Titel Deelnemers "Korte inhoud" "The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?" "Vagelis Papakonstantinou" "Cybersecurity is a relatively recent addition to the list of preoccupations for modern states. The forceful emergence of the internet and computer networks and their subsequent prevalence quickly brought this to the fore. By now, it is inconceivable that modern administrations, whether public or private, can exist entirely outside the digital realm. Nevertheless, with great opportunities also comes great risk. Attacks against computer systems quickly evolved from marginalised incidents to matters of state concern. The exponential increase in the importance of cybersecurity over the past few years has led to a multi-level response. New policies, followed by relevant laws and regulations, have been introduced at national and international levels. While modern states have therefore been compelled to devise concrete cybersecurity strategies in response to potential threats, the most notable aspect of these strategies is their resemblance to one another. Such uniform thinking could develop into a risk per se: challenges may appear unexpectedly, given the dynamic nature of the internet and the multitude of actors and sources of risk, which could put common knowledge, or what may be called conventional wisdom, to the test at a stage where the scope for response is limited. This paper builds upon the idea of national states being perceived as platforms within the contemporary digital and regulatory environment. Platforms are in this context information structures or systems, whereby the primary role of states acting as platforms is that of an information broker for its citizens or subjects. This role takes precedence even over the fundamental obligation of states to provide security; it calls upon them first to co-create (basic) personal data, and then to safely store and further transmit such data. Once the key concept of states as platforms has been elaborated in section 2, this paper then presents the concrete consequences of this approach within the cybersecurity field. In section 3, former off-line practices for safely storing personal information, undertaken by states within their role as platforms, are contrasted with the challenges posed by the digitisation of information. The focus is then turned in section 4 to the EU, and the NIS Directive’s obligation upon Member States to introduce and implement national cybersecurity strategies, which are therefore examined under the lens introduced in section 2. Finally, specific points for improvement and relevant recommendations for these cybersecurity strategies are presented in section 5." "Cybersecurity Research Analysis Report for Europe and Japan: Cybersecurity and Privacy Dialogue Between Europe and Japan" "This book contains the key findings related to cybersecurity research analysis for Europe and Japan collected during the EUNITY project.A wide-scope analysis of the synergies and differences between the two regions, the current trends and challenges is provided. The survey is multifaceted, including the relevant legislation, policies and cybersecurity agendas, roadmaps and timelines at the EU and National levels in Europe and in Japan, including the industry and standardization point of view, identifying and prioritizing the joint areas of interests.Readers from both industry and academia in the EU or Japan interested in entering international cybersecurity cooperation with each other or adding an R&D aspect to an existing one will find it useful in understanding the legal and organizational context and identifying most promising areas of research. Readers from outside EU and Japan may compare the findings with their own cyber-R&D landscape or gain context when entering those markets." "Tackling cybersecurity challenges in the energy and water sectors in the context of the cybersecurity and sectoral regulatory frameworks: the case of smart metering systems in the new digitalised environment" "Dimitra Markopoulou" "Critical Infrastructures (CIs) are the backbone of our societal and economic activities. Safeguarding their uninterrupted operation and keeping them safe against different types of threats, from natural disasters to human-induced acts, is of the essence. This analysis focuses on the energy sector mostly and the water sector secondarily as these two sectors are among the CIs that have mainly suffered the consequences of cyber incidents. In this context, the paper examines the applicability of the EU cybersecurity regulatory framework in the energy (including both electricity and gas) and the water sectors, as well as the sector specific initiatives that have been adopted so far to tackle the cybersecurity challenges the two sectors face. Given the expansive deployment of smart technologies and devices in both sectors, the regulatory regime of smart metres and the complications that are associated with their installation and use in terms of privacy and security of the collected data is examined separately. Finally, the analysis attempts to shed some light on the shortcomings of the existing legal framework and to contribute to its further effectiveness by suggesting further steps that could potentially help make the energy and water sectors more cyber resilient in the new threat landscape." "Misaligned Union laws? A comparative analysis of private law instruments in the Cybersecurity Act and the General Data Protection Regulation" "In 2019, the Cybersecurity Act, the EU law aiming to achieve high level of cybersecurity in the Union and Member States, entered into force. The CSA belongs to a broader set of Union laws providing a framework of legal protection of individual and collective rights from harmful use of information and communication technologies. Those laws introduce private law instruments for the achievement of legislative goals.2 Despite the overarching similarities of the regulated fields, the Union legislator adopted seemingly different approaches in introducing private law instruments. The Chapter seeks to comparatively present the certification frameworks as introduced in the Cybersecurity Act and the General Protection Regulation, with the aim to provide an understanding on the legislative choices and the normative, implementation and policy reasons underpinning the introduction of private law instruments in Union laws." "EU cybersecurity capacity building in the Mediterranean and the Middle East" "Erwoan Lannon" "Cyberthreats on the Rise The 2008 Report on the implementation of the European Security Strategy included “cybersecurity” for the first time among the priorities of the EU’s external action, stating that: “modern economies are heavily reliant on critical infrastructure including transport, communication and power supplies, but also the Internet.” If the EU Strategy for a Secure Information Society, adopted two years before, already addressed “cybercrime,” the proliferation of cyber-attacks “against private or government IT systems” gave the spread of cyber-capabilities a “new dimension, as a potential new economic, political and military weapon.” An EU Cybersecurity Strategy was adopted in 20132 followed, in 2016, by a first EU “Directive on Security of Network and Information Systems,” known as the “NIS Directive,” which harmonized the EU Member States’ legislations." "The new EU cybersecurity framework" "Dimitra Markopoulou, Vagelis Papakonstantinou, Paul De Hert" "The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation." "Regulatory challenges for Latin America regarding cybersecurity" "Pablo Palazzi" "Emotional experiences of cybersecurity breach victims" "Sanja Budimir, Etienne B. Roesch" "Emotional reactions to cybersecurity breach situations : scenario-based survey study" "Sanja Budimir, Nicole M A Huijts, Antal Haans, George Loukas, Etienne B Roesch" "Castles built on sand : observations from classifying academic cybersecurity datasets with minimalist methods" "Laurens D'hooge, Miel Verkerken, Tim Wauters, Filip De Turck, Bruno Volckaert"