Skip to main content Accessibility help
×
Hostname: page-component-78c5997874-mlc7c Total loading time: 0 Render date: 2024-10-30T01:59:03.139Z Has data issue: false hasContentIssue false

Chapter 10 - The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward

Published online by Cambridge University Press:  23 January 2020

Domenico Orlando
Affiliation:
Bocconi University and has an LL.M.
Pierre Dewitte
Affiliation:
Data Protection by Design, privacy engineering, smart cities and algorithmic transparency issues.
Get access

Summary

INTRODUCTION

The aim of this chapter is to analyse ‘Security by Design’ (SbD) as an emerging concept in EU Law, especially in the fields of information security and data protection. This is especially relevant in light of the growing amount of data breaches and ever-increasing pervasiveness of Internet of Things (IoT) devices. This is even more so if we take into account the worrying trend, especially from important market players, to tolerate risks of data breaches and therefore keep IT security investments relatively low. The first part of this chapter will substantiate the notion of SbD by deciphering the exact meaning of the concepts of ‘design’ and ‘security’, with a strong focus on the IT sector. The second part will then explore the emergence of SbD as a principle in the EU legislative framework. In that context, a comparison will be made with the ‘Data Protection by Design’ (DPbD) paradigm, which has been one of the cornerstones of the data protection reform. The last part will then highlight some of the challenges inherent to the ‘by design’ approach.

DECODING ‘SECURITY BY DESIGN’: A TALE OF ‘SECURITY’ AND ‘DESIGN’

Before delving into the substance and challenges of the SbD paradigm, it is crucial to clarify the exact scope of the notions that lie at the heart of that approach, namely: ‘security’ and ‘design’. In the ICT context, ‘security’ has been defined by the European Union Agency for Network and Information Security (ENISA) as the protection against the threat of theft, deletion or alteration of data stored or transmitted within a system. Such a definition echoes the so-called ‘CIA triad’ – namely confidentiality, integrity and availability – which has been recognised as the basis of information security over the last decade. While the notion of security traditionally encompasses the protection of both physical (e.g. a data centre) and non-physical (e.g. the data processed on the said servers) assets, the present contribution will – for the sake of conciseness – be limited to the analysis of the second component.

‘Design’, on the other hand, refers to “the process by which an agent creates a specification of a soft ware artefact intended to accomplish goals, using a set of primitive components and subject to constraints”. Alternatively, the notion of ‘soft ware design’ has been referred to as “all the activities involved in conceptualising, framing, implementing, commissioning, and ultimately modifying complex systems”.

Type
Chapter
Information
Security and Law
Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security
, pp. 239 - 252
Publisher: Intersentia
Print publication year: 2019

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×