In a comprehensively digitized and networked world, information security is systemically relevant. In view of a constantly worsening threat situation, there is a consensus that the previous, primarily informal strategies for overcoming the information security crisis are not sufficient. Accordingly, regulatory pressure is continuously intensifying.
Regulatory access, however, faces significant challenges. One reason for this is the special structure of information security risks. Technical vulnerabilities not only put manufacturers, operators and users at risk and facilitate aggressive cyber activities of all kinds. Rather, they are also attractive to security authorities, who can exploit these gaps for their own purposes, such as monitoring digital communications. The regulation of information security risks is therefore in a "double bind." This has repercussions for the legal policy discourse, in which extreme positions currently dominate. On the other hand, from a regulatory point of view, it is anything but trivial to establish legal regulatory structures in the field of information security assurance, which has so far been predominantly privately organized, strongly influenced by the inherent laws of technology and, at least in some areas, inherently globally structured.
The law of cyber and information security touches on fundamental questions of regulation by the rule of law under the conditions of digitization and globalization: How does territorially radicalized law work in the global constellation? How does the state generate regulatory knowledge in a highly dynamic technical environment? What is the relationship between the state and the private sector? These questions come to a head in the face of cyber threats, as the guarantee of security is a core function of statehood and an indicator of state sovereignty.
The resulting problems are the subject of various research projects at the chair. Recently completed was the DFG-funded project "Regulating Information Security. Keeping Public and Private Data Safe", which resulted in a monograph published by Mohr Siebeck in the series Jus Publicum. Current news includes a commentary on the BSIG [german act on the federal office for Information Security) for the BeckOK Security and Police Law of the Federal Government.