Difference between revisions of "Main Page"

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(adding the CfS 2021)
(47 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<div class="res-img no-pointer-events">[[File:MainBanner.jpg]]</div>
+
<div class="res-img no-pointer-events">[[File:MainBanner2020.jpg]]</div>
 
__NOTOC__
 
__NOTOC__
 +
__NONUMBEREDHEADINGS__
 
<!--      TOP BOX        -->
 
<!--      TOP BOX        -->
 
<div id="mp-topbanner" style="clear:both; position:relative; box-sizing:border-box; width:100%; margin:1.2em 0 6px; min-width:47em; border:1px solid #ddd; background-color:#bbceed; color:#000; white-space:nowrap;">
 
<div id="mp-topbanner" style="clear:both; position:relative; box-sizing:border-box; width:100%; margin:1.2em 0 6px; min-width:47em; border:1px solid #ddd; background-color:#bbceed; color:#000; white-space:nowrap;">
Line 14: Line 15:
 
| id="mp-left" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#fffbc4; vertical-align:top; color:#000;" |
 
| id="mp-left" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#fffbc4; vertical-align:top; color:#000;" |
 
<h2 id="mp-tfa-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">About the project</h2>
 
<h2 id="mp-tfa-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">About the project</h2>
<div id="mp-tfa" style="padding:0.1em 0.6em;">The '''Cyber Law Toolkit''' is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and [[Glossary#Cyber_operations|cyber operations]]. You can explore the Toolkit in a number of different ways. At its heart, the Toolkit consists of 13 (and counting) hypothetical [[:Category:Scenario|scenarios]], each of which contains a description of cyber incidents inspired by real-world examples accompanied by detailed legal analysis. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for [[Special:Categories|keywords]] you’re interested in; by viewing its overall [[List of articles|article structure]]; or by reading about individual [[List_of_articles#Real-world_examples|real-world examples]] that had inspired the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.</div>
+
<div id="mp-tfa" style="padding:0.1em 0.6em;">The '''Cyber Law Toolkit''' is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and [[Glossary#C|cyber operations]]. The Toolkit may be explored and utilized in a number of different ways. At its heart, it consists of 19 hypothetical [[:Category:Scenario|scenarios]], to which more will be added in the future. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for [[keywords]] you’re interested in; by viewing its overall [[List of articles|article structure]]; or by reading about individual [[List_of_articles#Real-world_examples|real-world examples]] that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.</div>
 
<h2 id="mp-dyk-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">Cyber law scenarios</h2>
 
<h2 id="mp-dyk-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">Cyber law scenarios</h2>
 
<div id="mp-dyk" style="padding:0.1em 0.6em 0.5em;">
 
<div id="mp-dyk" style="padding:0.1em 0.6em 0.5em;">
 
{| class="wikitable" style="text-align: center"
 
{| class="wikitable" style="text-align: center"
|[[File:Scenario_01.jpg|center|120px|link=Scenario 01: Election interference]][[Scenario 01: Election interference|S01 (Election interference)]]
+
|[[File:Scenario_01.jpg|center|120px|link=Scenario 01: Election interference]][[Scenario 01: Election interference|S01<br>Election<br>interference]]
|[[File:Enigma, 1923, Deutschland.JPG|center|120px|link=Scenario 02: Cyber espionage against government departments]][[Scenario 02: Cyber espionage against government departments|S02 (Political espionage)]]
+
|[[File:Scenario 02.jpg|center|120px|link=Scenario 02: Cyber espionage against government departments]][[Scenario 02: Cyber espionage against government departments|S02<br>Political<br>espionage]]
|[[File:Scenario_03.jpg|center|120px|link=Scenario 03: Cyber operation against the power grid]][[Scenario 03: Cyber operation against the power grid|S03 (Power grid)]]
+
|[[File:Scenario_03.jpg|center|120px|link=Scenario 03: Cyber operation against the power grid]][[Scenario 03: Cyber operation against the power grid|S03<br>Power<br>grid]]
|[[File:Flags.jpg|center|120px|link=Scenario 04: A State’s failure to assist an international organization]][[Scenario 04: A State’s failure to assist an international organization|S04 (International organization)]]
+
|[[File:Flags.jpg|center|120px|link=Scenario 04: A State’s failure to assist an international organization]][[Scenario 04: A State’s failure to assist an international organization|S04<br>International<br>organization]]
 
