23.2. Cybersecurity and Cyber-defence law - system and principles (POLČÁK)
One might
sometimes get an impression that cyberlaw is a novel discipline. In fact, it is
not. It has been around for more than three decades and many of its areas are
already well established, including doctrine, case-law etc. Cybersecurity law,
however, is a bit different story. It instantly emerged mostly thanks to
specific legislation that started appearing around the world not even ten years
ago. Cyber-defence law is even younger with black-letter laws only developing and
nearly no case-law - despite we now have plenty of case studies of actual cyber-defence
incidents.
In this
first module, we will look at the overall picture of cybersecurity and
cyber-defence as a regulatory agenda. In particular, we will identify main
regulatory issues and challenges and see how they are systematically tackled in
international, European and national laws. We will also talk about fundamental
institutional distinctions between security, law enforcement and defence. These
fundamental elements will serve us also as a basis to understand cultural
differences that make it often difficult to establish functioning international
cooperation in cybersecurity as well as to identify similarities that, to the
contrary, serve as an enabler of closer cooperation between certain nations.
In
addition, we will briefly tackle basic regulatory concepts that are used in
cybersecurity laws, namely performance-based rules, smart rules and public-private-partnerships
and discuss quite unique dynamics of compliance and liability. For
cyber-defence law, we will briefly discuss the so-called ‘paradox of big guns’
that makes law making, incl. drafting of international treaties, mostly
challenging.
We chose as
a basic text for this module the following chapter from the upcoming Edward
Elgar book ‘Data Governance in AI, FinTech and LegalTech’ edited by Joseph Lee. The
chapter, as well as the whole book, is primarily about IT in financial services.
However, the core of the chapter explains in general the above regulatory concepts that do
not only work in fintech, but are of universal nature. When reading the text, you can skip the parts that specifically refer to fintech and financial services.
Please, note
that the following text is an unpublished manuscript that is copyrighted by
Edward Elgar. It can be used only for educational purposes in this course and
it is strictly prohibited to make copies, distribute it or even cite it.