Main Page: Difference between revisions

Content added Content deleted

Inline

Revision as of 15:35, 14 June 2022

Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.

About the project

The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.

Cyber law scenarios

Featured incident

On 2 March 2021, Microsoft issued a statement about multiple zero-day exploits in its Exchange Server email software and urged customers to update their systems using a patch released at the same time. Nevertheless, malicious cyber activities escalated, resulting in more than 250,000 affected customers globally (including governments as well as the private sector) and involving at least 10 APT groups. The original campaign was attributed by Microsoft to ‘Hafnium’, described as a State-sponsored group operating out of China. The hackers used the exploits to gain access to victim organisations’ email systems and to install malware allowing them to maintain long-term access to files, inboxes, and stored credentials. Scenario 02 of the Toolkit analyses cyber espionage against government departments; economic cyber espionage is discussed in Scenario 09.

Quick links

FAQ – Frequently asked questions about the project and the Toolkit.
All articles – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
Keywords – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
Legal concepts – Overview of all legal concepts from different branches of international law used across the Toolkit content.
Examples – List of real-world incidents that have inspired the analysis in the Toolkit.
National positions (NEW!) – List of publicly available national positions on the application of international law to cyber operations.
Glossary – Glossary of the technical terms used in the Toolkit.
Short form citation – Abbreviated references for the most commonly used citations in the Toolkit.
Bibliography – Bibliography of resources used in the creation and development of the Toolkit.
People – List of all people involved in the project (including scenario authors, peer reviewers, research assistants...).

Behind the scenes

The project is supported by the following six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China. The core of the project team consists of Dr Kubo Mačák (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 peer reviewers. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 22 September 2021; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.

