EU’s new Cybersecurity law: A stepping stone for the legal framework

Need of an international legal framework for cybersecurity

Cyberspace has become one of the most important domains in our daily life and its influence over humanity is increasing day-by-day. Since the cyberspace has no boundaries and no jurisdictions, the importance of a ‘Global Legal Framework for Cybersecurity needs no explanation. Cybersecurity itself is a huge responsibility because of the massive infrastructure and complexity of the cyberspace. The Internet is home to many malicious players who are capable of disturbing the core life comforts (electricity, transportation, health) with a couple of mouse clicks and some set of computer codes. On top of that, cyberspace itself is evolving into a potential war-zone. Nations are recruiting hackers and developing cyber warheads as they prepare themselves to face the looming threat of the cyberwar. These alarming changes in practices show that we are not only walking behind in controlling the situation, but we are limping all the way.

Challenges in designing an effective global framework

Designing an effective international legal framework for cybersecurity is a tremendous task. International cooperation is the foundation for designing a global legal framework for cybersecurity. And the purpose of laws is to regulate, protect and solve conflicts. In order to serve this purpose, we can’t concentrate on a single framework, but on multi-layered architecture which is capable of handling the numerous scenarios that occur in the cyber world. Cybersecurity is a collective effort and so is the implementation and maintenance of the constitution to govern cybersecurity.

European Council recently adopted a new cybersecurity strategy to make the information interchange across European Union more safe and secure. This new set of laws accommodates critical sectors like energy, finance, transportation, health and ‘digital service suppliers’ (Amazon, Google… etc.). That’s a good start, because Europe itself covers a considerable amount of cyberspace and we can take their policies as a benchmark to analyse the feasibility of a global framework. Still, it will take a while to understand the limitations and loopholes of the newly adopted cybersecurity rules but it is a step in the right direction.

European Union’s strategy and the way of implementation

In the new proposed EU cybersecurity strategy, they have divided the framework into two subsets as ‘Essential Services’ and ‘Digital Service Providers’. In the case of ‘Digital Service Providers, the new laws make sure that all operators will be treated equally and they (service providers) shall provide uniform services across Europe. Since the ‘Essential Service’ sector has a higher level of risk if it disrupted, the law requirements and supervision will be stronger to make the society and economy secure.

To implement the above mentioned guidelines, each country under EU will require to appoint one or more national authorities to set out the strategies. An EU-level cooperation group will be created to support strategic cooperation and exchange of best practices among member states. A network of Computer Security Incident Response Teams (CSIRTs) will be set up in each nation to promote operational cooperation. The response teams and the authorities are also expected to help develop confidence and trust between member states.

This proposed strategy is aimed to improve these five key aspects: Cyber resilience, reducing cybercrime, cyber defense policy and capabilities related to the EU’s common security, industrial and technological resources for cyber security and for establishing a coherent international cyberspace policy for the EU. The newly adopted cybersecurity strategies of the EU are meant for addressing the Global Cybersecurity market during the peacetime and it does not take into account the cyber war time scenario. What we require is a total action plan for every situation. Even though, let’s consider this as a siren to announce the requirement of a common policy, to secure the cyberspace for a better tomorrow.