FAQ



This is a list of frequently asked questions about using and contributing to the Cyber Law Toolkit.

What is the Cyber Law Toolkit?
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit consists of several hypothetical scenarios, each of which contains a description of cyber incidents inspired by real-world examples accompanied by detailed legal analysis.

Why did you create the Toolkit?
The Toolkit addresses a gap between the academia and practice as far as international cyber law is concerned. Although there is a growing body of research in this area of international law, its outputs are often not easily adaptable to the needs of legal practitioners dealing with cyber incidents on a daily basis. The Toolkit attempts to bridge this gap by providing accessible yet precise practical solutions to scenarios based on real-life examples of cyber operations with international law relevance.

Who is the target audience?
The Toolkit is primarily addressed to legal practitioners with a working knowledge of international law. However, the language used is comprehensive and explanatory and should be generally accessible to non-lawyers, as well. Each concept that underpins the analysis is explained in detail to provide a complete understanding of the relevant scenario. Whilst the target audience consists of those with a degree of familiarity with international law and specifically cyber law, it does not preclude those with a general interest in the area, but no relevant expertise, from reading, using and enjoying the content of the Toolkit.

Is the Toolkit applicable to my country?
The analytical focus of the Toolkit is on international law applicable to cyber operations. Since 2021, it also contains a regularly updated overview of the publicly available national positions on the application of international law to cyber operations. By contrast, it does not specifically address the domestic law of any particular country, nor does it adopt the view of any country or group of countries in its analysis. As such, it is applicable to all countries in the world – including yours.

Is the Toolkit continuously updated?
Yes, it is. You can track the most recent changes to the Toolkit through the Recent changes page.

Does the Toolkit represent the official views of the partner institutions?
No. The Toolkit does not represent the views of any of the partner institutions. The analysis in the Toolkit only reflects the views of the authors of the relevant content and it does not aspire to represent the views of any of the organizations that the authors are, or have been, affiliated with.

What is the future of the Toolkit?
We aspire to maintain and develop the Toolkit further on an ongoing basis. As technology develops and as international cyber law further grows in prominence, new scenarios, real-world examples and analysis will be added to ensure the Toolkit remains state-of-the-art in terms of both facts and law. If you wish to contribute to the future development of the Toolkit, please feel free to get in touch.

Which areas of law are covered by the Toolkit?
The Toolkit covers, in principle, the entirety of international law, ranging from general international law to international human rights law and humanitarian law. Please refer to the full List of articles to find out which specific topics of international law are covered.

Why is the Toolkit organized around specific scenarios?
The scenarios reflect the pragmatic approach of the Toolkit. The analysis in individual scenarios is based on actual cyber incidents with some relevance for international law. By gathering the relevant cyber incidents and the applicable law in a single place, the Toolkit offers an organized vision of the main legal issues at stake, while encouraging the development of international cyber law in the future.

Which scenarios does the Toolkit consist of?
Please refer to the Main Page, which contains an overview of all scenarios. You may also refer to the List of articles, which places the scenarios in the overall context of all substantive articles in the Toolkit. Also, when reading about a specific real-world example, you will find cross-references to the scenarios, which analyse legal issues that arise from the example in question. The Toolkit is continuously updated and new scenarios and other content are being added on an ongoing basis.

What was updated in the 2022/2023 annual update?
The 2022/23 general update of the Cyber Law Toolkit comprised numerous important additions. The Toolkit’s repository of landmark cyber incidents has grown by more than a third to the current total of 62 incidents. Some of the most recent incidents featured in the Toolkit include the Viasat KA-SAT hack, the Predatory Sparrow incident and the Kazakhstan internet blockage, all from 2022. Furthermore, the Toolkit now contains three new scenarios, which cover export licensing of intrusion tools in peacetime, contesting and redirecting ongoing attacks in time of armed conflict, and extraterritorial incidental civilian cyber harm under international human rights law. Finally, the repository of landmark national positions has been updated and now comprises over 30 such positions.

