Cybersecurity in the financial sector and the quantum-safe cryptography transition: in search of a precautionary approach in the EU Digital Operational Resilience Act framework

Cybersecurity in the financial sector and the quantum-safe cryptography transition: in search of a precautionary approach in the EU Digital Operational Resilience Act framework

Jančiūtė, L.

International Cybersecurity Law Review, vol. 6, pp: 145-154, 2025

Abstract

An ever more digitalised financial sector is exposed to a growing number of cyberattacks. Given the criticality and interconnectedness of this sector, cyber threats here represent not only operational risks, but also systemic risks. In the long run, the emerging cyber risks include developments in quantum computing threatening widely used encryption safeguarding digital networks. Globally in the financial sector, some initiatives have already been taking place to explore the possible mitigating measures. This paper argues that for an industry-wide transition to quantum-safe cryptography the precautionary principle is relevant. In the EU, financial entities now have to be compliant with the Digital Operational Resilience Act strengthening ICT security requirements. This research traces the obligation to adopt quantum-resistant precautionary measures under its framework.

Links

DOI: https://doi.org/10.1365/s43439-025-00135-7

Cybersecurity, quantum technologies

RIS

TY  - NEWS
AU  - Jančiūtė, L.
PY  - 2025
DA  - 2025-03-05
T1  - Cybersecurity in the financial sector and the quantum-safe cryptography transition: in search of a precautionary approach in the EU Digital Operational Resilience Act framework
JO  - International Cybersecurity Law Review
VL  - 6
SP  - 145-154
DO  - https://doi.org/10.1365/s43439-025-00135-7
AB  - An ever more digitalised financial sector is exposed to a growing number of cyberattacks. Given the criticality and interconnectedness of this sector, cyber threats here represent not only operational risks, but also systemic risks. In the long run, the emerging cyber risks include developments in quantum computing threatening widely used encryption safeguarding digital networks. Globally in the financial sector, some initiatives have already been taking place to explore the possible mitigating measures. This paper argues that for an industry-wide transition to quantum-safe cryptography the precautionary principle is relevant. In the EU, financial entities now have to be compliant with the Digital Operational Resilience Act strengthening ICT security requirements. This research traces the obligation to adopt quantum-resistant precautionary measures under its framework.
K1  - Cybersecurity
K1  - quantum technologies
ER  -

Save .RIS

Bibtex

Newspaper article{nokey,
	title = {Cybersecurity in the financial sector and the quantum-safe cryptography transition: in search of a precautionary approach in the EU Digital Operational Resilience Act framework},
	author = {Jančiūtė, L.},
	doi = {https://doi.org/10.1365/s43439-025-00135-7},
	year = {2025},
	date = {2025-03-05},
	journal = {International Cybersecurity Law Review},
	volume = {6},
	pages = {145-154},
	abstract = {An ever more digitalised financial sector is exposed to a growing number of cyberattacks. Given the criticality and interconnectedness of this sector, cyber threats here represent not only operational risks, but also systemic risks. In the long run, the emerging cyber risks include developments in quantum computing threatening widely used encryption safeguarding digital networks. Globally in the financial sector, some initiatives have already been taking place to explore the possible mitigating measures. This paper argues that for an industry-wide transition to quantum-safe cryptography the precautionary principle is relevant. In the EU, financial entities now have to be compliant with the Digital Operational Resilience Act strengthening ICT security requirements. This research traces the obligation to adopt quantum-resistant precautionary measures under its framework.},
	keywords = {Cybersecurity, quantum technologies},
}

Save .bib

The right to trust your vote: Cybersecurity, human rights and electronic voting download

van Daalen, O. & Hoekstra, N.

2024

Links

vanDaalenHoekstra2024a

Cybersecurity, Electronic voting, Human rights

RIS

Save .RIS

Bibtex

Save .bib

The New F-word: The case of fragmentation in Dutch cybersecurity governance external link

Mirzaei, P. & Busser, E. de

Computer Law & Security Review, vol. 55, num: 106032, 2024

Abstract

The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne's (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne's counting procedure, be regarded as fragmented.

