The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?

Applied Cybersecurity & Internet Governance (ACIG), VOL.1, NO.1, 2022, DOI: 10.5604/01.3001.0016.1237

12 Pages Posted: 17 Feb 2023

See all articles by Vagelis Papakonstantinou

Vagelis Papakonstantinou

Faculty of Law and Criminology, Vrije Universiteit Brussel

Date Written: March 12, 2022

Abstract

Cybersecurity is a relatively recent addition to the list of preoccupations for modern states. The forceful emergence of the internet and computer networks and their subsequent prevalence quickly brought this to the fore. By now, it is inconceivable that modern administrations, whether public or private, can exist entirely outside the digital realm. Nevertheless, with great opportunities also comes great risk. Attacks against com- puter systems quickly evolved from marginalised incidents to matters of state concern. The exponential increase in the importance of cybersecurity over the past few years has led to a multi-level response. New policies, followed by relevant laws and regulations, have been introduced at national and international levels. While modern states have therefore been compelled to devise concrete cybersecurity strategies in response to potential threats, the most notable aspect of these strategies is their resemblance to one another. Such uni- form thinking could develop into a risk per se: challenges may appear unexpectedly, given the dynamic nature of the internet and the multitude of actors and sources of risk, which could put common knowledge, or what may be called conventional wisdom, to the test at a stage where the scope for response is limited. This paper builds upon the idea of national states being perceived as platforms within the contemporary digital and regulatory environ- ment. Platforms are in this context information structures or systems, whereby the primary role of states acting as platforms is that of an information broker for its citizens or subjects. This role takes precedence even over the fundamental obligation of states to provide se- curity; it calls upon them first to co-create (basic) personal data, and then to safely store and further transmit such data. Once the key concept of states as platforms has been elaborated in section 2, this paper then presents the concrete consequences of this approach within the cybersecurity field. In section 3, former off-line practices for safely storing per- sonal information, undertaken by states within their role as platforms, are contrasted with the challenges posed by the digitisation of information. The focus is then turned in section 4 to the EU, and the NIS Directive’s obligation upon Member States to introduce and imple- ment national cybersecurity strategies, which are therefore examined under the lens intro- duced in section 2. Finally, specific points for improvement and relevant recommendations for these cybersecurity strategies are presented in section 5.

Keywords: data localisation, states as platforms, digital sovereignty, national cybersecurity strategies

Suggested Citation

Papakonstantinou, Vagelis, The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough? (March 12, 2022). Applied Cybersecurity & Internet Governance (ACIG), VOL.1, NO.1, 2022, DOI: 10.5604/01.3001.0016.1237, Available at SSRN: https://ssrn.com/abstract=4359599

Vagelis Papakonstantinou (Contact Author)

Faculty of Law and Criminology, Vrije Universiteit Brussel ( email )

Pleinlaan 2
Brussels, 1050
Belgium

HOME PAGE: http://vpapakonstantinou.com

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
56
Abstract Views
298
Rank
671,301
PlumX Metrics