Veselova L. Yu. Administrative-legal bases of cyber security in the context
of hybrid war. – Qualifying scientific work on the rights of a manuscript.
The thesis for a degree of Doctor of Juridical Sciences in the specialty 12.00.07 «Administrative Law and Process; Financial Law; Informational Law». – Odesa State University of Internal Affairs, Odesa, 2021.
The thesis is one of the complex scientific works, in which the problems of
administrative-legal support of cyber security of Ukraine in the context of hybrid war are comprehensively investigated at the monographic level.
Taking into account the subject of research, the cotemporaneous understanding of the development of social relations in cyberspace, their dualistic content for Ukraine, which is formed both on the basis of general civilizational tendencies inherent in the information society and features resulting from hybrid aggression on the state territory taking into account the security component with adequate methodological and content.
It is emphasized that the national security of Ukraine significantly depends on ensuring cybersecurity. In the course of the evolution of technological progress and cyber progress, this dependence will grow. In addition, the legislative regulation of relations in cyberspace needs constant updating, which is an objectively necessary process that must accompany the rapid technological development of information society. Taking into account the categorical uncertainty, the need for terminological regulation and standardization of conceptual apparatus in the system of administrative- legal support of cybersecurity, based on ensuring the adequacy of its content, compliance with legal terminology, as well as harmonization of terminology with current domestic legislation.
Based on the comparative analysis of foreign legislation, norms of international law and recommendations of international organizations, the methodological significance of formation of mechanism of administrative-legal regulation in the field of cybersecurity based on legal regulation of obligations of national cybersecurity entities to identify cybersecurity risks. The necessity of introduction and the content of key components of cybersecurity of Ukraine in the context of hybrid war are substantiated: “the risk-oriented approach to ensure cybersecurity”, ” the risk-oriented approach to protection of critical infrastructure” are revealed.
Summarizing the scientific achievements of well-known scientists in the field of
definition of “cybersecurity”, it is proposed to understand cybersecurity as a holistic system of protection of vital interests of citizens, society and the state, as well as minimizing the likelihood of real and potential cyber threats, their consequences and society’s resilience, as well as ensuring the sustainable development of a person, society and the state. Thus, it is noted that cybersecurity is a systemic and purposeful phenomenon that provides protection, resilience and development capacity of cyberspace actors.
It is emphasized that the current stage of formation of domestic legislation is extremely active and effective. Based on the analysis of legal acts of Ukraine in the field of cybersecurity, it is concluded that the formation of national legal institution of cybersecurity is directly related to the development of international law in this area and, above all, European, which served as a standard in information and telecommunications, security of society.
Attention is focused on the detailed characteristics of the mechanism elements of administrative- legal regulation in the field of cybersecurity: administrative-legal norms that establish the rights and responsibilities of the national cybersecurity system’s subjects; administrative-legal relations, which is a special form of interconnection of the national cybersecurity system’s subjects on the basis of their rights and responsibilities; acts of realization of the rights and obligations of the national cybersecurity system’s subjects, which consolidate and implement the provisions of administrative-legal norms in the process of interaction of the national cybersecurity system’s subjects.
The need for precautionary measures based on the implementation of risk- oriented cybersecurity strategy is noted. It is within the framework of administrative prevention measures that it is necessary to regulate legally the obligations of the national cybersecurity system’s subjects to determine the risks of cybersecurity. These risks may not be limited to technical risks of computer and telecommunications systems, but should also include an analysis of risks of strategic and operational nature, social, economic, infrastructural spheres, etc.
The administrative-legal forms in the field of cybersecurity (rule-making,
adoption of acts, administrative agreement, law enforcement of the rights, etc.) are identified and characterized, which are an objective practical reflection of the activities of cybersecurity entities of Ukraine. Based on the opinions of well-known scientists- administrators, the administrative-legal methods in the field of cyber security of Ukraine are analyzed. It is proved that the studied administrative-legal forms and methods are essential in the implementation of the administrative-legal mechanism in the field of cybersecurity of Ukraine, but further security development of this area requires integrated use of all these administrative-legal instruments and the formation of a high level of state security, relations in cyberspace.
The general principles of administrative responsibility for cybersecurity are described and some administrative offenses in this area are analyzed. In particular, given the methodological emphasis in the dissertation on the security content of cybersecurity activities, it is reasonable to consider administrative responsibility in the field of cybersecurity in Ukraine to understand the type of legal liability that is a means of administrative-legal protection of cyberspace, and the main purpose of which is to forcibly stop illegal actions related to illegal interference in computer and telecommunication systems and violation of human rights and freedoms, the interests of the state and society.
Attention is focused on the analysis of the structure of administrative-legal relations arising in the field of cybersecurity, and allows disclosing fully the specifics of the phenomenon under study, due to the essential features that allow to distinguish these legal relations from the variety of relations ensuring cyber security of Ukraine. The division of subjects of administrative-legal relations in the field of cybersecurity of Ukraine into four groups: subjects of general competence; subjects of special competence – the main subjects of the national cybersecurity system; subjects of branch competence; subjects of individual status – directly carry out cybersecurity measures within their competence.
It is stated that effective counteraction to threats to national security in the cyber sphere is possible only with the integrated use of the whole arsenal of legal means to ensure cybersecurity, all structural elements of public administration and at all stages of information circulation. In addition, the maximum effect in the interaction of cybersecurity subjects of Ukraine can be achieved only through the use of a holistic systemic mechanism of administrative-legal methods and tools through which the implementation of state policy in cybersecurity as an integral part of national security of Ukraine.
It is determined that the most important step at the stage of fully formed
legislative framework for cybersecurity of Ukraine is development and adoption of the State Targeted Program for Cyber Security of Ukraine, the adoption of which will serve as a starting point in the implementation of real cooperation of cybersecurity in Ukraine. Emphasis is placed on the main directions of the state policy on counteracting cyber threats, which should become a distinctive feature of the State Targeted Program for Cyber Security of Ukraine.
It is noted that the introduction of international experience in the field of administrative-legal support of cybersecurity is extremely important for Ukraine, which is necessary as a successful example of forming appropriate policies and building its own system of legal and organizational support of cybersecurity, especially in hybrid warfare. The success and efficiency of administrative-legal support of cybersecurity is ensured by simultaneous measures aimed both at cooperation with professional international institutions to ensure cybersecurity and at the direction of forming adequate to the challenges of hybrid war national legislation in this area.
The analysis of the current legislation of Ukraine in the field of cybersecurity showed complete disregard for the legal regulation of risk-oriented approach to combating hybrid threats, especially in the field of cybersecurity, vulnerability identification and building resilience of Ukrainian society. For Ukraine, the study and use of positive foreign experience in risk management and ensuring the stability of the state and society in the field of national security is primarily due to the need to form a new quality of domestic security and defense sector, which should have the characteristics of sustainable systems. Based on this, legislative changes were formulated aimed at improving the administrative-legal support of cybersecurity in Ukraine in a hybrid war, namely: amendments to the draft Law of Ukraine “On Critical Infrastructure and its Protection” and the Code of Ukraine on Administrative Offenses. Keywords: administrative-legal bases, cybersecurity, hybrid war, hybrid threats, cyber threats, administrative-legal mechanism, subjects of cybersecurity, risk-oriented approach, resilience of society, vulnerability.