Skip to main content Accessibility help
×
Hostname: page-component-cc8bf7c57-xrnlw Total loading time: 0 Render date: 2024-12-12T00:44:19.097Z Has data issue: false hasContentIssue false

Chapter 9 - The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective

Published online by Cambridge University Press:  23 January 2020

Daniela Brešić
Affiliation:
Ludwig-Maximilians-University Munich, Germany.
Get access

Summary

INTRODUCTION

The number of cyberattacks is increasing and with it the fear of attacks on highly vulnerable infrastructures, such as energy or healthcare infrastructures. This is crucial, as for instance, the intrusion on an energy supplier's computer systems may affect the supply and distribution of energy which may have impact on thousands of people's lives. Such infrastructures are being considered as critical infrastructures (CIs) due to their importance for the maintenance of crucial “societal functions, health, safety, security, economic or social well-being of people”. These infrastructures play a vital role for society and are essential for a successfully operating internal market. In that respect, disruptions may become very dangerous for the interests of the general public due to the interconnected concept of CIs. For instance, energy networks may be highly interdependent and the unavailability of energy supply provided by CI can constitute a major vulnerability to energy suppliers (i.e. electricity, oil and gas) that can be caused through cyber-attacks. Malicious attacks are not limited by borders and malfunctioning CI may have effects on other infrastructures, also in a cross-sector manner resulting from interdependencies between different CIs.

Therefore, a common trans-boundary approach within Europe must be ensured. However, disruptions of CI may also be caused through other technological disasters than cyberattacks, or through natural disasters. As far as the first type is concerned, a disaster may also be caused through human failure, for instance, if counter-measures have not been implemented sufficiently. Natural disasters on the other hand, are oft en considered as force majeure and consequently it may be difficult to identify a tortfeasor in this context. The scope for the application of liability regulation therefore becomes rather relevant in the context of technological disasters, rooted in human error which may be traced back to an individual's behaviour.

Responsibility may become a crucial issue in the context of cybersecurity and CI, as the ownership of CIs, such as power suppliers, is primarily in the hand of private entities. The Directive on Security of Network and Information Systems5 (NIS Directive) is the first European legislation that introduces minimum cybersecurity criterions in order to ensure a high level of security of network and information systems while focusing on operators of essential services and digital service providers.

Type
Chapter
Information
Security and Law
Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security
, pp. 215 - 238
Publisher: Intersentia
Print publication year: 2019

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×