Difference between revisions of "Main Page"

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(obsoleted incidents 4 through 8)
m (25, not 24)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<div class="res-img no-pointer-events">[[File:MainBanner.jpg]]<!-- REPLACE WITH: [[File:MainBanner21.jpg]]--></div>
+
<div class="res-img no-pointer-events"><!-- OLD BANNER: [[File:MainBanner.jpg]]-->[[File:MainBanner21.jpg]]</div>
 
__NOTOC__
 
__NOTOC__
 
__NONUMBEREDHEADINGS__
 
__NONUMBEREDHEADINGS__
Line 13: Line 13:
 
{| role="presentation" id="mp-upper" style="width: 100%; margin-top:4px; border-spacing: 0px;"
 
{| role="presentation" id="mp-upper" style="width: 100%; margin-top:4px; border-spacing: 0px;"
 
<!-- ABOUT THE PROJECT and SCENARIOS -->
 
<!-- ABOUT THE PROJECT and SCENARIOS -->
| id="mp-left" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#fffbc4; vertical-align:top; color:#000;" |
+
| id="mp-left" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#ffffff; vertical-align:top; color:#000;" |
 
<h2 id="mp-tfa-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">About the project</h2>
 
<h2 id="mp-tfa-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">About the project</h2>
<div id="mp-tfa" style="padding:0.1em 0.6em;">The '''Cyber Law Toolkit''' is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and [[Glossary#C|cyber operations]]. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 19 <!-- REPLACE WITH: 24-->hypothetical [[:Category:Scenario|scenarios]]. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for [[keywords]] you’re interested in; by viewing its overall [[List of articles|article structure]]; by browsing through the [[:Category:National position|national positions]] on international law in cyberspace; or by reading about individual [[List_of_articles#Real-world_examples|real-world examples]] that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.</div>
+
<div id="mp-tfa" style="padding:0.1em 0.6em;">The '''Cyber Law Toolkit''' is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and [[Glossary#C|cyber operations]]. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical [[:Category:Scenario|scenarios]]. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for [[keywords]] you’re interested in; by viewing its overall [[List of articles|article structure]]; by browsing through the [[:Category:National position|national positions]] on international law in cyberspace; or by reading about individual [[List_of_articles#Real-world_examples|real-world examples]] that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.</div>
 
<h2 id="mp-dyk-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">Cyber law scenarios</h2>
 
<h2 id="mp-dyk-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; color:#000; padding:0.2em 0.4em;">Cyber law scenarios</h2>
 
<div id="mp-dyk" style="padding:0.1em 0.6em 0.5em;">
 
<div id="mp-dyk" style="padding:0.1em 0.6em 0.5em;">
Line 42: Line 42:
 
|[[File:Cyber operator.jpeg|center|120px|link=Scenario 18: Legal status of cyber operators during armed conflict]][[Scenario 18: Legal status of cyber operators during armed conflict|S18<br>Cyber<br>operators]]
 
|[[File:Cyber operator.jpeg|center|120px|link=Scenario 18: Legal status of cyber operators during armed conflict]][[Scenario 18: Legal status of cyber operators during armed conflict|S18<br>Cyber<br>operators]]
 
|[[File:Social-3064515 1920.jpg|center|120px|link=Scenario 19: Hate speech]][[Scenario 19: Hate speech|S19<br>Hate<br>speech]]
 
|[[File:Social-3064515 1920.jpg|center|120px|link=Scenario 19: Hate speech]][[Scenario 19: Hate speech|S19<br>Hate<br>speech]]
|<!--ACTIVATE THIS[[File:Scn20.jpg|center|120px|link=Scenario 20: Cyber operations against medical facilities]][[Scenario 20: Cyber operations against medical facilities|S20<br>Medical<br>facilities]]
+
|[[File:Scn20.jpg|center|120px|link=Scenario 20: Cyber operations against medical facilities]][[Scenario 20: Cyber operations against medical facilities|S20<br>Medical<br>facilities]]
 
|-
 
|-
 
|[[File:Scn21.jpg|center|120px|link=Scenario 21: Misattribution caused by deception]][[Scenario 21: Misattribution caused by deception|S21<br>Misattribution<br>]]
 
|[[File:Scn21.jpg|center|120px|link=Scenario 21: Misattribution caused by deception]][[Scenario 21: Misattribution caused by deception|S21<br>Misattribution<br>]]
 
|[[File:Scn22.jpg|center|120px|link=Scenario 22: Cyber methods of warfare]][[Scenario 22: Cyber methods of warfare|S22<br>Methods <br>of warfare]]
 
|[[File:Scn22.jpg|center|120px|link=Scenario 22: Cyber methods of warfare]][[Scenario 22: Cyber methods of warfare|S22<br>Methods <br>of warfare]]
 
|[[File:Scn23.jpg|center|120px|link=Scenario 23: Vaccine research and testing]][[Scenario 23: Vaccine research and testing|S23<br>Vaccine<br>research]]
 