|-
 
|-
|[[File:The Bronze Soldier - panoramio.jpg|center|120px|link=Scenario 05: State investigates and responds to cyber operations against private actors in its territory]][[Scenario 05: State investigates and responds to cyber operations against private actors in its territory|S05 (Criminal investigation)]]
+
|[[File:Scenario 05.jpg|center|120x120px|link=Scenario 05: State investigates and responds to cyber operations against private actors in its territory]][[Scenario 05: State investigates and responds to cyber operations against private actors in its territory|S05<br>Criminal<br>investigation]]
|[[File:Hacker2.jpg|center|120px|link=Scenario 06: Cyber countermeasures against an enabling State]][[Scenario 06: Cyber countermeasures against an enabling State|S06 (Enabling State)]]
+
|[[File:Hacker2.jpg|center|120px|link=Scenario 06: Cyber countermeasures against an enabling State]][[Scenario 06: Cyber countermeasures against an enabling State|S06<br>Enabling<br>State]]
|[[File:Scenario_07.jpg|center|120px|link=Scenario 07: Leak of State-developed hacking tools]][[Scenario 07: Leak of State-developed hacking tools|S07 (Hacking tools)]]
+
|[[File:Scenario_07.jpg|center|120px|link=Scenario 07: Leak of State-developed hacking tools]][[Scenario 07: Leak of State-developed hacking tools|S07<br>Hacking<br>tools]]
|[[File:20121020200412!Basel 2012-10-06 Batch Part 5 (36).JPG|alt=|center|120px]][[Scenario 08: Certificate authority hack|S08 (Certificate authority)]]
+
|[[File:Scenario 08.jpg|center|120px|link=Scenario 08: Certificate authority hack]][[Scenario 08: Certificate authority hack|S08<br>Certificate<br>authority]]
 
|-
 
|-
|[[File:Su25-kompo-vers2.svg|center|120px|link=Scenario 09: Economic cyber espionage]][[Scenario 09: Economic cyber espionage|S09 (Economic espionage)]]
+
|[[File:Su25-kompo-vers2.svg|center|120px|link=Scenario 09: Economic cyber espionage]][[Scenario 09: Economic cyber espionage|S09<br>Economic<br>espionage]]
|[[File:Cyberweapon.jpg|center|120px|link=Scenario 10: Cyber weapons review]][[Scenario 10: Cyber weapons review|S10 (Cyber weapons)]]
+
|[[File:Cyberweapon.jpg|center|120px|link=Scenario 10: Legal review of cyber weapons]][[Scenario 10: Legal review of cyber weapons|S10<br>Cyber<br>weapons]]
|[[File:Scenario_11.jpg|center|120px|link=Scenario 11: Sale of surveillance tools in defiance of international sanctions]][[Scenario 11: Sale of surveillance tools in defiance of international sanctions|S11 (Surveillance tools)]]
+
|[[File:Scenario_11.jpg|center|120px|link=Scenario 11: Sale of surveillance tools in defiance of international sanctions]][[Scenario 11: Sale of surveillance tools in defiance of international sanctions|S11<br>Surveillance<br>tools]]
|[[File:Data2.jpg|center|120px|link=Scenario 12: Cyber operations against computer data]][[Scenario 12: Cyber operations against computer data|S12 (Computer data)]]
+
|[[File:Data2.jpg|center|120px|link=Scenario 12: Cyber operations against computer data]][[Scenario 12: Cyber operations against computer data|S12<br>Computer<br>data]]
 
|-
 
|-
|[[File:Scenario_13.jpg|center|120px|link=Scenario 13: Cyber operations as a trigger of the law of armed conflict]][[Scenario 13: Cyber operations as a trigger of the law of armed conflict|S13 (Armed conflict)]]
+
|[[File:Scenario_13.jpg|center|120px|link=Scenario 13: Cyber operations as a trigger of the law of armed conflict]][[Scenario 13: Cyber operations as a trigger of the law of armed conflict|S13<br>Armed<br>conflict]]
|
+
|[[File:Privacy-policy-445153 1920.jpg|center|120px|link=Scenario 14: Ransomware campaign]][[Scenario 14: Ransomware campaign|S14<br>Ransomware<br>campaign]]
|
+
|[[File:Shutterstock 1203082711 1920x1280.jpg|center|120px|link=Scenario 15: Cyber deception during armed conflict]][[Scenario 15: Cyber deception during armed conflict|S15<br>Cyber<br>deception]]
 +
|[[File:Shipsbridge-3x2.jpg|center|120px|link=Scenario 16: Cyber attacks against ships on the high seas]][[Scenario 16: Cyber attacks against ships on the high seas|S16<br>High<br>seas]]
 +
|-
 +
|[[File:Pexels-markus-spiske-1679618.jpg|center|120px|link=Scenario 17: Collective responses to cyber operations]][[Scenario 17: Collective responses to cyber operations|S17<br>Collective<br>responses]]
 +
|[[File:Cyber operator.jpeg|center|120px|link=Scenario 18: Legal status of cyber operators during armed conflict]][[Scenario 18: Legal status of cyber operators during armed conflict|S18<br>Cyber<br>operators]]
 +
|[[File:Social-3064515 1920.jpg|center|120px|link=Scenario 19: Hate speech]][[Scenario 19: Hate speech|S19<br>Hate<br>speech]]
 
