Security and Law Book contents
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Chapter 12 - Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
Published online by Cambridge University Press: 23 January 2020
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Summary
INTRODUCTION
“This has a whiff of August 1945. Somebody just used a new weapon and this weapon will not be put back in the box.”
That is how the former Central Intelligence Agency (CIA) and National Security Agency (NSA) director Michael Hayden referred to the computer virus StuxNet that silently accelerated a few hundred Iranian nuclear centrifuges leading to their self-destruction. Then the quintessential cyberwar scenario became reality in Ukraine in 2015 with the electricity blackout following the unprecedented hack of Ukraine's power grid. On top of that, WannaCry and NotPetya displayed across the globe the extent of the damage for people and infrastructure that malicious cyber-attacks can inflict.
Faced with widespread cyber-attacks and a deadlock in the global negotiations about international law and state responsible behaviour in cyberspace, the EU decided to develop its own framework to combat malicious cyber activities and build stronger cybersecurity. While the Union has foreseen some measures aimed at increased prevention and early warning mechanisms with regard to cyber-attacks, until recently it was lacking an appropriate framework for a joint EU diplomatic response to malicious cyber operations. And contrary to some Member States, which publicly attributed cyber-attacks, the EU has not taken any act of attribution or follow up with regard to potential perpetrators. Thus, the further development of a common and comprehensive approach on cyber diplomacy was necessary in order to contribute to the “mitigation of cybersecurity threats, conflict prevention and greater stability in international relations through the use of diplomatic and legal instruments”.
In 2016, the Dutch presidency submitted a Non-paper on “Developing a joint EU diplomatic response against coercive cyber operations”. This non-paper argues that while resilience and security of networks are essential for preventing certain cyber operations, broader response and a comprehensive use of a multitude of policy instruments may be required. The EU's reaction must be proportionate to the scope, scale and duration of an aggressive behaviour in cyberspace. The use of cyber diplomacy tools is meant to influence rational cost-benefit analysis of state and non-state actors carrying out cyber-attacks for politico-military purposes.
In June 2017, the Council continued its work on the issue and presented its draft conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities.
- Type
- Chapter
- Information
- Security and LawLegal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, pp. 277 - 298Publisher: IntersentiaPrint publication year: 2019
- 2
- Cited by