Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023 2024

2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

Unlocking The Future of Legal Defence in Cyberspace

What are the legal defences in cyberspace in the face of often invisible attacks? And what is the framework for the future of legal defence? These inquiries were at the forefront of the event “Unlocking the Future of Cyber Defence in Cyberspace”, delving into the pivotal realm of cyber law and its role in combatting cybercrime.

David Hickton

Founding Director of the Institute for Cyber Law, Policy, and Security University of Pittsburgh

Mr. David Hickton, Founding Director of the Institute for Cyber Law, Policy, and Security University of Pittsburgh, delivered a keynote during this Coalition event, that brought together an eclectic mix of stakeholders. Joining him in a panel discussion were Mrs. Catherine Van de Heyning, public prosecutor, Mrs. Caroline Frère (FCCU), litigation lawyer Mr. Thomas Declerck (A&O Shearman) LLP) and assistant professor and researcher Mrs. Laura Drechsler (CITIP KU Leuven). This article wraps up the key takeaways from the panel discussion.

An ever-growing range of threats

Risks and attacks increase every year. In Belgium, corporate IT security audits reveal that 98% of companies report facing risks, 66% have suffered an attack in the last two years and, of these, 87% have suffered financial damage or loss of reputation due to cyberattacks. All this has consequences for both public and private companies.

There are even fears that a massive cyberattack could trigger a major global crisis on a scale comparable to the COVID pandemic - and we are not prepared for such an attack, leading to devastating consequences. What makes the situation even more challenging is that more and more objects are connected via the Internet of Things, meaning the risk of an exposure to attack multiplies. Also on the rise is the number of criminals with new strategies and technologies – for example, AI now allows voice recordings and images to be generated to create fake videos. 

The means to fight: institutions, laws, tools

In the event of such an attack affecting the internet and our systems, responsible governance in both private companies and public institutions means ensuring data integrity, service continuity and confidentiality.

Prevention remains the best defence, starting with the detection of vulnerabilities in systems. But it also means breaking down barriers: opening up a dialogue between public authorities and the business world. The Centre for Cybersecurity Belgium is the national authority responsible for supervising, coordinating and implementing solutions. But, in addition to national initiatives, we need European cooperation, which could take the form of a cyber defence agency.

Especially when it comes to AI and Quantum, because existing laws do not cover the use or consequences of these types of technologies. Above all, technologies evolve rapidly – and much faster than legislation. We need to anticipate, where possible, future technological developments so that an act identified as criminal today will also be criminal in the future.

Proportionate responses to the threat

The perpetrators of cybercrime, whatever form it takes, should go to prison for the damage caused. A theft, whether committed via the internet or in a physical shop, remains a theft and should be punishable. Therefore, it is necessary to gather a lot of evidence to accuse someone of criminal activity and it is important for companies to be able to report threats to authorities on an international level.

This includes ransomware cases. As a rule, companies should not pay ransomware. But if a company chooses to pay, the attack should still be reported. Also their contacts must be informed. This allows the company’s business circle to be on guard.

It is worth noting that while we are seeing more and more attacks, cybercriminal networks are also being dismantled more often. Certainly, because there is no shortage of tools to fight or punish cybercriminals or non-cooperating countries.

Do too many laws kill business?

The question is whether the law stands in the way of economic progress. Companies must now consider a range of legislation. Behind every piece of legislation, there are issues to understand. The purpose is to find the right balance between overabundance of laws and entrepreneurial freedom. At the same time, the business (customers, suppliers…) demands more security. Laws are therefore a necessary evil.

Faced with cybercrime that knows no borders, the authorities are fighting it without always having an appropriate and legal response that takes into account the borders and the right to sovereignty of each country.

Furthermore, in an era where companies become more powerful than governments, there is a way to enhance public-private cooperation. Yet there remains reluctance on the part of the private sector to be transparent regarding the cyberattacks.

In conclusion

There is no shortage of legal avenues in the fight against cybercrime - the question is how best to navigate them? Clearly, there is currently a lack of resources to effectively investigate and combat all threats and attacks. There is also a challenge in terms of implementing effective prevention in a democracy so that individual rights, such as privacy, are also safeguarded.