|
 
|
 
|}
 
|}
Line 44: Line 50:
 
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2>
 
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2>
 
<choose uncached>
 
<choose uncached>
 +
 +
<option>
 +
<!-- INCIDENT 4-->
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 +
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operators concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div>
 +
</option>
 
<option>
 
<option>
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:NCSC-GRU.png|left|150px]]
+
<!-- INCIDENT 5-->
On 4 October 2018, the UK National Cyber Security Centre issued a [https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed statement] accusing the Russian military intelligence service (generally referred to under its previous abbreviation GRU for ''Glavnoye razvedyvatel'noye upravleniye'') of a series of cyber attacks “conducted in flagrant violation of international law”. These attacks have ranged from [[DNC email leak (2016)|hacking the Democratic National Committee]] in the US and publishing its documents online, to attempting to compromise the UK Foreign and Commonwealth Office systems through a spearphishing attack, to using ransomware to cause disruption to Ukrainian public transport systems. Some of these attacks allegedly attributable to the GRU display factual pattern similar to several of the toolkit scenarios. In particular, [[Scenario 01: Election interference|Scenario 01]] considers the law relevant to electoral interference using cyber means; [[Scenario 02: Cyber espionage against government departments|Scenario 02]] considers the extent to which cyber espionage targeted against another State’s foreign ministry violates international law; and [[Scenario 03: Cyber attack against the power grid|Scenario 03]] looks at the extent to which disruption of public utilities and other critical infrastructure violates international law.</div></option>
+
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:IDF_Hamas.png|left|150px]]
 +
In early May 2019, hostilities flared up again in the context of the armed conflict between Israel and Palestine. According to [https://www.nytimes.com/2019/05/05/world/middleeast/gaza-rockets-israel-palestinians.html news reports], hundreds of rockets were fired on Israel, while the Israel Defense Forces (IDF) answered with artillery and airstrikes. Remarkably, the Israeli response included also a kinetic attack allegedly aimed at countering a hostile cyber operation conducted by Hamas. In particular, the IDF [https://twitter.com/IDF/status/1125066395010699264 announced on Twitter] that it had “thwarted an attempted Hamas cyber offensive” and subsequently conducted an air strike against the Hamas Cyber Headquarters. The announcement has sparked a [https://www.linkedin.com/pulse/retaliatory-cyber-attacks-legal-precedent-time-israel-singer/ debate] [https://www.lawfareblog.com/crossing-cyber-rubicon-overreactions-idfs-strike-hamas-cyber-facility whether] this operation sets a legal precedent from the perspective of international law. Within the Toolkit, [[Scenario 03: Cyber attack against the power grid|Scenario 03]] considers when a cyber operation may qualify as a use of force under international law and [[Scenario 12: Cyber operations against computer data|Scenario 12]] analyses aspects of the law of targeting with respect to cyber operations.</div>
 +
</option>
 
