How can the coordination and collaboration among EU Member States be ethically strengthened to collectively tackle cyber threats that transcend national boundaries?

Cybersecurity in the European Union (EU) faces significant challenges, evident in the low rankings of EU Member States on the Global Cybersecurity Index. The interconnected nature of cyberspace, coupled with the increasing sophistication and coordination of cyber threats, poses a global risk, transcending sector boundaries and impacting national security. The current isolation of security defenses, coupled with the evolving tactics of highly sophisticated attackers, necessitates a paradigm shift in cybersecurity frameworks. The need for robust defenses is crucial to reduce the threat to business continuity and safeguard critical infrastructure.

The INTERSOC (INTERconnected Security OperatIon Centres) project proposes a comprehensive approach that integrates advanced threat forecasting, cyber-incident detection, and response capabilities. This involves the development of a user-centric intelligent threat defense and decision support platform, combining sophisticated network and system behavioral monitoring, low-code security orchestration, confidential Cyber Threat Information sharing, trustworthy technology for information exchange, risk and threat analysis, enhanced penetration tools, and cutting-edge Trustworthy Artificial Intelligence (AI) algorithms.

Within the project CEL team takes on the pivotal responsibility of ensuring the social acceptance of the project’s tools and services. Adopting the Social Acceptance of Technology (SAT) methodology, CEL conducts a holistic assessment that integrates SSH perspectives with STEM considerations about the INTERSOC platform. The team diligently identifies ethics principles and regulatory constraints, guiding the development of technology solutions to uphold human rights and promote a human-centered design. Continuous monitoring of the evolving proposal of the AI Act allows CEL to align project requirements with emerging regulatory standards. Moreover, CEL assists consortium partners in navigating potential ethical considerations, establishing protocols for responsible research practices, and ensuring compliance with evolving EU regulatory frameworks, thereby fostering a comprehensive understanding of ethical standards across all stages of technology development within INTERSOC.

Service involved

Assessment of technology impact on privacy
We help our clients and partners to achieve their business goals while addressing ethics, privacy and cybersecurity concerns in a manner that prevents conflicts, sanctions and loss of money derived by the lack of ethical and legal compliance to national and European applicable regulations. All information technologies must respect human fundamental rights and ensure the rights of people in relation to the protection of their private life, personal data and freedom. The new EU General Data Protection Regulation (GDPR) that replaced the Data Protection Directive in all EU member states on May 2018 introduces many new obligations for companies and a comprehensive set of rights for data subjects, including the right to an effective judicial remedy against a controller or a processor and the right to compensation. Therefore, in addition to being at the receiving end of an enforcement action, data controllers and processors may be subject to court proceedings and have to pay compensation to data subjects for their infringements of the GDPR. Our approach to help our clients to avoid this kind of issues consists of a holistic service composed by the following main components: providing a Data Protection Officer to drive the organization’s legal compliance action; mapping the data processed by the organisation to measure its impact on the ethical principles and legal framework; assessing the cybersecurity mechanisms used by the organisation technologies; conducting an impact assessment for all data processing mechanisms identifying ethical, legal and security risks; making recommendations for the implementation of the organisational and technical means to be compliant with the legal framework while ensuring data confidentiality (preserving authorized restrictions on information access and disclosure, including personal privacy and proprietary information protection), integrity (assurance that data is not modified or deleted in an unauthorized and undetected manner), availability (ensuring there’s timely and reliable access to and use of information) and accountability (supporting non‐repudiation, deterrence, fault isolation, intrusion detection and prevention, and after‐action recovery and legal action).
Ethics assessment of technology
We help our clients and partners in the process of critical analysis to examine the effects that the introduction and use of a technology may have on human rights, society, and the environment. This is a complex process that requires a systematic view and consideration of how technology might affect people and society at large in the short and long term. The ethical impact of technology is therefore crucial when developing and deploying new technologies, in order to mitigate the negative effects and maximise the benefits, and to enable developers, organisations and policy makers to make informed decisions. In this assessment, we assist our clients and partners to consider all relevant factors; there are several methodologies and approaches used to assess the ethical impact of technologies, including:
  • Privacy impact analysis: this type of analysis assesses the effects of technology on the privacy of individuals and their personal information. It considers the risks of monitoring and tracking, the consequences of possible data breaches and the security measures needed to protect users' privacy.
  • Social impact assessment: this type of analysis evaluates the effects of technology on society and the economy in general, considering impacts on unemployment, social equality, access to education and health, quality of life and environmental sustainability.
  • Ethical impact assessment: This type of analysis assesses the effects of technology on society's morals and values, considering impacts on social justice, accountability, transparency, human dignity and individual freedom.
  • Life cycle analysis: This type of analysis assesses the environmental impacts of technology throughout its life cycle, from production to use and end of life.
Ethical impact assessment of technologies therefore requires a multidisciplinary evaluation involving technology experts, ethics experts, legal experts, environmental experts and other stakeholders.
Social acceptance of technologies assessment
Connected, disruptive technologies permeate all aspects of our daily lives and pose challenges to the real foundation of human rights, such as the right to privacy or the freedom of speech. One could say that human values such as trust, accountability, and dignity are mutually influenced by the social acceptance of technologies. We support our clients to conceive a novel way of aligning the thus-far divergent concepts of sustainability, ethics impact, and technological innovation. By combining these three concepts, we respond to the need of a socially responsible innovation ecosystem by developing a tailored methodology for assessing users’/citizens’ social acceptance of technologies, a fundamental driver for technology market adoption. Our social acceptance framework includes six fundamental dimensions over which social acceptability (i.e. perception, motivation, trust, awareness, capacity enabling, and accountability) is measured and assessed through a two-step approach based on an online Sentiment Analysis (SA) – to create structured and actionable knowledge from the web – and the engagement of our client’s stakeholders (e.g. relevant target groups, associations of citizens, domain operators, decision makers, etc.) for the technology co-creation and communication regarding its social acceptance.