634 Views No files have yet been downloaded. 0 Citations See all citations Reviewed article Interorganizational Cooperation in Supply Chain Cybersecurity: A Cross-Industry Study of the Effectiveness of the UK Implementation of the NIS Directive

Wallis, Tania; Johnson, Chris; Khamis, Mohamed

doi:10.11610/isij.4812

Cited by 4 publications

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This implies strong enforcement, and such enforcement is only possible through similar mechanisms. We therefore clearly recommend national authorities with inspection powers, and requirements for staffing inspired by those from the proposed AI Act 29 , and sanctions which are similar to those that can be given in the GDPR, but with the additional layer of right to ban products on the market which is seen in much product legislation. In addition to this, legacy systems which persist, and radiate a certain risk, should be explicitly tackled by these kinds of powers.…”

Section: Enforcementmentioning

confidence: 99%

The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act

Ludvigsen¹,

Nagaraja²

2022

Preprint

View full text Add to dashboard Cite

Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act whenever it is proposed and agreed upon in the European Union. In this paper, we define a range of principles which this future Act should build upon, a structure and argue why it should be as all encompassing as possible. We do this on the basis of what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft. Important areas such as cybersecurity should be taken seriously, by regulating it in the same way we see other types of critical infrastructure and physical structures, and be uncompromising and logical, to encompass the risks and potential for chaos which its ubiquitous nature entails.We find that principles which regulate cybersecurity systems' life-cycles in detail are needed, as is clearly stating what technology is being used, due to Kirkhoffs principle, and dismissing the idea of technosolutionism. Furthermore, carefully analysing risks is always necessary, but so is understanding when and how the systems manufacturers may fail or almost fail, all of these details must be expected and detailed. We do this through the following principles:Ex ante and Ex post assessment, Safety and Security by Design, Denial of Obscurity, Dismissal of Infallibility, Systems Acknowledgement, Full Transparency, Movement towards a Zero-trust Security Model, Cybersecurity Resilience, Enforced Circular Risk Management, Dependability, Hazard Analysis and mitigation or limitation, liability, A Clear Reporting Regime, Enforcement of Certification and Standards, Mandated Verification of Security and Continuous Servicing.To this, we suggest that the Act employs similar authorities and mechanisms as the GDPR, and create strong national authorities to coordinate inspection and enforcement in each Member State, with ENISA being the top and coordinating organ. 1

show abstract

Section: Enforcementmentioning

confidence: 99%