<option>
 
<option>
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:SingHealth_logo.jpg|left|150px]]
+
<!-- INCIDENT 6-->
In July 2018, Singapore’s health system (SingHealth) was infiltrated by malware and the personal particulars of about 1.5 million people were [https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html stolen]. Among the victims of the hack were some prominent Singaporean politicians, including the prime minister. Only data containing personal information of the patients like name, date of birth, address, gender, etc was taken. However, the records were neither deleted nor edited. According to the [https://www.youtube.com/watch?time_continue=28&v=RsjUUgGpqA8 statement] of the Health Minister Gan Kim Yong, this attack was “unprecedented”. The professionalism with which the attack was conducted and the fact that records of politicians were affected made the Cyber Security Agency of Singapore (CSA) and the government suspect that another State may have been [https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security involved]. Yet, no specific allegations have been made in this regard. Although none of the existing scenarios analyses a cyber incident involving patient records, the cyber operations against SingHealth are related to scenarios [[Scenario 01: Election interference|01]] and [[Scenario 02: Cyber espionage against government departments|02]], which consider whether exfiltration of data amounts to a violation of State sovereignty.</div>
+
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Huawei featured incident - cropped.png|left|150px]]
 +
In September 2019, Huawei released a [https://www.huawei.com/en/facts/voices-of-huawei/media-statement-regarding-reported-us-doj-probes-into-huawei?utm_medium=sm&utm_source=facts_twitter&utm_campaign=WSJOliviera media statement] accusing the US government of “disrupting” Huawei’s business operations with “every tool at its disposal” including the launch of “cyber attacks to infiltrate Huawei's intranet and internal information systems”. The accusation came three days after a [https://www.wsj.com/articles/u-s-prosecutors-probe-huawei-on-new-allegations-of-technology-theft-11567102622?mod=article_inline Wall Street Journal article] which had reported about the US Department of Justice investigations into Huawei for alleged technology theft. In the Toolkit, [[Scenario 09: Economic cyber espionage|Scenario 09]] assesses the lawfulness of economic cyber espionage under international law. In addition, [[Scenario 05: State investigates and responds to cyber operations against private actors in its territory|Scenario 05]] considers the legal limits to the exercise of law enforcement by one State in response to malicious cyber operations from another.</div>
 
</option>
 
</option>
 
<option>
 
<option>
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:DHS.png|left|150px]]
+
<!-- INCIDENT 7-->
On 27 July 2018, the ''New York Times'' [https://www.nytimes.com/2018/07/27/us/politics/russian-hackers-electric-grid-elections-.html reported] a statement from the US Department of Homeland Security (DHS) that a 2017 cyber campaign by Russia had allegedly compromised the networks of several electrical utility companies in the US. The DHS [https://www.bbc.co.uk/news/technology-44937787 linked] the attack to the Russian group known as Dragonfly or Energetic Bear. The DHS [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 stated] that the attacks put the infiltrators in a position where they were capable of causing blackouts on the US territory. The department [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 cited] "hundreds of victims", greater than previously acknowledged. The statement was preceded by a [https://www.us-cert.gov/ncas/alerts/TA18-074A joint alert] issued by the DHS and the Federal Bureau of Investigation (FBI) in March 2018, warning network defenders of Russian threats to US critical infrastructure sectors including energy, water, and aviation. [[Scenario 03: Cyber attack against the power grid|Scenario 03]] specifically considers and assesses the impact of one State conducting a cyber operation against the electrical grid of another State.</div>
+
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Turla featured incident - cropped.png|left|150px]]
 +
In October 2019, the UK’s National Cyber Security Centre (NCSC) and the US National Security Agency (NSA) issued a report on the activities of the hacker group Turla, suspected to be based in Russia. The report [https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims claimed] that two malicious tools – previously [https://www.ncsc.gov.uk/news/turla-group-malware identified] as being used by Turla – were Iranian in origin. Allegedly, Turla was now using these tools independently to exploit them for its own intelligence aims. While the report acknowledged the difficulties of attributing cyber operations, it claimed that Turla had had access to Iranian tools and thus had most likely compromised Iran’s operational as well as command-and-control infrastructure. The tools have allegedly [https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/ been used] for espionage against foreign governments, most likely in the [https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments Middle East]. Within the Toolkit, [[Scenario 02: Cyber espionage against government departments|scenario 02]] considers the legality of cyber espionage against government departments and [[Scenario 07: Leak of State-developed hacking tools|scenario 07]] considers the leak of State-developed hacking tools and their subsequent repurposing by malicious actors.</div>
 
