Main Page: Difference between revisions
m (fixing link to usnwc) |
No edit summary |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
<div class="res-img no-pointer-events"><!-- |
<div class="res-img no-pointer-events">[[File:MainBanner.jpg]]<!-- CfP BANNER: [[File:MainBannerCall2024.jpg]]--></div> |
||
__NOTOC__ |
__NOTOC__ |
||
<!--__NONUMBEREDHEADINGS__--> |
<!--__NONUMBEREDHEADINGS__--> |
||
Line 60: | Line 60: | ||
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2> |
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2> |
||
<choose> |
<choose> |
||
<option> |
<option> |
||
<!-- INCIDENT 14--> |
<!-- INCIDENT 14--> |
||
Line 70: | Line 71: | ||
</div> |
</div> |
||
</option> |
</option> |
||
⚫ | |||
⚫ | |||
⚫ | |||
On 4 December 2023, ''The Guardian'' [https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china reported] that the Sellafield nuclear site in the United Kingdom was hacked by groups allegedly linked to Russia and China. The breach, first detected in 2015, reportedly involved sleeper malware that may have compromised sensitive operations like radioactive waste handling. Sellafield, crucial for nuclear waste management and housing critical emergency planning documents, was placed under [https://www.onr.org.uk/documents/2023/cni-annual-report-2023.pdf special measures] by the UK Office for Nuclear Regulation. The breach raised significant national security concerns, given the [https://www.ncsc.gov.uk/news/heightened-threat-of-state-aligned-groups rising threats] of cyber-attacks against critical national infrastructure. In the Toolkit, [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] analyse cyber operations against the critical infrastructure of other States from the perspective of international law. |
|||
⚫ | |||
⚫ | |||
<option> |
<option> |
||
<!-- INCIDENT 15--> |
<!-- INCIDENT 15--> |
||
Line 78: | Line 87: | ||
</div> |
</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 17--> |
<!-- INCIDENT 17--> |
||
Line 84: | Line 94: | ||
</div> |
</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 18--> |
<!-- INCIDENT 18--> |
||
Line 90: | Line 101: | ||
</div> |
</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 19--> |
<!-- INCIDENT 19--> |
||
Line 96: | Line 108: | ||
</div> |
</div> |
||
</option> |
</option> |
||
<option weight="2"> |
<option weight="2"> |
||
<!-- INCIDENT 20--> |
<!-- INCIDENT 20--> |
||
Line 102: | Line 115: | ||
</div> |
</div> |
||
</option> |
</option> |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | In September 2020, the German University Hospital in Düsseldorf was forced to reduce healthcare service due to a [https://www.wired.co.uk/article/ransomware-hospital-death-germany ransomware attack] that crippled its systems. The attackers managed to compromise 30 clinic’s servers, reducing its capacity by [https://www.rtl.de/cms/hacker-angriff-auf-uniklinik-duesseldorf-starb-eine-patientin-wegen-einer-erpressung-4615184.html fifty per cent] for several days. This ransomware campaign with [https://www.thelocal.de/20200922/german-experts-see-russian-link-in-deadly-hospital-hacking/ links to Russian groups] is known worldwide because a woman has died when taken into a distant hospital that could accept her, even though her death was later [https://www.technologyreview.com/2020/11/12/1012015/ransomware-did-not-kill-a-german-hospital-patient/ not concluded] as a result of the attack. The attack was most likely a mistake since the perpetrators left a note in a code addressed to Heinrich Heine University. Once the hackers were informed about their misstep, they [https://www.healthcareitnews.com/news/hospital-ransomware-attack-leads-fatality-after-causing-delay-care stopped and provided] the hospital with the encryption key without any ransom demands before [https://www.bbc.com/news/technology-54204356 cutting the communication]. Even though no data has been lost, this ransomware campaign once again showed how the healthcare sector is vulnerable to cyber attacks. |
||
⚫ | In the Toolkit, [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] focuses directly on cyber operations against medical facilities. Given that the hospital suffered a ransomware attack, [[Scenario 14: Ransomware campaign|Scenario 14]] exploring the ransomware campaign is also relevant. |
||
⚫ | |||
⚫ | |||
<option weight="2"> |
<option weight="2"> |
||
<!-- INCIDENT 22--> |
<!-- INCIDENT 22--> |
||
Line 146: | Line 152: | ||
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2> |
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2> |
||
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported by the following six partner institutions: the [https://www.nukib.cz/en/ Czech National Cyber and Information Security Agency] (NÚKIB), the [https://www.icrc.org International Committee of the Red Cross] (ICRC), the [https://ccdcoe.org/ NATO Cooperative Cyber Defence Centre of Excellence] (CCDCOE), the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom, the [https://usnwc.edu/Research-and-Wargaming/Research-Centers/Stockton-Center-for-International-Law U.S. Naval War College], United States, and [https://en.whu.edu.cn Wuhan University], China. The core of the project team consists of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] ( |
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported by the following six partner institutions: the [https://www.nukib.cz/en/ Czech National Cyber and Information Security Agency] (NÚKIB), the [https://www.icrc.org International Committee of the Red Cross] (ICRC), the [https://ccdcoe.org/ NATO Cooperative Cyber Defence Centre of Excellence] (CCDCOE), the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom, the [https://usnwc.edu/Research-and-Wargaming/Research-Centers/Stockton-Center-for-International-Law U.S. Naval War College], United States, and [https://en.whu.edu.cn Wuhan University], China. The core of the project team consists of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] (University of Exeter) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Mr Otakar Horák (CCDCOE) – Scenario Editor. <!-- The pilot year of the project (2018/19) was supported through the [https://esrc.ukri.org/collaboration/collaboration-oportunities/impact-acceleration-accounts/ UK ESRC IAA Project Co-Creation] scheme.--> The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 [[People#Peer_reviewers|peer reviewers]]. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 20 October 2022; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.</div> |
