This document summarizes legislation on cyber security in the European Union, Eastern Partnership countries, and the United States. It discusses two definitions of cyber attacks, as means for usual crimes or computer-specific crimes. The aims of cyber attacks are described as accessing military/commercial secrets, stealing data, interrupting information flow, or propaganda/terrorism. Legal challenges include uncertainty over attackers and unpredictability. Legislation at the UN, US, EU, Council of Europe, CIS, and in Armenia, Azerbaijan, Belarus, Georgia, Moldova, and Ukraine is summarized. The document concludes that more specific legislation is needed while protecting freedom of speech and that international collaboration is important.
1. Legislation on Cyber Security
in
the European Union,
the Eastern Partnership
and the United States
Kostiantyn Iakovliev (Ukraine)
MA in Human Rights and Democratization
Yerevan State University, 2013
2. New type of warfare
“Cyber warfare
has become an
unavoidable element in
any discussion of
international security”
- 2011 report on Cyber security
and Cyber warfare by the United
Nations Institute for Disarmament
Research (UNIDIR)
3. 2 definitions
As a means to usual
crimes
• Transfer of pornography
• Promoting violence
• Harassing others
As a tool for computerspecific crimes
• Obtaining of banking
passwords
• Disruption of information
flow
Note: some laws regulating both spheres
may infringe freedom of speech
4. Aims of Cyber Attacks
• Accessing military secrets
• Extracting commercial secrets (for further
re-selling at the black market)
• Stealing banking data and private
information
• Interrupting information flow
• Exercising propaganda
• Terrorist acts (for example, targeting vital
infrastructure)
5. Legal Challenges
• Uncertainty (Who did it? – anonimizers &
proxies)
– China & US accusing each other
– South Korea usually targeted by North Korea and
China but not always
• Unpredictability (When they will do it? –
hard to predict although cyber units exist)
– Cyber units in China and North Korea
6. Legislation - UN
• International Telecommunication Union
- an UN agency for information and
communication technologies
• 2012 treaty not supported by US and
EU due to infringing freedom of speech
Signed: Azerbaijan and Ukraine
http://www.itu.int/cybersecurity/
7. Legislation - US
• Individual state bills
• National law scraped due to infringing
freedom of speech
• Executive orders of the President
8. Legislation - EU
• Communication on
Cyber security strategy
• 2013 - Directive on attacks
against information
systems
– Requires public
– institutions to report
security breaches in their
networks (issue of respect
vs national policy)
9. Legislation – CoE
(Belarus not member)
• Council of Europe
Convention on
Cybercrime
– national contact
point on cyber
security
(Azerbaijan and Ukraine
with reservations)
10. Legislation - CIS
• Agreement on cooperation with the
Commonwealth of Independent States
11. Legislation - Armenia
Often a target of attacks by Azerbaijani and
Turkish hackers (propaganda)
International conferences and trainings (OSCE,
NATO)
State Cyber Security Committee - planned
12. Legislation - Azerbaijan
Often a target by hackers (counter propaganda
attacks)
International conferences and trainings (OSCE,
NATO)
Criminal Code articles
Center of coordination structure of electronic
security - planned
13. Legislation - Belarus
Army cyber units
established
International
conferences and
trainings (OSCE, NATO)
Issues of freedom of
speech under totalitarian
rule
16. Legislation - Ukraine
A bill of amendments to the Law of Ukraine "On
the Bases of the National Security of Ukraine"
concerning cyber security issues
International conferences and trainings (OSCE,
NATO)
Ukraine’s Strategic Defence Bulletin Draft
17. Conclusions
• More specific legislation needed but it
should not infringe freedom of speech
• International collaboration matters