</option>
 
</option>
 
<option>
 
<option>
 +
<!-- INCIDENT 8-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operatives concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div>
+
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div>
 +
</option>
 +
<option>
 +
<!-- INCIDENT 9-->
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Unemblem.gif|left|150px]]
 +
On 29 January 2020, ''The New Humanitarian'' [https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack?utm_source=The+New+Humanitarian&utm_campaign=c8dddbbc45-EMAIL_CAMPAIGN_2020_01_29&utm_medium=email&utm_term=0_d842d98289-c8dddbbc45-75573037 reported] that dozens of servers were “compromised” at the United Nations offices in Geneva and Vienna. The attack dated back to July 2019 and affected staff records, health insurance, and commercial contract data. According to an unnamed UN official cited in an Associated Press [https://apnews.com/0d958e15d7f5081dd612f07482f48b73 report] on the same day, the level of sophistication was so high that it was possible a State-backed actor might have been behind it. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, the impact of which could and should have been averted by the host State.</div>
 +
</option>
 +
<option>
 +
<!-- INCIDENT 10-->
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:EUCouncil.png|left|150px]]
 +
On 30 July 2020, the Council of the European Union [https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ decided] to impose restrictive measures against six individuals and three entities considered to be responsible for or involved in various hostile cyber operations. These included the [[Attempted hack of the OPCW (2018)|attempted hack of the Organization for the Prohibition of Chemical Weapons (OPCW)]] and the [[WannaCry (2017)|WannaCry]] and [[NotPetya (2017)|NotPetya]] incidents. The sanctions imposed included a travel ban and an asset freeze. In addition, EU persons and entities were prohibited from making funds available to those listed. This was the first time the EU has imposed restrictive measures of this kind. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, and [[Scenario 17: Collective responses to cyber operations|Scenario 17]] discusses the legality of targeted restrictive measures of this kind from the perspective of international law.</div>
 +
</option>
 +
<option>
 +
<!-- INCIDENT 11-->
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]]
 +
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad.</div>
 
</option>
 
</option>
 
</choose>
 
</choose>
 
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2>
 
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2>
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported through the [https://esrc.ukri.org/collaboration/collaboration-oportunities/impact-acceleration-accounts/ UK ESRC IAA Project Co-Creation] scheme. Partner institutions include the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom; [https://ccdcoe.org/ NATO Co-operative Cyber Defence Centre of Excellence] (CCD COE) in Tallinn, Estonia; and the [https://www.govcert.cz/en/ Czech National Cyber and Information Security Agency] (NCISA) in Brno, Czechia. The project team is composed of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] (Exeter); Mr Tomáš Minárik (CCD COE); and Ms Taťána Jančárková (NCISA). The individual scenarios and the Toolkit as such have been reviewed by a team of over 20 [[peer reviewers]]. The Toolkit was formally launched on [XX] May 2019 in Tallinn, Estonia, and it is continuously updated by a team led by Mr Minárik. For questions about the project including media enquiries, please contact us at [projectadress]@exeter.ac.uk. </div>
+
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported by the following five partner institutions: the [https://www.govcert.cz/en/ Czech National Cyber and Information Security Agency] (NÚKIB), the [https://www.icrc.org International Committee of the Red Cross] (ICRC), the [https://ccdcoe.org/ NATO Cooperative Cyber Defence Centre of Excellence] (CCD COE), the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom, and [https://en.whu.edu.cn Wuhan University], China. The core of the project team consists of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCD COE) – Scenario Editor. The pilot year of the project (2018/19) was supported through the [https://esrc.ukri.org/collaboration/collaboration-oportunities/impact-acceleration-accounts/ UK ESRC IAA Project Co-Creation] scheme. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 [[People#Peer_reviewers|peer reviewers]]. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its first general annual update on 2 October 2020; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.</div>
 
|}
 
|}
 
<!--        END OF MIDDLE BOX          -->
 
<!--        END OF MIDDLE BOX          -->
Line 70: Line 102:
 
*'''[[FAQ]]''' – Frequently asked questions about the project and the Toolkit.
 
*'''[[FAQ]]''' – Frequently asked questions about the project and the Toolkit.
 
*'''[[List of articles|All articles]]''' – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
 
*'''[[List of articles|All articles]]''' – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
*'''[[Special:Categories|Keywords]]''' – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
+
*'''[[Keywords]]''' – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
 
* [[List_of_articles#Real-world_examples|'''Examples''']] – List of real-world incidents that have inspired the analysis in the Toolkit.
 
* [[List_of_articles#Real-world_examples|'''Examples''']] – List of real-world incidents that have inspired the analysis in the Toolkit.
 
*'''[[Glossary]]''' – Glossary of the technical terms used in the Toolkit.
 
