Operationalizing Cybersecurity Due Diligence: A Transatlantic Comparative Case Study
28 Pages Posted: 14 Jan 2016
Date Written: January 12, 2016
Abstract
Although much work has been done on applying the law of warfare to cyber attacks, far less attention has been paid to defining a law of cyber peace applicable below the armed attack threshold. Among the most important unanswered questions is what exactly nations’ due diligence obligations are to one another and to the private sector, as well as how these obligations should be translated into policy. In this Article, we analyze how both the United States and the European Union are operationalizing the concept of cybersecurity due diligence, and then move on to investigate a menu of options presented to the European Parliament in November 2015 by the authors to further refine and apply this concept.
Keywords: cybersecurity, NIS Directive, General Data Privacy Regulation, EU data privacy, Cybersecurity Act of 2015, cyber attack
Suggested Citation: Suggested Citation