We are the first European Law Students who got a diploma in computer security: this is how we did it
Technology has become an integral part of our daily life. The rapid development of technology has brought enormous benefits to almost every industry. From self-driving cars to fitness/health monitors, new tech products are saving us a considerable amount of time, costs, and worries. Nevertheless, nothing is for free.
For most of the products, we need to give out valuable information about ourselves to enjoy the benefits, which can lead to serious privacy and cybersecurity concerns. This is, even more, the case now, considering that every meeting moved from face to face to “Zoom to Zoom” due to the global pandemic. contemporary, the internet and the services providers might know you better than yourself!
The prominent position of technology has also created a new set of problems and ethical dilemmas in the legal world. Legal practitioners usually apply legal principles and rules to solve issues. But how can one apply rules and principles that were designed for a world where technology was not so omnipresent?
Cybersecurity Awareness Month (February 2021)
Because of the need to adapt the law to the trends of technology, Catalina Goanta, Bogdan Covrig, Gijs van Dijck, and Constanta Rosca have created the unique Cybersecurity Observatory MARBLE program to provide the students with the opportunity to link technical problems to legal practices. Students in this program learn technical skills as well as trying to solve cybersecurity issues from a legal perspective. The program currently consists of us, five students with a European law background: Otso Karttunen, Cecilia Codreanu, Ingmar Blok, Simona Gurkova, and Chang Liu. At the moment, we finished an intense Google course on computer security (IT security: Defense against the digital dark arts), which provides us with essential knowledge on how cyber attacks work and how individuals and enterprises can build stronger protection to prevent them. Since cybersecurity has been something that impacted all the UM community just a year ago, we thought the best way to conclude our programme was by planning the Cybersecurity Awareness Month in February. There will be a lot of events that fellow students, as well as staff members can get involved in, and figure out how why it’s important to think about cybersecurity, whether in research or practice, even if (or especially because) we are based at a law faculty. These events include guest lectures by UM experts Bart van der Heuvel and Jean-Paul Beusen, who will reflect upon cybersecurity in universities, as well as by international academics who have written widely about technology and law in general, and cybersecurity in particular, such as Ian Brown and Michael Veale.
Cybersecurity gamified education: Project Ares powered by D5-IQ
One of the highlights of the Cybersec Awareness Month for the participants in the MARBLE programme is that the programme has teamed up with Dutch cybersecurity education company D5-IQ, and we will be the first bachelor students at a law faculty, and most likely in the Netherlands, to experience cybsersecurity training just like professional IT staff working in or training for this sector. To this end, during the entire month of February we will explore the battlerooms in Project Ares, which is a virtual machine-based simulator of networks and network traffic, where you can perform cyberattacks or defend against them. While we are mere beginners in this field, we understand the basic concepts, and under the supervision of Bogdan Covrig, we will explore missions together and reflect upon them as a team.
Our experience in the words of each participant
‘Cybersecurity is a field that is becoming ever more prevalent in our society, and although it’s something that’s particularly challenging to understand, it’s something that we face every day.’Ingmar Blok, who is a third-year ELS student from South Africa, wants to be multifaceted in his skills as a lawyer and not just a lawyer in the general sense. He is planning to use the program as a starting point to begin a career in technology and law in the US! ‘Cybersecurity in and of itself is already a very difficult subject. Trying to understand how hacking works is almost impossible to do without understanding the basics. The basics including technical terms like ‘zero-day vulnerabilities’ as well as how certain attacks work becomes complex without knowing what a network, switch, or router are. It is for this reason that one might think that you have to do a bachelor’s in cybersecurity before you can have a real, concrete understanding of how cyberattacks work. However, if you have an interest and a passion to get past the technical difficulties of cybersecurity, then it becomes a much more enjoyable topic that you can interlink with other fields like law, which is what we are busy trying to do in this project. For those of you who want to know more about this topic, I would suggest really starting from the basics because cybersecurity is one of those topics where if you have a gap in one small area, you won’t understand anything that starts to build on it.’
‘A person without technology skills in the near future is like a person who doesn’t know how to use Microsoft Word nowadays.’ Chang Liu just graduated from the European Law School program this summer. She has a degree in electronic publishing and two years of working experience in IT companies as a user-interface designer. Her goal is to combine her IT skills into her legal career. She believes that it is always important to equip herself with IT and cybersecurity knowledge. ‘The IT world is surely different than the legal world. Therefore, it was very difficult to get into it and get used to the terms and logic at the beginning. However, my experience is that the most difficult part is the beginning, once you go through the part that where you want to die (give up), you are halfway to success. Therefore, it is important to surround yourself with people who have the same goal. In the Cybersecurity Program, all the students start from the beginning, and we are all determined to acquire IT skills, which made things easier. Furthermore, since we studied together, we could actually discuss it and learn from each other.’
‘I have always been interested in Cybersecurity, and as it’s significance in society increases as time goes on, we have to be prepared for the legal issues that it brings about.’ Otso Karttunen is a first-year European Law School (ELS) student coming from Finland. He wants to build a career in technology, AI, or Cybersecurity-related law. He believes that this program is an excellent stepping stone for that. ‘Before starting the course I had an average understanding of some core concepts of cyber-security, but the course really improved my understanding of the details and the practical applications of the concepts. The content might seem quite intimidating at first, but it’s not something you couldn’t handle, and when you are near the end, it feels really rewarding. Going through the materials together in sessions proved really beneficial. As everyone was just learning the content, there wasn’t any pressure when asking questions about the concepts. Collaboration also showed its value when answering the questions posed by the other students, since it really forced you to use and apply the knowledge you had acquired. Cyber-security is a field of expertise that is constantly changing and advancing, but this course gave a good basis on which to build on.’
‘I am doing this program because of its international character, entailing the prospect of a common European policy.’ Cecilia Codreanu is a French third-year ELS student with a goal of pursuing a career in corporate and commercial law. She likes the fact that the Cybersecurity observatory covers different areas of law, for example, private as well as public law.
‘The Cybersecurity Observatory provides an opportunity to look at cybersecurity through the eyes of the law, which is a unique perspective.’ Simona Gurkova is a third-year ELS student from Bulgaria. She believes that technology skills are an integral part of a well-rounded legal education. She plans to follow a Master’s in Tax Law and hopes to be able to use the skills she obtains as part of the Cybersecurity Observatory in her future career development.
‘I can definitely say that being part of this project has been a challenging, yet rewarding experience. In the beginning, I felt intimidated by cybersecurity, not in terms of the workload but mostly in terms of the content. If you have no previous background in cybersecurity in some parts you might end up feeling quite lost. As law students, we are trained to think in a completely different way than the mindset needed to grasp the concepts of cybersecurity. But being able to approach a problem from different perspectives and with a different logic is a valuable skill, especially for lawyers/jurists. Moreover, once you start doing research on an interdisciplinary topic such as cybersecurity and law, one is really forced to “think outside of the box”. This is because technology is constantly developing and the law cannot always keep up. So some cybersecurity legal issues might end up being under-researched or not regulated by the law at all and an analysis of such issues requires drawing parallels from traditional concepts and rules one already knows. What has made being part of the Cybersecurity Observatory a really pleasant experience is also working alongside Chang, Cecilia, Ingmar, and Otso as well as Gijs, Catalina, and Bogdan. I found the sessions where we discussed the material as well as the questions we had very useful. The fact that we were all going through more or less the same difficulties gave a nice feeling of community spirit, which is really hard to create in an online environment.’