Security and Law Book contents
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Chapter 9 - The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
Published online by Cambridge University Press: 23 January 2020
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Summary
INTRODUCTION
The number of cyberattacks is increasing and with it the fear of attacks on highly vulnerable infrastructures, such as energy or healthcare infrastructures. This is crucial, as for instance, the intrusion on an energy supplier's computer systems may affect the supply and distribution of energy which may have impact on thousands of people's lives. Such infrastructures are being considered as critical infrastructures (CIs) due to their importance for the maintenance of crucial “societal functions, health, safety, security, economic or social well-being of people”. These infrastructures play a vital role for society and are essential for a successfully operating internal market. In that respect, disruptions may become very dangerous for the interests of the general public due to the interconnected concept of CIs. For instance, energy networks may be highly interdependent and the unavailability of energy supply provided by CI can constitute a major vulnerability to energy suppliers (i.e. electricity, oil and gas) that can be caused through cyber-attacks. Malicious attacks are not limited by borders and malfunctioning CI may have effects on other infrastructures, also in a cross-sector manner resulting from interdependencies between different CIs.
Therefore, a common trans-boundary approach within Europe must be ensured. However, disruptions of CI may also be caused through other technological disasters than cyberattacks, or through natural disasters. As far as the first type is concerned, a disaster may also be caused through human failure, for instance, if counter-measures have not been implemented sufficiently. Natural disasters on the other hand, are oft en considered as force majeure and consequently it may be difficult to identify a tortfeasor in this context. The scope for the application of liability regulation therefore becomes rather relevant in the context of technological disasters, rooted in human error which may be traced back to an individual's behaviour.
Responsibility may become a crucial issue in the context of cybersecurity and CI, as the ownership of CIs, such as power suppliers, is primarily in the hand of private entities. The Directive on Security of Network and Information Systems5 (NIS Directive) is the first European legislation that introduces minimum cybersecurity criterions in order to ensure a high level of security of network and information systems while focusing on operators of essential services and digital service providers.
- Type
- Chapter
- Information
- Security and LawLegal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, pp. 215 - 238Publisher: IntersentiaPrint publication year: 2019