Abstract
EU is admittedly investing into technological advancements that would protect the users’ security, trust, and privacy, by funding privacy by design and privacy by default research and technologies. The legal framework seems unprepared in dealing effectively with the rising sophisticated cyberattacks, therefore EU is coping to improve the overall network and information security, along with data protection, through the newly introduced and long anticipated General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS). Trusted Computing (TC) is a technology that aims to protect the user, and the integrity of her machine and her privacy against third-party users. To defeat security threats, what is needed are “networks of security” rather than isolated security solutions and “gated communities”. It was argued that technologies like TC can be used to build secure networks and if adopted by Critical Infrastructures (CIs), to avoid cascade effects in interdependent CIs, as well as to standardize components, to comply with EU’s cybersecurity framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For the different types of interdependencies between CIs, see Eusgeld et al. (2011).
- 2.
- 3.
Cyber attacks are characterized as advanced persistent threats due to their increased frequency, sophistication, clear target, and coordination.
- 4.
The Home Office minister Baroness Neville-Jones presented an estimation that cybercrime costs UK £27bn each year in UK Cabinet Office and National security and intelligence.
- 5.
Such interconnections can be classified as physical, geographical, cyber, or logical (Rinaldi et al. 2001).
- 6.
The three modes of malicious attacks on a power infrastructure are as follows: (1) attack upon the system; (2) attack by the system; and (3) attack through the system (Amin 2002).
- 7.
Back in 2003, the Trusted Computing Group (TCG) (formerly known as the Trusted Computing Platform Alliance (TCPA))—a non-profit organization—formed an alliance of promoters like AMD, Hewlett-Packard (HP), IBM, Intel Corporation, Microsoft, Sun Microsystems Incorporation, Fujitsu Limited, and of contributors like Canon, Dell, Erickson, Google, Oracle, Samsung, and many more; initiated the Trusted Computing (TC) project.
- 8.
A Root of Trust is a hardware component to help protect viable configurations.
- 9.
Using base elements to build up a larger system.
- 10.
See more in Danidou (2015).
- 11.
The significance of an incident can be determined based on specific parameters Art. 16 (4) (European Commission 2016).
References
Ab Manan J-L, Mubarak MF, Isa MAM, Khattak ZA (2011) Security, trust and privacy–a new direction for pervasive computing. Inf Secur:56–60
Amin M (2002) Security challenges for the electricity infrastructure. Computer (Long Beach Calif) 35:supl8–supl10. https://doi.org/10.1109/MC.2002.1012423
Andress J (2014) Cyber warfare techniques, tactics and tools for security practitioners, 2nd edn. Syngress, an imprint of Elsevier, Waltham
Balacheff B, Chen L, Pearson S et al (2000) Computing platform security in cyberspace. Inf Secur Tech Rep 5:54–63. https://doi.org/10.1016/S1363-4127(00)87631-1
BBVA (2016) The Network and Information Security (NIS) Directive. Part 2 of 2. Digit Econ Outlook
Belanger F, Hiller JS, Smith WJ (2002) Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. J Strateg Inf Syst 11:245–270
Berger B (2005) Trusted computing group history. Inf Secur Tech Rep 10:59–62. https://doi.org/10.1016/j.istr.2005.05.007
Burmester M, Mulholland J (2006) The advent of trusted computing: implications for digital forensics. In: Proceedings of the 2006 ACM symposium on applied computing. ACM Press, Dijon, pp 283–287
Camenisch J (2004) Better privacy for trusted computing platforms. In: Samarati P, Ryan P, Gollmann D, Molva R (eds) Computer security – ESORICS 2004. Springer, Heidelberg, pp 73–88
Carroll A, Juarez M, Polk J, Leininger T (2002) Microsoft Palladium: a business overview. Microsoft Press Release
CERT (2018) Vulnerability notes. https://www.kb.cert.org/vuls. Accessed 25 Jun 2018
Christou G (2016) Cybersecurity in the European Union
Cm7234 (2007) The Government reply to the fifth report from the House of Lords Science and Technology committee
Cm7642 (2009) Cyber Security Strategy of the United Kingdom safety, security and resilience in cyber space. 26
Cm7948 (2010) Securing Britain in an age of uncertainty: the strategic defence and security review
Corn T (2017) A new era for critical infrastructure: IT Security. In: CSO – Resour. Data Secur. Exec. https://www.cso.com.au/article/621183/new-era-critical-infrastructure-it-security/. Accessed 25 Jul 2018
