Do we have effective systems for responding to cyber threats and incidents?

The exponential development of ITC systems based on Artificial Intelligence and the Internet of Things (IoT) is in front of all of us. In order to be ready to embrace and make the most of the changes it brings, the recognition of the full potential and the benefits of these systems must go hand in hand with the awareness that they may be exposed to certain risks, such as cyber attacks. To protect critical infrastructures from such dangers, it is necessary to build an effective cybersecurity system that can not only prevent threats and reduce vulnerabilities, but also immediately remediate incidents that may affect such systems.

Understanding how important it is to address these challenges, CyberEthics Lab. is a partner in the IRIS (artificial Intelligence, threat Reporting, and Incident response System) project, which aims to develop a framework that can support security practitioners, particularly CERTs (Computer Emergency Response Teams) and CSIRTs (Computer Security Incident Response Teams) in managing privacy and cybersecurity risks through the creation of a platform that can detect and respond to these threats in an immediate, effective, and “human-centric” manner.

In this context, it is necessary to recognize the critical role of thought and action that is aware of the ethical, legal and social considerations that arise when it comes to privacy and security in the fields of IoT and Artificial Intelligence. To ensure that this happens, the multidisciplinary CyberEthics Lab. team is in charge of making sure that the IRIS research activities are carried out not only with respect for the ethical fundamentals and the right regulatory framework, but also with the utmost consideration of the social impacts of the technological innovations involved in the development of the IRIS platform, which will then be validated through three realistic Pilot Use Cases in the smart cities of Helsinki, Tallinn and Barcelona.


Website: https://www.iris-h2020.eu/

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no 101021727.

Service involved

Assessment of technology impact on privacy
We help our clients and partners to achieve their business goals while addressing ethics, privacy and cybersecurity concerns in a manner that prevents conflicts, sanctions and loss of money derived by the lack of ethical and legal compliance to national and European applicable regulations. All information technologies must respect human fundamental rights and ensure the rights of people in relation to the protection of their private life, personal data and freedom. The new EU General Data Protection Regulation (GDPR) that replaced the Data Protection Directive in all EU member states on May 2018 introduces many new obligations for companies and a comprehensive set of rights for data subjects, including the right to an effective judicial remedy against a controller or a processor and the right to compensation. Therefore, in addition to being at the receiving end of an enforcement action, data controllers and processors may be subject to court proceedings and have to pay compensation to data subjects for their infringements of the GDPR. Our approach to help our clients to avoid this kind of issues consists of a holistic service composed by the following main components: providing a Data Protection Officer to drive the organization’s legal compliance action; mapping the data processed by the organisation to measure its impact on the ethical principles and legal framework; assessing the cybersecurity mechanisms used by the organisation technologies; conducting an impact assessment for all data processing mechanisms identifying ethical, legal and security risks; making recommendations for the implementation of the organisational and technical means to be compliant with the legal framework while ensuring data confidentiality (preserving authorized restrictions on information access and disclosure, including personal privacy and proprietary information protection), integrity (assurance that data is not modified or deleted in an unauthorized and undetected manner), availability (ensuring there’s timely and reliable access to and use of information) and accountability (supporting non‐repudiation, deterrence, fault isolation, intrusion detection and prevention, and after‐action recovery and legal action).
Ethics assessment of technology
We help our clients and partners in the process of critical analysis to examine the effects that the introduction and use of a technology may have on human rights, society, and the environment. This is a complex process that requires a systematic view and consideration of how technology might affect people and society at large in the short and long term. The ethical impact of technology is therefore crucial when developing and deploying new technologies, in order to mitigate the negative effects and maximise the benefits, and to enable developers, organisations and policy makers to make informed decisions. In this assessment, we assist our clients and partners to consider all relevant factors; there are several methodologies and approaches used to assess the ethical impact of technologies, including:
  • Privacy impact analysis: this type of analysis assesses the effects of technology on the privacy of individuals and their personal information. It considers the risks of monitoring and tracking, the consequences of possible data breaches and the security measures needed to protect users' privacy.
  • Social impact assessment: this type of analysis evaluates the effects of technology on society and the economy in general, considering impacts on unemployment, social equality, access to education and health, quality of life and environmental sustainability.
  • Ethical impact assessment: This type of analysis assesses the effects of technology on society's morals and values, considering impacts on social justice, accountability, transparency, human dignity and individual freedom.
  • Life cycle analysis: This type of analysis assesses the environmental impacts of technology throughout its life cycle, from production to use and end of life.
Ethical impact assessment of technologies therefore requires a multidisciplinary evaluation involving technology experts, ethics experts, legal experts, environmental experts and other stakeholders.
Responsible Research & Innovation
We love discovering and staying on top of new research to continuously advance our knowledge and to transform it into responsible innovation, taking into account effects and potential impacts on ethics, privacy and data protection. We help national and international partners to handle ethical, legal and cybersecurity concerns on both the research process and the project outcomes, through the legal support for the involvement of human beings in the research activity, the analysis of the national and regional legal framework applicable to the implementing technology and the recommendations for the secure and compliant development of technology. We are a multidisciplinary team that promotes the inclusion of legal and ethical concerns in the design of the technology, researching and producing new knowledge and best practices towards making a conscious and transparent adoption of technology.