What is the structure of individual scenarios?
In brief, every scenario consists of the following sections:
 * 0 Executive summary (presented without a section header)
 * 1 Scenario (keywords, factual description, and real-world examples)
 * 2 Legal analysis (the central part of the scenario; see Note on the structure of analysis for its internal structure)
 * 3 Checklist (questions for legal advisors facing similar situations in practice)
 * 4 Appendixes (further information, such as other relevant articles in the toolkit; endnotes; and bibliography)

How does the analysis in the Toolkit relate to real life?
Virtually all scenarios are accompanied by a list of real-world examples. The scenarios are hypothetical, but there are many similarities between the hypothetical facts and the real incidents. The Toolkit aims to make the legal analysis in the individual scenarios easily adaptable to existing and future real-life incidents.

Does the Toolkit reflect the approach of a certain country or legal school to international law?
No. The starting point of the Toolkit is that, as a matter of principle, international law does apply to the conduct in cyberspace. This reflects the currently existing broad consensus in the international community as well as in the scholarly writing. Beyond this foundational assumption, the analysis in the Toolkit only reflects the views of the authors of the relevant content and it does not aspire to represent any particular country or school of thought.

Where can I find further resources about the application of international law in cyberspace?
Although non-exhaustive, each scenario provides a list of relevant bibliography and further readings. In addition, a consolidated list of sources used in the creation of the Toolkit can be found in the general Bibliography section.

How do I use the Toolkit?
The Toolkit may be explored and utilized in a number of different ways. First of all, you may want to browse the hypothetical scenarios (available from the Main Page or at this link), each of which contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. In addition, you may explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.

Why is this an online resource, and not simply a book?
The online format allows us to continuously update the Toolkit as new incidents arise, new national positions are issued or new developments in the applicable law emerge. The wiki format allows collaborative work on the Toolkit as well as highlighting interconnections between the various parts of the analysis.

How reliable is the Toolkit?
The Toolkit is based on reliable and publicly available sources. A continuously updated list of sources can be found in the Bibliography of the Toolkit.

The analysis aims to provide a clear guidance, but when the law is unsettled, this is noted and the existing reasonable views are explained. All scenarios have been peer-reviewed. The real-life examples in the Toolkit are based on a variety of public and primary sources aiming at including the different available views on each reported incident.

I am dealing with an actual cyber incident, but none of the scenarios matches the factual situation. What can I do?
You may want to browse the existing content by reference to the individual keywords, by reviewing the overall article structure, or through the full-text search function (available in the top-right corner of every page). In addition, it may well be that your cyber incident shares some similarity with one of the real-world examples detailed in this Toolkit. If that is so, you will find links to specific scenarios where aspects of the example in question are analysed from the legal perspective. Finally, you are welcome to contact us to suggest new content for the Toolkit.

How do I cite Toolkit articles?
We suggest the following format for citations:

If you require a permanent URL for any specific page in the Toolkit, you may generate one by clicking on the “Cite this page” link on the banner visible on the left-hand side of each content page.

What is the aim of the project?
The overarching aim of this project is to promote knowledge and develop expertise among legal advisors and decision-makers confronted by the need to respond efficiently to the challenges posed by modern technology and cyber operations from the perspective of international law. The project strives to achieve this aim by developing, testing, publishing and disseminating an interactive toolkit for the primary benefit of non-academic end users, thus assisting legal advisors and decision-makers in understanding and assessing the law applicable to cyber operations. In short, the aim of the project is to create and maintain the resource that is in front of you right now – the Cyber Law Toolkit.

How is the project financed?
The pilot year of the project (2018/19) was financed from a grant from the UK’s Economic and Social Research Council (Impact Acceleration Account). All partner institutions have also provided in-kind contributions to the project.