Danidou I (2015) Trusted computing or trust in computing?: legislating for trust networks. ProQuest Dissertations Publishing
Dekker MAC (2013) Critical cloud computing – a CIIP perspective on cloud computing services. Eur Netw Inf Secur Agency 33
European Commission (2009a) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection. “Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience”. COM 149 Final
European Commission (2009b) Directive 2009/140/EC of 25 November 2009 amending Directives 2002/21/EC, 2002/19/EC and 2002/20/EC. Off J Eur Union L 337:37–69
European Commission (2013a) Cybersecurity strategy of the European Union: an open, safe and secure cyberspace. European Commission
European Commission (2013b) Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union. 0027:
European Commission (2015) Cybersecurity. https://ec.europa.eu/digital-agenda/en/cybersecurity#Article
European Commission (2016) Directive (EU) 2016/1148 Of The European Parliament And Of The Council - of 6 July 2016 - concerning measures for a high common level of security of network and information systems across the Union. European Parliament and of the Council
European Commission (2017) Factsheet State of the Union 2017
European Commission (2018) Joint communication to the European Parliament and the Council - Resilience, Deterrence and Defence: Building strong cybersecurity for the EU
European Parliament (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council – of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDP). European Parliament and of the Council
European Political Strategy Centre (2017) Building an effective European cyber shield. Eur Comm 16. https://doi.org/10.2872/955505
Eusgeld I, Nan C, Dietz S (2011) “System-of-systems” approach for interdependent critical infrastructures. Reliab Eng Syst Saf 96:679–686. https://doi.org/10.1016/J.RESS.2010.12.010
Farwell JP, Rohozinski R (2011) Stuxnet and the future of cyber war. Surviv Glob Polit Strateg 53:23–40
Gallery E (2008) Who are the TCG and what are the trusted computing concepts? TRUST2008
Gordon L, Loeb M (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5:438–457. https://doi.org/10.1145/581271.581274
Gordon L, Loeb M (2006) Economic aspects of information security: an emerging field of research. Inf Syst Front 8:335–337. https://doi.org/10.1007/s10796-006-9010-7
Guadamuz A (2013) Networks, complexity and internet regulation scale-free law. The University of Edinburgh
Homeland Security (2017) Risks to critical infrastructure that use cloud services
Hunton P (2009) The growing phenomenon of crime and the internet: a cybercrime execution and analysis model. Comput Law Secur Rev 25:528–535. https://doi.org/10.1016/j.clsr.2009.09.005
IWS (2018) World Internet Users Statistics and 2018 World Population Stats. https://www.internetworldstats.com/stats.htm. Accessed 25 Jun 2018
Pieter Kalis (2018) NIS Directive – update for the Netherlands – Leiden Law Blog. In: 31/01/2018. http://leidenlawblog.nl/articles/nis-directive-update-for-the-netherlands. Accessed 16 Jun 2018
Kaskina BB (2017) How the European Union is tackling cybersecurity: a look at the NIS directive. ITU News, 1–12
Kert M, Lopez J, Markatos E, Preneel B (2014) State-of-the-art of Secure ICT landscape
King J (2017) Commissioner King’s speech at the EU Cybersecurity Conference “Digital Single Market, Common Digital Security 2017”, 15 September 2017, Tallinn, European Commission. https://ec.europa.eu/commission/commissioners/2014-2019/king/announcements/commissioner-kings-speech-eu-cybersecurity-conference-digital-single-market-common-digital-security_en. Accessed 28 Jun 2018
Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28:509–520. https://doi.org/10.1016/j.cose.2009.04.006
Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Privacy 9:49–51. https://doi.org/10.1109/MSP.2011.67
Lessig L (1996) The zones of cyberspace. Stanford Law Rev 48:1403–1411
Lipson HF (2002) Tracking and tracing cyber-attacks: technical challenges and global policy issues
Liveri D, Skouloudi C (2016) Exploring cloud incidents. Eur Netw Inf Secur Agency 1–14
Mackay M, Baker T, Al-Yasiri A (2012) Security-oriented cloud computing platform for critical infrastructures. Comput Law Secur Rev 28:679–686. https://doi.org/10.1016/J.CLSR.2012.07.007
Maglaras L, Drivas G, Noou K, Rallis S (2018) ICST Transactions Preprint NIS directive: The case of Greece
Mitchell CJ (2008) What is trusted computing? In: Mitchell CJ (ed) Trusted computing. The Institution of Engineering and Technology (IET), London, pp 1–10
