Organisations, individuals, and governments need to be confident that their data, computer systems and processes are effectively protected in order to reap the full benefits of cyberspace.
To achieve this, government intervention is sometimes required, for example to oblige private critical infrastructure providers to develop security risk-management plans. We investigate how governments can encourage the development of a secure Internet and online environment using law and regulation.
This Dimension creates a set of resources highlighting best practice in all areas of cybersecurity legislation. Governments across the world are therefore able to use this to improve their legislative framework, identifying areas where they can do more to protect cyberspace and seeing what steps are required to do so.
To create these resources, we examine at a national, regional and international level all the areas of online security that require government action, such as critical national infrastructure, criminal activity, data protection, computer emergency response teams, and education. Criminal activity is one area that receives much attention, but we make sure that we also cover legislation that provides incentives for better protection of data and systems: building more resilient systems, deterring an attack, responding after an incident, and from non-malicious actions, such as losing a laptop.
A key issue is how governments ensure that private critical infrastructure providers meet essential security standards. This is vital because so much of the economy relies on this infrastructure, and breaches can have far-reaching effects. Some countries have asked critical infrastructure providers to voluntarily participate in security standards but there has been limited uptake to date. For the most essential security measures, some governments are considering stronger interventions, and our research examines the best ways to go about this. In the area of cybercrime, as well as considering well documented threats, we look at the use of digital equipment in traditional crimes, for example in theft, and consider how the police can make use of new digital technologies without compromising privacy.
As the effectiveness of laws partially depends on how they are enforced, we also look at the impact of regulatory bodies covering communication and the utilities, and the effectiveness of reporting practices and penalties for data leaks in various countries and regions.
Our research covers laws and regulations at the global, regional and national level. We also examine whether national, regional or international approaches are most appropriate for a particular aspect. To date, we aim to create documents highlighting best practices that will enable policymakers across the world to access knowledge to make decisions on developing effective laws and regulations in their own jurisdictions.
This Dimension is chaired by Professor Federico Varese, Professor of Criminology at the University of Oxford and Senior Research Fellow at Nuffield College, Oxford.