|[[File:Scn23.jpg|center|120px|link=Scenario 23: Vaccine research and testing]][[Scenario 23: Vaccine research and testing|S23<br>Vaccine<br>research]]
|[[File:Scn24.jpg|center|120px|link=Scenario 24: Internet blockage]][[Scenario 24: Internet blockage|S24<br>Internet<br>blockage]]-->
+
|[[File:Scn24.jpg|center|120px|link=Scenario 24: Internet blockage]][[Scenario 24: Internet blockage|S24<br>Internet<br>blockage]]
  +
|-
  +
|[[File:Scn25.JPG|center|120px|link=Scenario 25: Cyber disruption of humanitarian assistance]][[Scenario 25: Cyber disruption of humanitarian assistance|S25<br>Humanitarian<br>assistance]]
  +
|
  +
|
  +
|
 
|}
 
|}
 
</div>
 
</div>
 
| style="border:1px solid transparent;" |
 
| style="border:1px solid transparent;" |
 
<!-- FEATURED INCIDENT and BEHIND THE SCENES -->
 
<!-- FEATURED INCIDENT and BEHIND THE SCENES -->
| id="mp-right" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#ffe8f0; vertical-align:top;"|
+
| id="mp-right" class="MainPageBG" style="width:50%; border:1px solid #bbceed; padding:0; background:#ffffff; vertical-align:top;"|
 
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2>
 
<h2 id="mp-itn-h2" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Featured incident</h2>
 
<choose uncached>
 
<choose uncached>
 
 
<option>
 
<option>
 
<!-- INCIDENT 9-->
 
<!-- INCIDENT 9-->
Line 69: Line 73:
 
<!-- INCIDENT 11-->
 
<!-- INCIDENT 11-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]]
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad.</div>
+
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad; [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] and [[Scenario 23: Vaccine research and testing|Scenario 23]] both focus on various cyber operations against hospitals.</div>
 
</option>
 
</option>
 
<option weight="2">
 
<option weight="2">
Line 80: Line 84:
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]
 
On 13 December 2020, FireEye [https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html announced] the discovery of an ongoing supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware. The [https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?r=US&IR=T victims] included many U.S. governmental organisations (such as the Department of Homeland Security, the Department of Energy, or the Treasury) and businesses (including Microsoft, Cisco, or Deloitte). Once the systems were infected, hackers could transfer files, execute files, profile the system, reboot the machines, or disable system services. The U.S. government has [https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure attributed] the attack to an ‘Advanced Persistent Threat Actor, likely Russian in origin’. Even though the campaign’s full scope remains unknown, recovering from the hack and conducting investigations may take up to [https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/ 18 months]. In the Toolkit, data theft and cyber espionage against government departments are analysed in [[Scenario 02: Cyber espionage against government departments|Scenario 02]]. Given that private sector organizations were among the victims, [[Scenario 09: Economic cyber espionage|Scenario 09]] on economic cyber espionage is also relevant.</div>
 
On 13 December 2020, FireEye [https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html announced] the discovery of an ongoing supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware. The [https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?r=US&IR=T victims] included many U.S. governmental organisations (such as the Department of Homeland Security, the Department of Energy, or the Treasury) and businesses (including Microsoft, Cisco, or Deloitte). Once the systems were infected, hackers could transfer files, execute files, profile the system, reboot the machines, or disable system services. The U.S. government has [https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure attributed] the attack to an ‘Advanced Persistent Threat Actor, likely Russian in origin’. Even though the campaign’s full scope remains unknown, recovering from the hack and conducting investigations may take up to [https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/ 18 months]. In the Toolkit, data theft and cyber espionage against government departments are analysed in [[Scenario 02: Cyber espionage against government departments|Scenario 02]]. Given that private sector organizations were among the victims, [[Scenario 09: Economic cyber espionage|Scenario 09]] on economic cyber espionage is also relevant.</div>
  +
</option>
  +
<option weight="2">
  +
<!-- INCIDENT 14-->
  +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Colonial Pipeline.png|left|150px]]
  +
On 7 May 2021, the Colonial Pipeline Company, one of the biggest fuel suppliers in the USA, experienced a ransomware attack. The perpetrators used a breach of a work account that allowed remote access to the internal network. The attack caused theft of nearly 100 GB of data, disruption of the company’s accountancy and preventive closure of the distributive network. These actions resulted in a panic that led to a buyout of fuel, a steep rise in its prices and fuel shortages. Governors of several US states declared a state of emergency.
  +
  +
According to the FBI, the perpetrator is believed to be the DarkSide gang, a private Russian speaking group motivated by monetary gains. The group resides in Russia or former Soviet states and may be tolerated by the local authorities. The US president Joe Biden said the Russian government had “some responsibility”; Russia distanced itself from the incident.
  +
  +
In the Toolkit, [[Scenario 14: Ransomware campaign|Scenario 14]] explores the legal questions regarding ransomware extortion campaigns. Given the indirect involvement of a State, [[Scenario 06: Cyber countermeasures against an enabling State|Scenario 06]] deals with the possible countermeasures deployed against an enabling State.
  +
</div>
  +
</option>
  +
<option weight="2">
  +
<!-- INCIDENT 15-->
  +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:HSE-logo-updated.jpg|left|150px]]
  +
On 14 May 2021, a [[Ireland’s Health Service Executive ransomware attack (2021)|ransomware attack targeted the Irish national healthcare service]] on both national and local levels, including several hospitals that had to cancel planned procedures. The day before, National Cyber Security Centre informed about a potential threat inside the Department of Health network, which spoiled the efforts of ransomware infiltration. The Department’s IT systems were preemptively shut down. The criminal investigation is focusing on the Wizard Spider gang that is operating from Saint Petersburg in Russia according to intelligence agencies. The Minister for Foreign Affairs of Ireland Simon Coveney said he has spoken to his Russian counterpart, Sergey Lavrov, about the cyber attack. Although most of the systems were operable a month later, its complete recovery may take up to 6 months.
  +
  +
In the Toolkit, [[Scenario 14: Ransomware campaign|Scenario 14]] explores the legal questions regarding ransomware extortion campaigns. Given the indirect involvement of a State, [[Scenario 06: Cyber countermeasures against an enabling State|Scenario 06]] deals with the possible countermeasures deployed against an enabling State. [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] focuses on cyber operations against medical facilities.
  +
</div>
  +
</option>
  +
<option weight="2">
  +
<!-- INCIDENT 16-->
  +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Emblem of the African Union.png|left|150px]]
  +
The first sign of an [[African Union headquarters hack (2020)|malicious cyber activity targeting the headquarters of the African Union in Addis Ababa]] was spotted in January 2020. The suspected actor is the "Bronze President", a hacker group allegedly residing in China. The perpetrators obtained data from the headquarters’ IT system. The data was only transmitted during work hours, which concealed it in the regular data stream. China distanced itself from the activity claiming the incident was supposed to damage Sino-African relations.
  +
  +
In the context of the incident, the main issue is the responsibility of the host State for providing the security of the international organisation, which is developed in [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]].
  +
</div>
 
