Cybersecurity challenges ahead! How would you shape regulation to address changing technology?

20 Jun 2019 11:00h - 12:30h

Event report

[Read more session reports and live updates from the EuroDig 2019]

The workshop addressed the topic of cybersecurity navigating the current challenges and policy mechanisms in place, and analysing whether further regulation is needed. The workshop was moderated by Ms Louise Marie Hurel (Cybersecurity and Digital Liberties Programme, Igarapé Institute Media and Communications (Data and Society), London School of Economics and Political Science) and underlined the need for implementing a multistakeholder approach.

Mr Wolfgang Kleinwächter (Professor Emeritus, University of Aarhus, Commissioner, Global Commission on the Stability of Cyberspace) addressed the question of how to make cyber norms effective. In its definition of Internet governance, the Working Group on Internet Governance argued that all stakeholders need to be represented at the table in their respective roles. Despite the fact that some issues have to be settled by a specific stakeholder group with expertise, conclusions can only be reached if all the stakeholders’ perspectives are taken into account. The current debate reflects tensions between those pushing for binding mechanisms and those arguing for voluntary ones. On a case by case basis, it can be argued that stronger specific regulation is needed, such as in the case of security certifications, whereas in other cases a soft-law approach could also be effective. On this line, current conceptual discussions have been focused on how to combine multilateralism and multistakeholderism: inclusive multilateralism could be a solution to this tension.

Ms Ceren Unal (Regional Policy Manager for Europe, Internet Society) addressed current technological challenges that have created a global appetite for further regulation. Nevertheless, flexibility is needed for understanding, on a case by case basis, whether further regulation is needed. Some challenges currently hampering the regulatory policy-making process are related to the false dichotomy that privacy and security are in contrast with each other. Security and privacy by design could be a solution. In order to create effective policy-making processes, a key role is played by education and literacy on the topic. Focusing on the security of Internet of things (IoT) devices as an example, Unal explained how some of the main challenges are represented by information asymmetries between the parties and even the producers of such devices at times. In the case of IoT, further regulation is not necessarily the optimal option; embedded principles of security and privacy could be an alternative solution. In addition to that, to address the challenges posed by emerging technologies, better transparency and accountability mechanisms are required, while digital literacy, security, and consumer awareness need to be better implemented for a more effective holistic approach.

Mr Marco Hogewoning (External Relations Officer and Technical Advisor, RIPE Network Coordinated Centre) addressed the issue from a technical perspective and underlined how the current approach has promoted self-regulation. Debates on effective regulation need to address the current gap of enforcement mechanisms which existing institutions and tools tend to lack. A big threat is represented by consumer electronics which is the least controlled and regulated field at the moment.

The workshop was then featured by an interactive discussion between panellists and the audience, which underlined other topics that need to be further addressed. First, education and digital literacy is required to better understand and evaluate policy-making processes. Second, transparency and accountability mechanisms need to be embedded into regulations. Finally, the status quo is currently characterised by the absence of an independent judiciary for cyberspace. As a result, an approach to foster responsible state behaviour is to implement best practices by like-minded countries. This could further strengthen the adoption of responsible behaviour by a larger number of actors, thus tackling the major challenge represented by the absence of non-binding mechanisms.

By Stefania Pia Grottola