An automated method for the ontological representation of security directives

TL;DR

This paper presents an automated NLP-based method to extract and represent security directives as ontologies, aiding interpretation and compliance, demonstrated on the European NIS 2 cybersecurity directive.

Contribution

It introduces a novel automated approach combining NLP and ontology principles to represent complex legal security directives as ontologies.

Findings

Successfully applied to NIS 2 directive

Automated extraction supported ontology development

Manual analysis complemented NLP techniques

Abstract

Large documents written in juridical language are difficult to interpret, with long sentences leading to intricate and intertwined relations between the nouns. The present paper frames this problem in the context of recent European security directives. The complexity of their language is here thwarted by automating the extraction of the relevant information, namely of the parts of speech from each clause, through a specific tailoring of Natural Language Processing (NLP) techniques. These contribute, in combination with ontology development principles, to the design of our automated method for the representation of security directives as ontologies. The method is showcased on a practical problem, namely to derive an ontology representing the NIS 2 directive, which is the peak of cybersecurity prescripts at the European level. Although the NLP techniques adopted showed some limitations and had to be complemented by manual analysis, the overall results provide valid support for directive compliance in general and for ontology development in particular.