Links

Cybersecurity, fragmentation, Internet governance, the netherlands

RIS

TY  - JOUR
AU  - Mirzaei, P.
AU  - Busser, E. de
PY  - 2024
DA  - 2024-11-15
T1  - The New F-word: The case of fragmentation in Dutch cybersecurity governance
JO  - Computer Law & Security Review
VL  - 55
NV  - 106032
UR  - https://www.sciencedirect.com/science/article/pii/S0267364924000980
DO  - https://doi.org/10.1016/j.clsr.2024.106032
AB  - The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne\'s (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne\'s counting procedure, be regarded as fragmented.
K1  - Cybersecurity
K1  - fragmentation
K1  - Internet governance
K1  - the netherlands
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {The New F-word: The case of fragmentation in Dutch cybersecurity governance},
	author = {Mirzaei, P. and Busser, E. de},
	doi = {https://doi.org/10.1016/j.clsr.2024.106032},
	year = {2024},
	date = {2024-11-15},
	journal = {Computer Law & Security Review},
	volume = {55},
	number = {106032},
	abstract = {The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne\'s (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne\'s counting procedure, be regarded as fragmented.},
	keywords = {Cybersecurity, fragmentation, Internet governance, the netherlands},
}

Save .bib

In China’s cyberwereld is niet vrijheid, maar gehoorzaamheid de norm external link

Arnbak, A.

Het Financieele Dagblad, vol. 2018, 2018

Links

https://axelarnbak.nl/2018/09/06/51e-fd-column-in-chinas-cyberwereld-is-niet-vrijheid-maar-gehoorzaamheid-de-norm/

China, Cybersecurity, Informatierecht

RIS

Save .RIS

Bibtex

Save .bib

Geen Spelen of verkiezingen zonder digitale oorlogsvoering external link

Arnbak, A.

Het Financieele Dagblad, vol. 2018, 2018

Links

https://axelarnbak.nl/2018/03/25/45e-fd-column-geen-spelen-of-verkiezingen-zonder-digitale-oorlogsvoering/

China, Cybersecurity, ddos, digitale oorlogsvoering, hacking, informatierect, Surveillance

RIS

Save .RIS

Bibtex

Save .bib

Ziekenhuizen en energiebedrijven gaan wellicht boeten voor beveiligingsfouten: Nieuwe IT-wet bedoeld om ‘potentiële maatschappelijke ontwrichting’ te voorkomen external link

Arnbak, A.

Het Financieele Dagblad, vol. 2017, 2017

Links

https://axelarnbak.nl/2017/10/05/40e-fd-column-ziekenhuizen-en-energiebedrijven-gaan-wellicht-boeten-voor-beveiligingsfouten/

beveiliging, Cybersecurity, energiebedrijven, it, nederland, Privacy, ransomware, Telecommunicatierecht, toezicht, wetgeving, ziekenhuizen

RIS

Save .RIS

Bibtex

Save .bib

China’s new cybersecurity law – effective as of 1 June 2017 external link

Staden ten Brink, R. van, Wang, J., Veldhoen, D. & Arnbak, A.

Trade Security Journal, vol. 2017, num: 2, pp: 27-29, 2017

Abstract

While China’s new cybersecurity law may appear vague, cumbersome and lacking clarity, one thing is clear and that is that international companies with any operations and/or activities in China should quickly assess if and how they are covered by the new legislation.

Links

https://www.ivir.nl/publicaties/download/TSJ_2017_2.pdf

China, Cybersecurity

RIS

Save .RIS

Bibtex

Save .bib

Wat eeuwen van spam ons leren over cybersecurity external link

Arnbak, A.

2015

Links

http://www.ivir.nl/publicaties/download/1480.pdf

Bescherming van communicatie, Cybersecurity, Grondrechten, spam

RIS

Save .RIS

Bibtex

Save .bib

Deltaplan voor online privacy & beveiliging external link

Arnbak, A.

Het Financieele Dagblad, 2014

Links

https://www.axelarnbak.nl/2014/11/04/derde-column-in-financieele-dagblad-deltaplan-online-privacy-en-beveiliging/

Cybersecurity, data retention, ECHR, Grondrechten, hacking, NSA, Privacy, Surveillance, wiretapping

RIS

Save .RIS

Bibtex

Save .bib

Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy external link

Arnbak, A.

2014

Abstract

This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.

Links

http://www.ivir.nl/publicaties/download/1421.pdf

Constitutional and administrative law, Cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad

RIS

TY  - SLIDE
AU  - Arnbak, A.
PY  - 1014
DA  - 2014-10-14
T1  - Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy
UR  - http://www.ivir.nl/publicaties/download/1421.pdf
AB  - This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.
K1  - Constitutional and administrative law
K1  - Cybersecurity
K1  - Data protection
K1  - encryption
K1  - EU law
K1  - network and information security
K1  - securitization
K1  - Technologie en recht
K1  - the c.i.a.-triad
ER  -

Save .RIS

Bibtex

Presentation{nokey,
	title = {Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy},
	author = {Arnbak, A.},
	year = {1014},
	date = {2014-10-14},
	abstract = {This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.},
	keywords = {Constitutional and administrative law, Cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad},
}

Save .bib