After making known the trends that mark the world of cybercrime and highlighting the lack of preparation of Portuguese users and companies to deal with cyber threats, the Cybersecurity Observatory of the National Cybersecurity Center (CNCS) now presents a new report focused on thematic of Ethics and Law.
Described as a state of the art of cybersecurity ethics and law, the objective of the report is to analyze the main ethical and legal problems associated with cyberspace insecurity, as well as the solutions that have been developed to mitigate the problems, both at national as well as international.
O CNCS Observatory details that cybersecurity is essential to “preserve citizens’ trust in digital infrastructure, institutions and the state authority itself”. However, its mechanisms and practices can also take on a “dangerously intrusive shape, cutting the same rights and freedoms that it aims to protect”.
The ethical nature of cybersecurity has been accentuated in recent years, recognizing the need for it and those who provide it to go beyond the technical implications, despite the heterogeneity of operating contexts and the speed of technological transformations making implementation difficult. stable and uniform ethical guidelines.
“There is no single, detailed and stable code that allows cybersecurity technology suppliers to know, in each particular situation, which is the best strategy to adopt,” says the observatory. However, the definition of strategies in this area must focus on areas such as reliability, transparency and responsibility, without forgetting fundamental rights.
It is up to service providers, professionals in the field and citizens themselves, as users of digital platforms and systems, to promote a culture of transparency and responsibility ethics, with an effort to raise awareness of appropriate practices and behaviors. .
Taking into account the national panorama, the Observatory stresses that public policies and legislative developments in the field of cybersecurity have been following the guidelines defined by the European Union and the commitments made within the framework of the Council of Europe.
However, the report highlights some needs for legislative intervention. At issue is, for example, the adoption of legislation that is capable of setting security and incident reporting requirements, under the terms of articles 12 and 13. of Law No. 46/2018 and the introduction of changes to Law No. 58/2019, on the implementation of the General Data Protection Regulation in the Portuguese legal order, to ensure its compliance with Union law.
The transposition of the Directive establishing the European Electronic Communications Code is another point that needs intervention. The Code aims to ensure the freedom to offer services and electronic communications networks, which “must be provided with a particularly high level of security”, remembering that suppliers must specify the measures to be adopted in the event of incidents, threats and vulnerabilities.