Journal of Security and Sustainability Issues

It has been revealed that the legal and doctrinal basis of information security in Ukraine developed symptomatically and haphazardly. This is largely due to the fact that modern research methods are based on different worldview positions, solve research problems in different ways, and also use excellent research strategies. In addition, information security was primarily viewed as the information security of the state. Subsequently, the intensification of informatization processes in all areas, especially the growth in the importance of technical protection of information, led to the formation of legal support for the protection of information as an integral component of the security of enterprises, institutions and organizations, as well as individual sectors of the economy. At the turn of the millennium, the question of international information security, as well as cybersecurity as part of information security, became acute. The stages of the formation of Ukrainian legislation in the information sphere in general, and information security in particular, have been analyzed, and it has been found that at each of these stages, the information security of a person remained a secondary issue. Increasing the efficiency of administrative and legal support for information security in Ukraine is possible through the implementation of a set of legal measures, which include: clear reflection in law and state institutions of the orientation on the combination of public and private economic interests in the information sphere; constant and consistent use of all human rights mechanisms and procedures to overcome conflicts in the information sphere; raising the legal level of consciousness and activities of civil servants, representatives of all branches and levels of government, and the country’s population.

The methodological foundations of the formation of analytical support for public administration of cybersecurity have been improved. Based on a combination of hierarchical and non-hierarchical clustering methods using the IBM SPSS Statistics package, the country’s regions have been grouped into four clusters, which is the basis for adjusting the priorities of the state cybersecurity policy, a well-grounded approach when choosing means and instruments of influence at the regional level. In modern doctrine and practice of international law, the issues of qualification of cyber warfare remain controversial. There are approaches to justify the application of international humanitarian and criminal law. The most justified, in our opinion, is the qualification of cyber warfare as a violation of the UNO Charter and the use of force, and in some cases – the crime of aggression. The substantive rules of the institution of international cooperation in the fight against cybercrime determine the special principles of this kind of cooperation, the criminalization of certain types of illegal acts, as well as institutional mechanisms and capacity building. The system of international combating cybercrime is based on the principles of technical neutrality, multi-stakeholderism (public-private partnerships), as well as the equivalence of human rights online and offline. In the future, cybercrime will be associated with the use of innovative technologies. As it has been established by the example of the Internet of things, the latest technology, as a general rule, is included in the scope of existing international agreements on cybercrime, but there is no special regulation for them. We propose formal consolidation of the provision on “emergent technologies” in the texts of international legal acts in the field of combating cybercrime. First of all, this concerns the future UNO Convention on the fight against cybercrime, which should also provide for an additional body, such as the T-CY Committee under the Council of Europe Convention, which will provide clarification on the application of the agreement in specific changed circumstances.

The authors have investigated the features of legal support for cybersecurity in some of the leading countries of the world, have established the organizational basis for its support, as well as the main aspects of NATO and the EU’s activities and standards in this area. In particular, the essence of the concept of cybersecurity is determined by referring to the views of both foreign scientists and Ukrainian scientists, and fixing this definition in normative documents of international importance (international standard ISO/IEC 27032:2012). Actual strategic goals in the direction of ensuring cybersecurity in countries such as France, the UK, the United States, as well as the settlement of these issues at the legislative level in Ukraine are highlighted. It has been established which state bodies operate in the indicated countries, whose powers include ensuring cybersecurity. Attention is paid to the settlement of cybersecurity and cyber protection issues at the international level, in particular at the EU and NATO levels. Particular attention is paid to NATO standards – TEMPEST. The content of the norms of the current legislation of Ukraine in the field of ensuring cybersecurity and the nature of the priority tasks of the National Cyber Security Coordination Center under the National Security and Defense Council of Ukraine are disclosed, which are normatively enshrined in the relevant Regulation. The features of the regulatory and organizational support of cybersecurity in some leading countries of the world and in Ukraine are structured.

This article discusses the Ukrainian legislation on cybersecurity. The necessity of developing an efficient cybersecurity system was raised by the hybrid war conducted by Russia over the last few years, in which many critical infrastructure objects have been destroyed with serious consequences not only for the end consumers but also for the security of the state. Consequently, Ukraine has begun issuing a number of laws aiming at strengthening its cyber defense capabilities by establishing an efficient national cybersecurity system. The analysis has clearly shown that although important steps have already been taken in this direction, much still remains to be done to protect the Ukrainian critical infrastructure.

Lately a lot of attention has been given to legal regulation of cybersecurity. This article will review legal regulation of cybersecurity in Lithuania. Historical retrospective of legal regulation of cybersecurity in Lithuania will be discussed, strategic Lithuanian cybersecurity documents will be analysed, and the Law on Cybersecurity of the Republic of Lithuania will be analysed and evaluated. After a comparative analysis of cybersecurity strategies and laws and a review of legal regulation of cybersecurity in Lithuania, gaps of law-making and of other measures were distinguished, and corresponding conclusions were made. The adoption of the new Law on Cybersecurity, which regulates many important institutes, is evaluated positively. But with regard to the current legal regulation on cybersecurity in Lithuania additional measures are necessary (functions of institutions that formulate cybersecurity policy and perform control functions have not been detailed and distinguished, also functions of the Lithuanian national Computer Emergency Response Team (CERT) are not foreseen in the Law on Cybersecurity, etc.).