Skip to main content

DSI Publications

Journal Article

Das IT-Sicherheitsgesetz 2.0 – neue Regeln für Unternehmen und IT-Produkte [The IT Security Act 2.0 - new regulations for companies and IT products]

Computer und Recht 7: 450–458
Martin Schallbruch (2021)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security, information law, critical infrastructures, cyber regulation
Two articles explain the genesis and contents of the German IT Security Act 2.0, which was enacted in May 2021. This first article focuses on the origins of the law, the obligations of companies as operators of information technology, and the new regulations on the security of IT products.
Journal Pages
450–458
ISSN (Online)
2194-4172
Journal Article

Cybersecurity and the risk governance triangle

International Cybersecurity Law Review 2 (1): 77–92
Andrew J. Grotto, Martin Schallbruch (2021)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Transatlantic, data protection, internet of things, artificial intelligence, industrial control systems (ICS)
Volume
2
Journal Pages
77–92
ISSN (Online)
2662-9739
ISSN (Print)
2662-9720
Book Chapter

Die völkerrechtliche Dimension der IT-Sicherheit [The international legal dimension of IT security]

In IT-Sicherheitsrecht, edited by Gerrit Hornung, Martin Schallbruch, Baden-Baden: Nomos.
Henning Christian Lahmann (2020)
Subject(s)
Information technology and systems
Keyword(s)
international law, cybersecurity, united nations, use of force, intervention, sovereignty, internet governance, arms control, cyber operations
The chapter summarises the current state of the application of international law to cyberspace and reviews attempts to find consensus among the community of states. While virtually all states agree that international law applies to state conduct in cyberspace, the 'how' remains a hotly contested issue. The chapter focuses on the prohibition of the use of force, the prohibition of intervention, and the principle of sovereignty and assesses their legal status vis-à-vis cyber operations. It follows a brief treatment of further international efforts to increase transnational cybersecurity, such as internet governance and arms control treaties.
Secondary Title
IT-Sicherheitsrecht
ISBN
978-3-8487-5764-0
Journal Article

‘Hacking back' by states and the uneasy place of necessity within the rule of law

Heidelberg Journal of International Law (HJIL) 80 (2): 433–452
Henning Christian Lahmann (2020)
Subject(s)
Information technology and systems
Keyword(s)
International law, cybersecurity, cyberattacks, attribution, necessity, rule of law, special emergency regime
The article deals with necessity as one of the circumstances precluding wrongfulness under customary international law and how it will likely gain relevance in view of the difficulty to quickly attribute malicious cyber operations that threaten important assets of a state. While the necessity doctrine seems fit for purpose, it lacks granularity and is problematic from an international rule-of-law point of view. Taking these pitfalls into account, the article proposes some general principles for a possible special emergency regime for cyberspace.
Volume
80
Journal Pages
433–452
Journal Article

Information operations and the question of illegitimate interference under international law

Israel Law Review 53 (2): 189–224
2020 Best Paper Award
Henning Christian Lahmann (2020)
Subject(s)
Information technology and systems
Keyword(s)
Information operations, cyber operations, cognitive warfare, disinformation, election interference, principle of non-intervention, sovereignty, self-determination
The article examines the legal qualification of state-led information operations that aim to undermine democratic decision-making processes in other states. After a survey of the legal attitudes of states towards such operations during the Cold War, the impact of the digital transformation on the frequency and quality of information operations is explained. The article then assesses scholarly responses to the outlined paradigm shift regarding the prohibition of intervention, respect for sovereignty and the principle of self-determination. The study then inquires whether it is possible to detect a change in how states qualify adversarial information operations by tracking recent state practice and official statements of opinio juris. The survey concludes that there is insufficient uniformity to allow for an inference that the content of the analysed rules of customary international law has already shifted towards more restrictive treatment of foreign interference. As a possible way forward, the article ends with a proposal to focus on deceptive and manipulative conduct of information operations as the most viable path to outlaw such state behavior in the future. Instead of attempting to regulate the content of information, this approach is better suited to safeguard freedom of speech and other potentially affected civil rights.
© Cambridge University Press and The Faculty of Law, The Hebrew University of Jerusalem 2020
Volume
53
Journal Pages
189–224
ISSN (Online)
2047-9336
ISSN (Print)
0021-2237
Journal Article

Sichere IT ohne Schwachstellen und Hintertüren [Secure IT without vulnerabilities and back doors]

TA TuP (Journal for Technology Assessment in Theory and Practice) 29 (1): 30–36
Arnd Weber, Gernot Heiser, Dirk Kuhlmann, Martin Schallbruch, Anupam Chattopadhyay, Sylvain Guilley, Michael Kasper et al. (2020)
Subject(s)
Information technology and systems
Keyword(s)
Cybersecurity, sovereignty, open source, verification,
supply chain risks
Increasing dependence on information technology calls for strengthening the requirements on their safety and security. Vulnerabilities that result from flaws in hardware and software are a core problem which market mechanisms have failed to eliminate. A strategy for resolving this issue should consider the following options: (1) private- and public-sector
funding for open and secure production, (2) strengthening the sovereign control over the production of critical IT components within an
economic zone, and (3) improving and enforcing regulation. This paper
analyses the strengths and weaknesses of these options and proposes
a globally distributed, secure supply chain based on open and mathematically proved components. The approach supports the integration
of legacy and new proprietary components.
Volume
29
Journal Pages
30–36
ISSN (Online)
2199-9201
ISSN (Print)
1619-7623
Expert testimony paper

