Main Page



__NONUMBEREDHEADINGS__

 Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.

 Other resources
 * FAQ – Frequently asked questions about the project and the Toolkit.
 * All articles – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
 * Keywords – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
 * Legal concepts – Overview of all legal concepts from different branches of international law used across the Toolkit content.
 * Examples – List of real-world incidents that have inspired the analysis in the Toolkit.
 * National positions – List of publicly available national positions on the application of international law to cyber operations.
 * Glossary – Glossary of the technical terms used in the Toolkit.
 * Short form citation – Abbreviated references for the most commonly used citations in the Toolkit.
 * Bibliography – Bibliography of resources used in the creation and development of the Toolkit.


 * People – List of all people involved in the project (including scenario authors, peer reviewers, research assistants...).

<!-- REMOVED OLD INCIDENTS In July 2018, Singapore’s health system (SingHealth) was infiltrated by malware and the personal particulars of about 1.5 million people were stolen. Among the victims of the hack were some prominent Singaporean politicians, including the prime minister. Only data containing personal information of the patients like name, date of birth, address, gender, etc was taken. However, the records were neither deleted nor edited. According to the statement of the Health Minister Gan Kim Yong, this attack was “unprecedented”. The professionalism with which the attack was conducted and the fact that records of politicians were affected made the Cyber Security Agency of Singapore (CSA) and the government suspect that another State may have been involved. Yet, no specific allegations have been made in this regard. Although none of the existing scenarios analyses a cyber incident involving patient records, the cyber operations against SingHealth are related to scenarios 01 and 02, which consider whether exfiltration of data amounts to a violation of State sovereignty. On 27 July 2018, the New York Times reported a statement from the US Department of Homeland Security (DHS) that a 2017 cyber campaign by Russia had allegedly compromised the networks of several electrical utility companies in the US. The DHS linked the attack to the Russian group known as Dragonfly or Energetic Bear. The DHS stated that the attacks put the infiltrators in a position where they were capable of causing blackouts on the US territory. The department cited "hundreds of victims", greater than previously acknowledged. The statement was preceded by a joint alert issued by the DHS and the Federal Bureau of Investigation (FBI) in March 2018, warning network defenders of Russian threats to US critical infrastructure sectors including energy, water, and aviation. Scenario 03 specifically considers and assesses the impact of one State conducting a cyber operation against the electrical grid of another State. END OF REMOVED INCIDENTS -->