European Cybersecurity Certification Schemes and cybersecurity in the EU internal market

Investor logo

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Law. Official publication website can be found on muni.cz.

Authors

FERGUSON Donald

Year of publication 2022
Type Article in Periodical
Magazine / Source International Cybersecurity Law Review
MU Faculty or unit

Faculty of Law

Citation
Web https://doi-org.ezproxy.muni.cz/10.1365/s43439-021-00044-5
Keywords certification; cybersecurity; schemes
Description The principal question addressed by this paper is: how adequate are the minimum security objectives of the European Union Cybersecurity Act (Regulation (EU) 2019/881) in assisting organisations in the European Union internal market with resisting and recovering from cyber threats? The question is answered by first identifying the scope of the minimum security objectives. Scope identification, performed through legislative interpretation, reveals an integrated system of security objectives with significant gaps. Second, the minimum security objectives are evaluated within a model of cyber attacks from attack reconnaissance to legal proceedings to reveal further significant gaps. Finally, the minimum security objectives are evaluated within five cyber attack scenarios, reflecting the highest ranking cyber threats to the internal market. The simulation analysis accentuates the findings of the model analysis and identifies further significant gaps. In conclusion, the minimum security objectives are found to be largely inadequate in assisting organisations in the European Union internal market with resisting and recovering from cyber threats. The analysis of the adequacy of the minimum security objectives is timely, as the first European cybersecurity certification schemes are currently being designed.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info