Which organizations and individuals are behind the Cyber Law Toolkit?
The project is supported by the following six partner institutions (listed in alphabetical order): Partner institutions contribute to the project in various ways, including by providing their expertise as well as in-kind, or financial support towards the development, maintenance, and dissemination of the Toolkit. For an overview of the people that have contributed to the project since its inception, please refer to this section.
 * Czech National Cyber and Information Security Agency (Národní úřad pro kybernetickou a informační bezpečnost, NÚKIB)
 * International Committee of the Red Cross (ICRC)
 * NATO Co-operative Cyber Defence Centre of Excellence (CCDCOE)
 * United States Naval War College (USNWC)
 * University of Exeter
 * Wuhan University

What is the relationship between the Cyber Law Toolkit and the Tallinn Manual?
The Cyber Law Toolkit and the Tallinn Manual are two independent projects with partially overlapping focus and audience, and a common partner institution, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Both have become influential resources for legal advisers and policy experts dealing with cyber issues and international law. While the Tallinn Manual presents a compendium of the existing international law applicable to cyber operations that was drafted by a group of legal experts, the aim of the Toolkit is to apply the law to realistic fact patterns and thus help bridge the gap between theory and practice. More convergence can be expected in the future when the Tallinn Manual 3.0 project is completed.

Can I use the Toolkit in academia for educational purposes?
Yes. The Toolkit is made available on an open access basis. You are welcome to use it for educational purposes, as long as appropriate credit is given to the authors of the relevant articles and the project as a whole. For a recommended citation format, please see above under “How do I cite Toolkit articles?”.

I am a journalist. How can I get in touch with the project team?
Thank you for your interest in the Toolkit. Please feel free to contact us at the project e-mail (cyberlaw@exeter.ac.uk) and include the words "Media inquiry" in the subject line of your message.

Can I edit the articles? How do I do that?
Yes you can. The Toolkit is a Wiki, which means that anyone can edit the articles it consists of. Please click on the "Edit" tab at the top of the page you would like to edit. This will bring you to a page with a text box containing the editable text of that page. After you finish editing, please include a brief summary of your changes in the box at the bottom of the page. You are welcome to identify yourself if you wish to do so. Do not forget to save the changes. All changes go through a moderation process, so please note that they will not appear online immediately. For further information about editing Wiki pages, please refer to the MediaWiki help center.

How do I add a new article?
For technical advice, please refer to the MediaWiki help page "Starting a new page". Please note that any new pages will be reviewed by the Toolkit editors and may not appear online for a while. If you want to propose a new content page (such as a new scenario or an example page), it is probably a better idea to contact us before creating the page without consultation.

Every year, we issue a call for submission of new scenario proposals to be considered for the next annual update of the Toolkit. You can see an example from 2021/22 at this link.

I have discovered a mistake. How do I report it? And can I fix it myself?
You are welcome to contact us to report the mistake. However, if you can fix the mistake yourself by proposing an alternative or new text to the relevant page, please feel free to edit the page in question accordingly. You may also note the problem in the Discussion page associated with the page you are reading (please see below).

What is the “Discussion” feature about and how can I use it?
Every content page in the Toolkit has an associated Discussion page, which can be used for discussion on the relevant topics and communication with the Toolkit team and with other users. These pages are accessed by clicking the "Discussion" tab at the top of the relevant page. For technical advice on the functioning of these pages, please refer to the MediaWiki help page "Talk pages".

Why did you choose the included examples?
Although it is beyond the scope of the Toolkit to provide a detailed analysis of the links between each individual example and the potentially relevant scenarios, you may find more details about the examples by opening their relevant content page (e.g. Stuxnet (2010)). Each page summarizes in a table format the real-world incident(s) and provides links to all scenarios in which these are referred to.

Why did you structure the analysis of the scenarios in this way?
Please refer to the Note on the structure of articles for a detailed explanation of the structure of the analytical section of the scenarios. The specific legal issues analysed in the individual scenarios were selected in a collaborative process with a group of external experts and the analysis was then reviewed by several independent peer reviewers.

What is the purpose of the checklist at the end of each scenario?
The checklist contains questions for legal practitioners facing situations similar to those described in the scenario. It provides the user with an overview of the salient issues arising in the scenario and is a quick way of verifying that all such matters have been addressed.

I don’t understand the technical terms or abbreviations used in the texts. What can I do?
Please refer to the Glossary.

I have a question that is not addressed here. How can I contact you?
Please feel free to e-mail us at the project e-mail address (cyberlaw@exeter.ac.uk).