The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks and consider what their consequences may be going forward, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further vigilance may be what is necessary to consider these large threats, as national law tends to fail at properly regulating companies when it comes to cybersecurity.
翻译:目前,整个世界都通过整个互联网紧密地连接起来,但同时也通过提供从食物到基础设施和技术等一切东西的供应链。 供应链本身在数字和物理意义上都容易受到对抗性袭击的伤害,这些袭击会打乱或最坏地摧毁这些袭击。 在本文件中,我们审视了这种成功袭击的两个例子,并审视了这些袭击可能带来的后果,分析了欧盟和国家法律如何防止这些袭击或以其他方式惩罚那些不试图以所有可能的代价减轻袭击的公司。 我们发现,目前类型的国家监管方法不够具体技术,无法强制或授权在防止供应链袭击方面发挥最大作用的正确方尽一切力量缓解这些袭击。 但是,当前的欧盟法律已经走上了正确的道路,进一步警惕可能是考虑这些巨大威胁所必需的,因为国家法律在网络安全方面往往无法对公司进行适当监管。