce and implement national cybersecurity strategies, which are therefore examined under the lens introduced in section 2. Finally, specific points for improvement and relevant recommendations for these cybersecurity strategies are presented in section 5.

Słowa kluczowe

data localisation digital sovereignty cybersecurity strategies

lokalizacja danych cyfrowa suwerenność strategia cyberbezpieczeństwa

Wydawca

NASK – National Research Institute

Czasopismo

Applied Cybersecurity & Internet Governance

Rocznik

2022

Tom

Vol. 1, No. 1

Strony

1--12

Opis fizyczny

Bibliogr. 28 poz.

Twórcy

autor

Papakonstantinou Vagelis

vagelis.papakonstantinou@vub.be

Faculty of Law and Criminology, Vrije Universiteit Brussel, Belgium

https://orcid.org/0000-0002-2536-2951

Bibliografia

1. V. Papakonstantinou, “States as platforms following the new EU regulations on onlineplatforms,” European View, vol. 21, no. 2, pp. 214–222, 2022, doi: 10.1177/17816858221134748.
2. European Commission. (2019, Feb. 14). Press Release: Digital Single Market: EU negotiatorsagree to set up new European rules to improve fairness of online platforms’ trading practices. [Online]. Available: https://ec.europa.eu/commission/presscorner/detail/en/IP_19_1168. [Accessed: Sep. 1, 2022].
3. P. Bourdieu, On the state: Lectures at the Collège de France, 1989–1992. Cambridge: Polity, 2015.
4. K. Breckenridge, S. Szreter, Eds., Registration and recognition: Documenting the person inworld history. Oxford: Oxford University Press, 2012.
5. C. A. Bayly, “Foreword,” in Registration and recognition: Documenting the person in worldhistory, K. Breckenridge, S. Szreter, Eds. Oxford: Oxford University Press, 2012.
6. G. W. F. Hegel, Hegel: Elements of the philosophy of right. Cambridge: Cambridge University Press, 1991.
7. T. Herzog, “Naming, identifying and authorizing movement in early modern Spain and Spanish America,” in Registration and recognition: Documenting the person in world history,K. Breckenridge, S. Szreter, Eds. Oxford University Press, 2012.
8. L. Lazarus, “Mapping the right to security,” in Security and human rights, B. J. Goold,L. Lazarus, Eds. Oxford: Hart Publishing, 2007.
9. S. Fredman, “The positive right to security,” in Security and human rights, B. J. Goold,L. Lazarus, Eds. Oxford: Hart Publishing, 2007.
10. A. Walsham, “The social history of the archive: Record-keeping in early modern Europe,”Past & Present, vol. 230, no. suppl_11, pp. 9–48, 2016, doi: 10.1093/pastj/gtw033.
11. M. Brosius, “Ancient archives and concepts of record-keeping: An introduction,” in Ancient archives and archival traditions: Concepts of record-keeping in the ancient world, M. Brosius, Ed. New York: Oxford University Press, 2003.
12. S. Simitis, “Einleitung,” in Kommentar zum Bundesdatenschutzgesetz (BDSG), S. Simitis, U. Dammann, O. Mallmann, H.-J. Reh, Eds. Baden-Baden: Nomos Verl.-Ges., 1978.
13. D. Markopoulou, V. Papakonstantinou, P. de Hert, “The new EU cybersecurity framework:The NIS Directive, ENISA”s role and the General Data Protection Regulation,” Computer Law &Security Review, vol. 35, no. 6, 2019, doi: 10.1016/j.clsr.2019.06.007.
14. European Union. (2013). Cybersecurity Strategy of the European Union: An open, safeand secure cyberspace, JOIN/2013/01 final. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52013JC0001. [Accessed: Sep. 1, 2022].
15. M. Baezner, S. Cordey. (2019, Mar. 3). National cybersecurity strategies in comparison – Challenges for Switzerland, Zürich: Center for Security Studies (CSS), ETH Zürich, doi: 10.3929/ethz-b-000352773.
16. S. Dimitrova, S. Stoykov, Y. Kochev, “National cybersecurity strategies in Member States ofthe European Union,” ACJ, vol. 4, no. 73, p. 54, 2015, doi: 10.17770/acj.v4i73.4355.
17. European Union. (2020). The EU’s Cybersecurity Strategy for the Digital Decade, EuropeanCommission, JOIN(2020) 18 final. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=JOIN:2020:18:FIN. [Accessed: Sep. 1, 2022].
18. European Network and Information Security Agency. (2012, Dec. 19). National cybersecurity strategies. [Online]. Available: https://www.enisa.europa.eu/publications/national-cyber-security-strategies-an-implementationguide. [Accessed: Sep. 1, 2022].
19. European Network and Information Security Agency. (2016). NCSS good practice guide: Designing and implementing national cyber security strategies. [Online]. Available: https://data.europa.eu/doi/10.2824/48036. [Accessed: Sep. 22, 2022].
20. European Network and Information Security Agency. (2020). National capabilities assessmentframework. [Online]. Available: https://data.europa.eu/doi/10.2824/590072. [Accessed: Sep. 22,2022].
21. European Union Agency for Cybersecurity (2019). “Good practices in innovation oncybersecurity under the NCSS” [Online]. Available: https://data.europa.eu/doi/10.2824/01007. [Accessed: Sep. 22, 2022].
22. A. Jacuch, “Comparative analysis of cybersecurity strategies”, On-line Journal Modellingthe New Europe, no. 37, p. 102, 2021, doi: 10.24193/OJMNE.2021.37.06.
23. E. Luiijf, K. Besseling, P. de Graaf, “Nineteen national cyber security strategies,”International Journal of Critical Infrastructures, vol. 9, no. 1–2, pp. 3–31, 2013, doi: 10.1504/IJCIS.2013.051608.
24. G. Christou, Cybersecurity in the European Union: Resilience and adaptability in governancepolicy. Basingstoke, New York: Palgrave Macmillan, 2016.
25. M. Dunn Cavelty. (2013). A Resilient Europe for an open, safe and secure cyberspace, UI Occasional papers. [Online]. Available: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2368223. [Accessed: Sep. 9, 2022].
26. C. Moorey, A History of Crete. London: Haus Publishing, 2019.
27. N. Adiyeke, N. Adiyeke, E. Balta, “The Poll Tax in the years of the Cretan War: Symbol ofsubmission and mechanisms of avoidance,” Thesaurismata, vol. 31, pp. 323–59, 2001.
28. V. Papakonstantinou, “Cybersecurity as praxis and as a state: The EU law path towardsacknowledgement of a new right to cybersecurity?,” Computer Law & Security Review, vol. 44,2022, doi: 10.1016/j.clsr.2022.105653.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-fe8551fb-4b89-44d6-b9ec-03c32d65503b