European Cybersecurity Certification Schemes and cybersecurity in the EU internal market-Reference-Cited by-同舟云学术

European Cybersecurity Certification Schemes and cybersecurity in the EU internal market

Published:2022-01-28 Issue:1 Volume:3 Page:51-114
ISSN:2662-9720
Container-title:International Cybersecurity Law Review
language:en
Short-container-title:Int. Cybersecur. Law Rev.

Author:

Stewart Ferguson Donald David^ORCID

Abstract

AbstractThe principal question addressed by this paper is: how adequate are the minimum security objectives of the European Union Cybersecurity Act (Regulation (EU) 2019/881) in assisting organisations in the European Union internal market with resisting and recovering from cyber threats? The question is answered by first identifying the scope of the minimum security objectives. Scope identification, performed through legislative interpretation, reveals an integrated system of security objectives with significant gaps. Second, the minimum security objectives are evaluated within a model of cyber attacks from attack reconnaissance to legal proceedings to reveal further significant gaps. Finally, the minimum security objectives are evaluated within five cyber attack scenarios, reflecting the highest ranking cyber threats to the internal market. The simulation analysis accentuates the findings of the model analysis and identifies further significant gaps. In conclusion, the minimum security objectives are found to be largely inadequate in assisting organisations in the European Union internal market with resisting and recovering from cyber threats. The analysis of the adequacy of the minimum security objectives is timely, as the first European cybersecurity certification schemes are currently being designed.

Funder

ERDF

Georg-August-Universität Göttingen

Publisher

Springer Fachmedien Wiesbaden GmbH

Subject

Anesthesiology and Pain Medicine

Link

https://link.springer.com/content/pdf/10.1365/s43439-021-00044-5.pdf

Reference202 articles.

1. European Union Agency for Cybersecurity (2019on) Regulation (EU) 2019/881 of 17 April 2019 on ENISA and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 [2019] OJ L151/15 (Cybersecurity Act). EU,

2. Leteinturier A et al Recommendations for the implementation of the CSP Certification scheme’ (CSPCERT WG 2019). https://drive.google.com/file/d/1J2NJt-mk2iF_ewhPNnhTywpo0zOVcY8J/view. Accessed 13 Dec 2019

3. European Commission (2019) Towards a more secure and trusted cloud in Europe. https://ec.europa.eu/digital-single-market/en/news/towards-more-secure-and-trusted-cloud-europe. Accessed 13 Dec 2019

4. ENISA (2020) Cybersecurity Certification. https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme/. Accessed 8 Oct 2020

5. Raustiala K ‘Compliance & Effectiveness in International Regulatory Cooperation’ (2000) 32/3 Case W. Res. J. Int’l Law. https://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?article=1497&context=jil. Accessed 2 Dec 2019 (387)

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The outcome efficacy of the entity risk management requirements of the NIS 2 Directive;International Cybersecurity Law Review;2023-08-17

2. Power System Monitoring, Control and Protection for Network, IOT and Cyber Security;2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE);2022-04-28