||
|} |
|} |
||
<!-- END OF MIDDLE BOX --> |
<!-- END OF MIDDLE BOX --> |
||
<!-- SECTIONS AT BOTTOM OF PAGE --> |
<!-- SECTIONS AT BOTTOM OF PAGE --> |
||
<!-- CALL FOR SUBMISSIONS SECTION - CURRENTLY NOT IN USE |
|||
<!-- |
|||
<div id="mp-lower" style="padding-top:4px; padding-bottom:2px; overflow:auto; border:1px solid #e2e2e2; overflow:auto; margin-top:4px;"><h2 id="mp-other" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Call for submissions</h2> |
<div id="mp-lower" style="padding-top:4px; padding-bottom:2px; overflow:auto; border:1px solid #e2e2e2; overflow:auto; margin-top:4px;"><h2 id="mp-other" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Call for submissions</h2> |
||
Cyber Law Toolkit is now inviting submissions for its next general update in 2024. Successful authors will be awarded an honorarium. This call for submissions is open until '''1 December 2023'''. Full text of the call with submission dates and contacts is available for download here: [Https://ccdcoe.org/uploads/2023/10/Cyber-Law-Toolkit-call-for-submissions-2024.pdf Call for submissions (PDF)] --> |
|||
--> |
|||
<!-- REMOVED OLD OTHER RESOURCES BOX |
<!-- REMOVED OLD OTHER RESOURCES BOX |
||
<h2 id="mp-other" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">Other resources</h2> |
<h2 id="mp-other" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">Other resources</h2> |
||
Line 169: | Line 174: | ||
</div> |
</div> |
||
<!-- TO ADD A SECTION JUST DELETE THIS LINE... |
<!-- TO ADD A SECTION JUST DELETE THIS LINE... |
||
<h2 id="mp-sister" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">[EMPTY SECTION]</h2> |
<h2 id="mp-sister" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">[EMPTY SECTION]</h2> |
||
Line 239: | Line 243: | ||
In the context of the incident, the main issue is the responsibility of the host State for providing the security of the international organisation, which is developed in [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]]. |
In the context of the incident, the main issue is the responsibility of the host State for providing the security of the international organisation, which is developed in [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]]. |
||
</div> |
|||
</option> |
|||
<option weight="2"> |
|||
<!-- INCIDENT 21 |
|||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Universitaetsklinikum-Duesseldorf-Logo.png|left|150px]] |
|||
⚫ | In September 2020, the German University Hospital in Düsseldorf was forced to reduce healthcare service due to a [https://www.wired.co.uk/article/ransomware-hospital-death-germany ransomware attack] that crippled its systems. The attackers managed to compromise 30 clinic’s servers, reducing its capacity by [https://www.rtl.de/cms/hacker-angriff-auf-uniklinik-duesseldorf-starb-eine-patientin-wegen-einer-erpressung-4615184.html fifty per cent] for several days. This ransomware campaign with [https://www.thelocal.de/20200922/german-experts-see-russian-link-in-deadly-hospital-hacking/ links to Russian groups] is known worldwide because a woman has died when taken into a distant hospital that could accept her, even though her death was later [https://www.technologyreview.com/2020/11/12/1012015/ransomware-did-not-kill-a-german-hospital-patient/ not concluded] as a result of the attack. The attack was most likely a mistake since the perpetrators left a note in a code addressed to Heinrich Heine University. Once the hackers were informed about their misstep, they [https://www.healthcareitnews.com/news/hospital-ransomware-attack-leads-fatality-after-causing-delay-care stopped and provided] the hospital with the encryption key without any ransom demands before [https://www.bbc.com/news/technology-54204356 cutting the communication]. Even though no data has been lost, this ransomware campaign once again showed how the healthcare sector is vulnerable to cyber attacks. |
||
⚫ | In the Toolkit, [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] focuses directly on cyber operations against medical facilities. Given that the hospital suffered a ransomware attack, [[Scenario 14: Ransomware campaign|Scenario 14]] exploring the ransomware campaign is also relevant. |
||
</div> |
</div> |
||
</option> |
</option> |
Revision as of 10:00, 8 March 2024
About the projectThe Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 28 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.
Cyber law scenarios |
Featured incidentOn 14 May 2021, a ransomware attack targeted the Irish national healthcare service on both national and local levels, including several hospitals that had to cancel planned procedures. The day before, National Cyber Security Centre informed about a potential threat inside the Department of Health network, which spoiled the efforts of ransomware infiltration. The Department’s IT systems were preemptively shut down. The criminal investigation is focusing on the Wizard Spider gang that is operating from Saint Petersburg in Russia according to intelligence agencies. The Minister for Foreign Affairs of Ireland Simon Coveney said he has spoken to his Russian counterpart, Sergey Lavrov, about the cyber attack. Although most of the systems were operable a month later, its complete recovery may take up to 6 months. In the Toolkit, Scenario 14 explores the legal questions regarding ransomware extortion campaigns. Given the indirect involvement of a State, Scenario 06 deals with the possible countermeasures deployed against an enabling State. Scenario 20 focuses on cyber operations against medical facilities. Quick links
Behind the scenesThe project is supported by the following six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China. The core of the project team consists of Dr Kubo Mačák (University of Exeter) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Mr Otakar Horák (CCDCOE) – Scenario Editor. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 peer reviewers. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 20 October 2022; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.
|