The rapid development of modern information and communication technologies – a sine qua non condition for the edification of the Information Society - has had a major impact on the social environment, marking true mutations in the operating philosophy of economics, politics, and culture, but also in the daily life of the individual. In fact, at present, the easy access to technology information and communication is one of the conditions for the proper functioning of modern society.
Cyberspace is characterized by the absence of borders, dynamism, and anonymity, generating equal both opportunities to develop knowledge-based information society and risks to its functionality (at the individual, state and even transborder level).
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
Among the global pandemic that people around the world are currently passing, cybersecurity and information protection have become the keywords.
The rapidly evolving nature of cyber threats has required the adoption, including at NATO, of a new concept and a new cyber defense policy. To this end, NATO has redefined its role and area of action in the field and developed a plan of action to develop the capabilities required to protect own cyber infrastructure own and mechanisms for consultation between Member States and for assuring assistance in the event of major cyber attacks.
At the EU level, the adoption a European cyber security strategy, aimed at harmonizing the efforts of Member States to address security challenges in cyberspace and critical information infrastructure protection, is in progress. At the same time, the EU has outlined the need for a policy on fighting cybercrime. Subsequent initiatives have started from realizing the increase in the number of computer crimes, the deeper involvement of organized criminal groups in cybercrime, and the need for coordinating EU efforts in countering these crimes. Given that the large scale, coordinated cyber-attacks targeting cyber critical infrastructure of the Member States are a growing concern of the EU, there is an urgent necessity to take action to combat all forms of cybercrime, both at European and at national level.
The EU is set to boost the security of the internet and other critical network and information systems by establishing a Cybersecurity Competence Centre to pool investment in cybersecurity research, technology, and industrial development. The new body, to be based in Bucharest, Romania, will channel cybersecurity-related funding from Horizon Europe and the Digital Europe Programme.
The Centre will also bring together the main European stakeholders, including industry, academic and research organisations, and other relevant civil society associations, to form a cybersecurity competence community, to enhance and spread cybersecurity expertise across the EU. The Council adopted the regulation establishing the Centre and the network today (April 20, 2021). This will be followed by a final adoption by the European Parliament.
National cyber security system (NSCC) is the general framework of cooperation which brings together public authorities and institutions with responsibilities and capabilities in the field to ensure coordination of actions at national level for cyberspace security, including through cooperation with academia and business, professional associations, and organizations NGOs. The mission of the NSCC is to provide elements of knowledge, prevention and counteracting of threats, vulnerabilities, and specific risks specific to the cyberspace that may affect national cyber security infrastructure, including consequence management. The Supreme Council of National Defence is the authority that coordinates the strategic level of NSCC activity.
The Government of Romania, through the Ministry for Information Society, ensure coordination for other public authorities that are not represented in the COSC (Cyber security operative Council), to achieve government policies consistency and implementation strategies for electronic communications, information technology, information society services, and the National Response Centre for Cyber Security Incidents - CERTRO - Ensure the development and dissemination of public policies for preventing and counteracting incidents of cyber infrastructures, according to the competence area. All the institutions that are represented in the COSC cooperate with international bodies EU, NATO, OSCE, etc., each in its field of competence.
When considering cyber security priorities, it is important for organisations to understand their legal obligations. But it is equally important to ensure that the means of complying with legal obligations align with business objectives and areas of real risk; cyber security management should not be a box-ticking compliance exercise.
The growth of cyberspace has created unlimited complexities and new and emerging legal issues. This has led to the birth of a specialized branch of law known as cyber law. It is a part of the overall legal system that deals with cyberspace, the internet, and respective cybersecurity legal issues. Cyber laws provide legal protection to people who are using the internet. Every industry and organization face the implications of cyber laws.
By Mihaela Craciunescu, Partner, Firon Bar-Nir