Cybersecurity in the Digital Era:
European Perspectives (CDeEP)
Background and general objectives
The European Union Agency for cybersecurity (ENISA) in its last Report on the cyber threat landscape 2023 has dive deep into the evolving risks and vulnerabilities in cyberspace especially for the European citizens, critical infrastructures (i.e. electric grids, hospitals, banks, and financial sectors), SME, and public entities. It also has put in evidence the important of cybersecurity awareness to enhance the safe development of the European Union (EU) digital market.
In the European panorama, many provisions, collectively described by the umbrella concept of cybersecurity, have been prompted by international organisations throughout the years with the aim to regulate these emerging phenomena and to protect network and information systems, entities and individuals from any potential circumstance, event or action that could damage, disrupt, or impact them.
Among the most relevant acts are the EU Cybersecurity Strategy, the Network and Information Security (NIS and NIS2), directives, the General Data Protection Regulation (GDPR), the Cyber Resilience Act, and the Council of Europe (CoE) Convention on Cybercrime of 2001 (Budapest Convention), namely the first international treaty addressing cybercrime, and its Additional Protocols the first concerning the criminalization of acts of a racist and xenophobic nature committed through computer systems of 2008, and the second on enhanced co-operation and disclosure of electronic evidence of 2021.
The commitment of these international organisations, specifically the European Union’s, is evident and undeniable. These provisions address cybersecurity challenges and enhance cybersecurity capabilities with the aim to protect critical infrastructure and promote international cooperation in cyberspace.
Despite the efforts and the EU-promoted initiatives, the European citizens’ lack of knowledge and awareness is extensively regarded as the main issues for the proliferation of cyberattacks and ineffectiveness of cybersecurity plans, combined with jurisdictional restraints that are due to the limitless nature of cyberspace, to the technical and juridical difficulties of the attribution of cybermalicious operations and the lack of co-operations among law enforcement agencies. This situation is further exacerbated by the advancement of new emerging and disruptive technologies, such as Artificial Intelligence (AI) and Quantum Computing, and the increase in the use of Internet of Things (IoT) that give rise to new cybersecurity challenges.
For this reason, the primary aim of this project is to make citizens and, above all, students aware of the inherent risks associated with the use of new technologies, and to provide them with a substantial skillset on how to i) mitigate these risks and to ii) be compliant with the EU legal framework on cybersecurity. As it refers to the protection of networks, information systems and personal data, the project is closely connected to safeguarding fundamental rights and values such as security, privacy, and freedom of expression. The second aim is to study the evolution and update of the European normative framework in the light of the increasing sophistication of cyber incidents and attacks that is due to the offensive use by the criminal hackers of the disruptive technologies.
Hence, the scope of the project would be on one hand to analyse the current varied regulatory system and major issues on cybersecurity and, on the other hand, to disseminate and explain this knowledge to students, focusing on the contents and the objectives of initiatives promoted by the EU and other international organisations.
Raising awareness and training on the various aspects of cybersecurity will be done promoting the debate between the academic and business worlds to foster and strengthen the knowledge on EU provisions and policies, making them more understandable and, ultimately, efficient and effective.
Background and general objectives e le Analisi dei bisogni e obiettivi specifici
The European Union Agency for cybersecurity (ENISA) in its last Report on the cyber threat landscape 2023 has dive deep into the evolving risks and vulnerabilities in cyberspace especially for the European citizens, critical infrastructures (i.e. electric grids, hospitals, banks, and financial sectors), SME, and public entities. It also has put in evidence the important of cybersecurity awareness to enhance the safe development of the European Union (EU) digital market.
In the European panorama, many provisions, collectively described by the umbrella concept of cybersecurity, have been prompted by international organisations throughout the years with the aim to regulate these emerging phenomena and to protect network and information systems, entities and individuals from any potential circumstance, event or action that could damage, disrupt, or impact them.
Among the most relevant acts are the EU Cybersecurity Strategy, the Network and Information Security (NIS and NIS2), directives, the General Data Protection Regulation (GDPR), the Cyber Resilience Act, and the Council of Europe (CoE) Convention on Cybercrime of 2001 (Budapest Convention), namely the first international treaty addressing cybercrime, and its Additional Protocols the first concerning the criminalization of acts of a racist and xenophobic nature committed through computer systems of 2008, and the second on enhanced co-operation and disclosure of electronic evidence of 2021.
The commitment of these international organisations, specifically the European Union’s, is evident and undeniable. These provisions address cybersecurity challenges and enhance cybersecurity capabilities with the aim to protect critical infrastructure and promote international cooperation in cyberspace.
Despite the efforts and the EU-promoted initiatives, the European citizens’ lack of knowledge and awareness is extensively regarded as the main issues for the proliferation of cyberattacks and ineffectiveness of cybersecurity plans, combined with jurisdictional restraints that are due to the limitless nature of cyberspace, to the technical and juridical difficulties of the attribution of cybermalicious operations and the lack of co-operations among law enforcement agencies. This situation is further exacerbated by the advancement of new emerging and disruptive technologies, such as Artificial Intelligence (AI) and Quantum Computing, and the increase in the use of Internet of Things (IoT) that give rise to new cybersecurity challenges.
For this reason, the primary aim of this project is to make citizens and, above all, students aware of the inherent risks associated with the use of new technologies, and to provide them with a substantial skillset on how to i) mitigate these risks and to ii) be compliant with the EU legal framework on cybersecurity. As it refers to the protection of networks, information systems and personal data, the project is closely connected to safeguarding fundamental rights and values such as security, privacy, and freedom of expression. The second aim is to study the evolution and update of the European normative framework in the light of the increasing sophistication of cyber incidents and attacks that is due to the offensive use by the criminal hackers of the disruptive technologies.
Hence, the scope of the project would be on one hand to analyse the current varied regulatory system and major issues on cybersecurity and, on the other hand, to disseminate and explain this knowledge to students, focusing on the contents and the objectives of initiatives promoted by the EU and other international organisations.
Raising awareness and training on the various aspects of cybersecurity will be done promoting the debate between the academic and business worlds to foster and strengthen the knowledge on EU provisions and policies, making them more understandable and, ultimately, efficient and effective.