Mutz DC (2005) Social Trust and E-Commerce: experimental evidence for the effects of social trust on individuals’ economic behavior. Public Opin Q 69:393–416. https://doi.org/10.1093/poq/nfi029
Office of Cyber Security and Information Assurance (OCSIA), Detica (2011) The cost of cyber crime. 28
Oppliger R, Rytz R (2005) Does trusted computing remedy computer security problems? IEEE Secur Priv 3:16–19. https://doi.org/10.1109/MSP.2005.40
Pagallo U (2015) Good onlife governance: on law, spontaneous orders, and design. In: The onlife manifesto. Springer, pp 161–177
Proudler G (2005) Concepts of trusted computing. In: Mitchell CJ (ed) Trusted computing. The Institution of Engineering and Technology (IET), London, pp 11–27
Proudler G, Dalton C, Chen L (2014) Trusted computing platforms: TPM2.0 in context, 1st edn. Springer
Reid J, González Nieto JM, Dawson E, Okamoto E (2003) Privacy and trusted computing. In: Proceedings of the 14th international workshop on database and expert systems applications (DEXA’03). IEEE, Washington, pp 383–388
Rinaldi SM, Peerenboom JP, Kelly TK (2001) Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst 21:11–25. https://doi.org/10.1109/37.969131
Rosinger C, Uslar M, Sauer J (2013) Threat scenarios to evaluate trustworthiness of multi-agents in the energy data management. EnviroInfo, pp 258–264
Russia US-CCU Special Report (2009) Overview by the US-CCU of the cyber campaign against Georgia in August of 2008. US Cyber Consequences Unit
Safford D (2002a) Clarifying misinformation on TCPA. In: White Pap. http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf
Safford D (2002b) The need for TCPA. http://www.research.ibm.com/gsal/tcpa/why_tcpa.pdf
Schneider FB (2000) Critical infrastructures you can trust: where telecommunications fits. Comput Sci Telecommun 1–29
Schneier B (2010) Security in 2020 – Schneier on security. https://www.schneier.com/blog/archives/2010/12/security_in_202.html. Accessed 21 Jun 2018
Schoen S (2003) Trusted computing: promise and risk. Electronic Frontier Foundation
Schoorman FD, Mayer RC, Davis JH (2007) An integrative model of organizational trust: past, present, and future. Acad Manag Rev 32:344–354. https://doi.org/10.5465/amr.2007.24348410
Shirey R (2000) RFC2828: Internet Security Glossary. RFC Editor
Simon T (2017) Critical infrastructure and the Internet of Things. Cent Int Gov Innov Chatham House 46
Stanganelli J (2018) EU’s NIS Directive Compounding GDPR Burdens & Confusion – Security Now. In: 23/02/2018. https://www.securitynow.com/author.asp?section_id=613&doc_id=740750. Accessed 16 Jun 2018
Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 2011:16–19. https://doi.org/10.1016/S1353-4858(11)70086-1
TCG (2006) More secure computing. TCG
Ten C-W, Manimaran G, Liu C-C (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern – Part A Syst Humans 40:853–865. https://doi.org/10.1109/TSMCA.2010.2048028
The White House (2013) Executive Order 13636: improving critical infrastructure cybersecurity. Fed Regist 78:1–8
Varianou Mikellidou C, Shakou LM, Boustras G, Dimopoulos C (2017) Energy critical infrastructures at risk from climate change: a state of the art review. Saf Sci. https://doi.org/10.1016/J.SSCI.2017.12.022
Vermesan O, Friess P (2015) Building the hyperconnected society: Internet of things research and innovation value chains, ecosystems and markets. River Publishers
Vespignani A (2010) Complex networks: the fragility of interdependency. Nature 464:984–985. https://doi.org/10.1038/464984a
Yeung K (2008) Towards an understanding of regulation by design. In: Yeung K (ed) Regulating technologies: legal futures, regulatory frames and technological fixes. Hart, Oxford, pp 79–108
Yeung K, Dixon-Woods M (2010) Design-based regulation and patient safety: a regulatory studies perspective. Soc Sci Med 71:502–509
Zimmerman R (2004) Decision-making and the vulnerability of interdependent critical infrastructure. In: IEEE international conference on systems, man and cybernetics (IEEE Cat. No. 04CH37583). IEEE, pp 4059–4063
Zittrain J (2008) The future of the Internet and how to stop it. Yale University Press, New Haven
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Danidou, Y. (2020). Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal Framework. In: Synodinou, TE., Jougleux, P., Markou, C., Prastitou, T. (eds) EU Internet Law in the Digital Era. Springer, Cham. https://doi.org/10.1007/978-3-030-25579-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-25579-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25578-7
Online ISBN: 978-3-030-25579-4
eBook Packages: Law and CriminologyLaw and Criminology (R0)