Stellungnahme: Anhörung im Deutschen Bundestag, Ausschuss Digitale Agenda, Anhörung "IT-Sicherheit von Hard- und Software als Voraussetzung für Digitale Souveränit" am 11.12.2019 [Testimony: Hearing in the German Bundestag, Digital Agenda Committee, hearing "IT security of hardware and software as a prerequisite for digital sovereignty" on 11.12.2019]

German Federal Parliament No. 19(23)080 (Digital Agenda Committee Paper)
Isabel Skierka (2020)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
IT-Security, Digital Sovereignty, Industrial policy
The public hearing of the Digital Agenda Committee on the topic of "IT security of hardware and software as a precondition for digital sovereignty" on Wednesday, December 11, 2019, analyzed how citizens, companies, but also public administration organizations in Germany are positioned with regard to digital sovereignty . The Committee led by Hansjörg Durz (CDU/CSU) focused primarily on the current state of Germany's IT infrastructure and governance, the need for legislative action, and security gaps.
In her statement, Isabel Skierka gives an assessment of Germany's industrial policy position in the field of digital technologies and the IT security situation and recommendations for strengthening digital sovereignty and IT security at the national and European level.

[Wie die Bürger, Unternehmen, aber auch die Verwaltung in Deutschland hinsichtlich der digitalen Souveränität aufgestellt sind, dazu gaben die Sachverständigen bei einer öffentlichen Anhörung des Ausschusses Digitale Agenda zum Thema „IT-Sicherheit von Hard- und Software als Voraussetzung für Digitale Souveränität“ am Mittwoch, 11. Dezember 2019, unterschiedliche Einschätzungen ab. Bei der Expertenbefragung unter Leitung von Hansjörg Durz (CDU/CSU) ging es vor allem um den Ist-Zustand der IT-Struktur Deutschlands, gesetzgeberischen Handlungsbedarf und Sicherheitslücken.
In ihrer Stellungnahme gibt Isabel Skierka eine Einsch¨ätzung zur industriepolitischen Stellung Deutschlands im Bereich digitaler Technologien sowie der IT-Sicherheitslage und Empfehlungen für die Stärkung digitaler Souveränität und der IT-Sicherheit auf nationaler und europäischer Ebene.]
Journal Article

A new competition framework for the digital economy: Report by the Commission “Competition Law 4.0”

Antitrust Chronicle 3 (2): 33–38
Martin Schallbruch, Heike Schweizer, Achim Wambach (2019)
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
Competition law, antitrust law, digital platforms, data access
The Commission “‘Competition Law 4.0’” was set up by the German Federal Minister for Economic Affairs and Energy with the task to draw up recommendations for the further development of EU competition law in the light of the digital economy. The final report with 22 recommendations was handed over in September 2019.
The commission finds that the practical and actual power of consumers to dispose of their own data must be improved, clear rules of conduct for dominant platforms must be introduced, legal certainty for cooperation in the digital sector must be enhanced, and the institutional linkage between competition law and other digital regulation must be strengthened.
Volume
3
Journal Pages
33–38
DSI Industrial & Policy Recommendations Series (IPR)

Europas dritter Weg im Cyberraum [Europe's third way in cyberspace]

DSI Industrial & Policy Recommendations Series (IPR)
Annegret Bendiek, Martin Schallbruch (2019)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
cybersecurity, digital sovereignty
Cybersicherheit ist für Europa zu einer Schlüsselfrage der globalen digitalen Transformation geworden. Mit dem Cybersecurity Act, also der Cybersicherheitsverordnung, hat die EU einen rechtlichen Rahmen mit dem Anspruch globaler Ausstrahlung vorgelegt. Eingebettet in eine Politik, die digitale Souveränität mit strategischer Verflechtung kombiniert, kann die Verordnung das Tor zu einem dritten Weg Europas im Cyberraum sein, der zwischen dem US-amerikanischen Modell der Marktfreiheit und dem chinesischen Modell des autori- tären Staatskapitalismus verläuft. Der Cybersecurity Act wird verbindlicher Handlungsrahmen und Rückenwind für die bundesdeutsche Cybersicherheitspolitik sein.
Pages
7
Report

A new competition framework for the digital economy

Report by the Commission ‘Competition Law 4.0’
Martin Schallbruch, Heike Schweizer, Achim Wambach (2019)
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
Competition law, antitrust law, digital platforms, data access
The Commission “‘Competition Law 4.0’” was set up by the German Federal Minister for Economic Affairs and Energy with the task to draw up recommendations for the further development of EU competition law in the light of the digital economy. The final report with 22 recommendations was handed over in September 2019.
The commission finds that the practical and actual power of consumers to dispose of their own data must be improved, clear rules of conduct for dominant platforms must be introduced, legal certainty for cooperation in the digital sector must be enhanced, and the institutional linkage between competition law and other digital regulation must be strengthened.
Pages
88