*'''[[Glossary]]''' – Glossary of the technical terms used in the Toolkit.
Line 77: Line 109:
 
<!-- *'''[[Editing rules]]''' - Note on the editing of articles. Please read this if you would like to help us develop the content of the Toolkit. -->
 
<!-- *'''[[Editing rules]]''' - Note on the editing of articles. Please read this if you would like to help us develop the content of the Toolkit. -->
 
*'''[[People]]''' – List of all people involved in the projec{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}t (including scenario authors, peer reviewers, research assistants...).
 
*'''[[People]]''' – List of all people involved in the projec{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}t (including scenario authors, peer reviewers, research assistants...).
 +
<h2>Call for submissions</h2>
 +
Cyber Law Toolkit is now inviting submissions for its next general update in 2021. Successful authors will be awarded an honorarium. This call for submissions is open until 15 November 2020. Full text of the call with submission dates and contacts is available for download here: [https://ccdcoe.org/uploads/2020/10/Call-for-Submissions-2020-2021.pdf PDF]
  
 
</div>
 
</div>
Line 85: Line 119:
 
</div>
 
</div>
 
...AND THIS LINE -->
 
...AND THIS LINE -->
 
+
<!-- REMOVED OLD INCIDENTS
 +
<option>
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:SingHealth_logo.jpg|left|150px]]
 +
In July 2018, Singapore’s health system (SingHealth) was infiltrated by malware and the personal particulars of about 1.5 million people were [https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html stolen]. Among the victims of the hack were some prominent Singaporean politicians, including the prime minister. Only data containing personal information of the patients like name, date of birth, address, gender, etc was taken. However, the records were neither deleted nor edited. According to the [https://www.youtube.com/watch?time_continue=28&v=RsjUUgGpqA8 statement] of the Health Minister Gan Kim Yong, this attack was “unprecedented”. The professionalism with which the attack was conducted and the fact that records of politicians were affected made the Cyber Security Agency of Singapore (CSA) and the government suspect that another State may have been [https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security involved]. Yet, no specific allegations have been made in this regard. Although none of the existing scenarios analyses a cyber incident involving patient records, the cyber operations against SingHealth are related to scenarios [[Scenario 01: Election interference|01]] and [[Scenario 02: Cyber espionage against government departments|02]], which consider whether exfiltration of data amounts to a violation of State sovereignty.</div>
 +
</option>
 +
<option>
 +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:DHS.png|left|150px]]
 +
On 27 July 2018, the ''New York Times'' [https://www.nytimes.com/2018/07/27/us/politics/russian-hackers-electric-grid-elections-.html reported] a statement from the US Department of Homeland Security (DHS) that a 2017 cyber campaign by Russia had allegedly compromised the networks of several electrical utility companies in the US. The DHS [https://www.bbc.co.uk/news/technology-44937787 linked] the attack to the Russian group known as Dragonfly or Energetic Bear. The DHS [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 stated] that the attacks put the infiltrators in a position where they were capable of causing blackouts on the US territory. The department [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 cited] "hundreds of victims", greater than previously acknowledged. The statement was preceded by a [https://www.us-cert.gov/ncas/alerts/TA18-074A joint alert] issued by the DHS and the Federal Bureau of Investigation (FBI) in March 2018, warning network defenders of Russian threats to US critical infrastructure sectors including energy, water, and aviation. [[Scenario 03: Cyber attack against the power grid|Scenario 03]] specifically considers and assesses the impact of one State conducting a cyber operation against the electrical grid of another State.</div>
 +
</option>
 +
END OF REMOVED INCIDENTS -->
 
<!--          END OF PAGE        -->
 
<!--          END OF PAGE        -->

Revision as of 13:32, 12 October 2020

MainBanner2020.jpg


Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.

Other resources

  • FAQ – Frequently asked questions about the project and the Toolkit.
  • All articles – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
  • Keywords – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
  • Examples – List of real-world incidents that have inspired the analysis in the Toolkit.
  • Glossary – Glossary of the technical terms used in the Toolkit.
  • Short form citation – Abbreviated references for the most commonly used citations in the Toolkit.
  • Bibliography – Bibliography of resources used in the creation and development of the Toolkit.
  • People – List of all people involved in the project (including scenario authors, peer reviewers, research assistants...).

Call for submissions

Cyber Law Toolkit is now inviting submissions for its next general update in 2021. Successful authors will be awarded an honorarium. This call for submissions is open until 15 November 2020. Full text of the call with submission dates and contacts is available for download here: PDF