@@ Line 99: / Line 99: @@
 <!-- INCIDENT 18-->
 <div id="mp-itn" style="padding:0.1em 0.6em;">[[File:256px-UN_emblem_blue.svg.png|left|150px]]
-On 9 September 2021, Bloomberg [ https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year reported] that the United Nations’ computer networks had been breached as of April that year. The cyber operation was first alerted to the UN by a cybersecurity company and later [ https://www.un.org/sg/en/content/sg/note-correspondents/2021-09-09/note-correspondents-response-questions-about-reported-cyberattack confirmed] by the UN Secretary General’s spokesperson who said that corrective actions were being implemented to mitigate the impact. Although there was no reported damage to the UN systems, [ https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ analysts] suggested that some of the exfiltrated data could be used to support future attacks against the UN or its agencies. Within the Toolkit, a similar operational methodology is addressed in  [[Scenario 2: Cyber espionage against government departments |Scenario 2]], while [[Scenario 4: A State’s failure to assist an international organization|Scenario 4]], specifically analyzes a hypothetical situation in which an international organization falls victim to cyber-attacks, and [[Scenario 12: Cyber operations against computer data|Scenario 12]] considers cyber operations against computer data.
+On 9 September 2021, Bloomberg [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year reported] that the United Nations’ computer networks had been breached as of April that year. The cyber operation was first alerted to the UN by a cybersecurity company and later [https://www.un.org/sg/en/content/sg/note-correspondents/2021-09-09/note-correspondents-response-questions-about-reported-cyberattack confirmed] by the UN Secretary General’s spokesperson who said that corrective actions were being implemented to mitigate the impact. Although there was no reported damage to the UN systems, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ analysts] suggested that some of the exfiltrated data could be used to support future attacks against the UN or its agencies. Within the Toolkit, a similar operational methodology is addressed in  [[Scenario 02: Cyber espionage against government departments |Scenario 02]], while [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]], specifically analyzes a hypothetical situation in which an international organization falls victim to cyber-attacks, and [[Scenario 12: Cyber operations against computer data|Scenario 12]] considers cyber operations against computer data.
 </div>
 </option>
@@ Line 105: / Line 105: @@
 <!-- INCIDENT 19-->
 <div id="mp-itn" style="padding:0.1em 0.6em;"> [[File:WaikatoHospital.jpg|left|150px]]
-On 18 May 2021, the computer information systems of five hospitals from the Waikato District Health Board in New Zealand were targeted by an unidentified group who [https://www.nzherald.co.nz/nz/waikato-dhb-cyber-attack-group-claims-responsibility-says-it-has-confidential-patient-details/OV6DORGTXIU474ANBCZH7NXZOY/ claimed responsibility] for the ransomware attack. The operation brought down more than 600 servers, hindering access to patient information and communications through the hospital’s lines, impeding the payment of wages and affecting laboratory and radiological services, which took several weeks to restore. The perpetrators accessed patient and staff confidential information and financial data and later [ https://www.rnz.co.nz/news/ldr/455535/waikato-dhb-warned-a-cyberattack-catastrophic-for-patient-safety  leaked it on the dark web], affecting more than 4,200 people. In the Toolkit, and [[Scenario 14: Ransomware campaign|Scenario 14]] addresses the issue of ransomware campaigns launched by non-State groups, and the situation of cyber operations against medical facilities is specifically considered in [[Scenario 20: Cyber operations against medical facilities|Scenario 20]].
+On 18 May 2021, the computer information systems of five hospitals from the Waikato District Health Board in New Zealand were targeted by an unidentified group who [https://www.nzherald.co.nz/nz/waikato-dhb-cyber-attack-group-claims-responsibility-says-it-has-confidential-patient-details/OV6DORGTXIU474ANBCZH7NXZOY/ claimed responsibility] for the ransomware attack. The operation brought down more than 600 servers, hindering access to patient information and communications through the hospital’s lines, impeding the payment of wages and affecting laboratory and radiological services, which took several weeks to restore. The perpetrators accessed patient and staff confidential information and financial data and later [https://www.rnz.co.nz/news/ldr/455535/waikato-dhb-warned-a-cyberattack-catastrophic-for-patient-safety leaked it on the dark web], affecting more than 4,200 people. In the Toolkit, and [[Scenario 14: Ransomware campaign|Scenario 14]] addresses the issue of ransomware campaigns launched by non-State groups, and the situation of cyber operations against medical facilities is specifically considered in [[Scenario 20: Cyber operations against medical facilities|Scenario 20]].
 </div>
 </option>
@@ Line 111: / Line 111: @@
 <!-- INCIDENT 20-->
 <div id="mp-itn" style="padding:0.1em 0.6em;">[[File:VIASAT official png.png|left|150px]]
-On 24 February 2022, a specific partition of modems from Viasat’s KASAT satellite network was targeted by a [https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/   wiper malware]  rendering thousands of broadband modems permanently inoperable in Ukraine – including those used by military and other governmental agencies – and other users across Europe, resulting in a major loss of internet communication (see more [[Viasat KA-SAT attack (2022)|here]]). The attack’s alleged [https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/   spillover]   included the outage of the remote monitoring and control of 5,800 wind turbines in Germany. The attack has been attributed by the  [https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/ US], the [https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion   UK], and the [https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/  Council of the EU],  to Russia, amid the intensification of the conflict in Ukraine. [https://www.reuters.com/world/europe/russia-behind-cyberattack-against-satellite-internet-modems-ukraine-eu-2022-05-10/  Russia] has repeatedly denied that it carries out offensive cyber operations. In the Toolkit, [[Scenario 3: Cyber operation against the power grid|Scenario 3 ]] addresses the impact of cyber operations on critical infrastructure, [[Scenario 10: Cyber weapons review|Scenario 10 ]] and [[Scenario 22: Cyber methods of warfare|Scenario 22 ]]  consider issues related to cyber means and methods of warfare, and [[Scenario 24: Internet blockage|Scenario 24]]  analyses a hypothetical situation of massive internet outage.
+On 24 February 2022, a specific partition of modems from Viasat’s KASAT satellite network was targeted by a [https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/   wiper malware]  rendering thousands of broadband modems permanently inoperable in Ukraine – including those used by military and other governmental agencies – and other users across Europe, resulting in a major loss of internet communication (see more [[Viasat KA-SAT attack (2022)|here]]). The attack’s alleged [https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/ spillover]   included the outage of the remote monitoring and control of 5,800 wind turbines in Germany. The attack has been attributed by the  [https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/ US], the [https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion   UK], and the [https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/  Council of the EU],  to Russia, amid the intensification of the conflict in Ukraine. [https://www.reuters.com/world/europe/russia-behind-cyberattack-against-satellite-internet-modems-ukraine-eu-2022-05-10/  Russia] has repeatedly denied that it carries out offensive cyber operations. In the Toolkit, [[Scenario 03: Cyber operation against the power grid|Scenario 03]] addresses the impact of cyber operations on critical infrastructure, [[Scenario 10: Cyber weapons review|Scenario 10 ]] and [[Scenario 22: Cyber methods of warfare|Scenario 22]]  consider issues related to cyber means and methods of warfare, and [[Scenario 24: Internet blockage|Scenario 24]]  analyses a hypothetical situation of massive internet outage.
 </div>
 </option>