</option>
 
</option>
   
 
</choose>
 
</choose>
  +
<h2 id="mp-other" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Quick links</h2>
  +
<div id="mp-other-content" style="padding:0.1em 0.6em;">
  +
*'''[[FAQ]]''' – Frequently asked questions about the project and the Toolkit.
  +
*'''[[List of articles|All articles]]''' – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
  +
*'''[[Keywords]]''' – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
  +
* [[List_of_articles#Legal_concepts|'''Legal concepts''']] – Overview of all legal concepts from different branches of international law used across the Toolkit content.
  +
* [[List_of_articles#Real-world_examples|'''Examples''']] – List of real-world incidents that have inspired the analysis in the Toolkit.
  +
* [[List_of_articles#National_positions|'''National positions''']] (<span style="color:red">'''NEW!'''</span>) – List of publicly available national positions on the application of international law to cyber operations.
  +
*'''[[Glossary]]''' – Glossary of the technical terms used in the Toolkit.
  +
*'''[[Short form citation]]''' – Abbreviated references for the most commonly used citations in the Toolkit.
  +
*'''[[Bibliography]]''' – Bibliography of resources used in the creation and development of the Toolkit.
  +
*'''[[People]]''' – List of all people involved in the projec{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}t (including scenario authors, peer reviewers, research assistants...).
  +
  +
  +
 
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2>
 
<h2 id="mp-otd-h2" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Behind the scenes</h2>
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported by the following six partner institutions: the [https://www.govcert.cz/en/ Czech National Cyber and Information Security Agency] (NÚKIB), the [https://www.icrc.org International Committee of the Red Cross] (ICRC), the [https://ccdcoe.org/ NATO Cooperative Cyber Defence Centre of Excellence] (CCDCOE), the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom, the [https://usnwc.edu/ U.S. Naval War College], United States, and [https://en.whu.edu.cn Wuhan University], China. The core of the project team consists of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. The pilot year of the project (2018/19) was supported through the [https://esrc.ukri.org/collaboration/collaboration-oportunities/impact-acceleration-accounts/ UK ESRC IAA Project Co-Creation] scheme. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 <!-- CHECK 2021-->[[People#Peer_reviewers|peer reviewers]]. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its first general annual update on 2 October 2020<!-- REPLACE WITH: most recent general annual update on 22 September 2021-->; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.</div>
+
<div id="mp-otd" style="padding:0.1em 0.6em 0.5em;">The project is supported by the following six partner institutions: the [https://www.govcert.cz/en/ Czech National Cyber and Information Security Agency] (NÚKIB), the [https://www.icrc.org International Committee of the Red Cross] (ICRC), the [https://ccdcoe.org/ NATO Cooperative Cyber Defence Centre of Excellence] (CCDCOE), the [https://www.exeter.ac.uk/ University of Exeter], United Kingdom, the [https://usnwc.edu/ U.S. Naval War College], United States, and [https://en.whu.edu.cn Wuhan University], China. The core of the project team consists of [https://socialsciences.exeter.ac.uk/law/staff/macak/ Dr Kubo Mačák] (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. <!-- The pilot year of the project (2018/19) was supported through the [https://esrc.ukri.org/collaboration/collaboration-oportunities/impact-acceleration-accounts/ UK ESRC IAA Project Co-Creation] scheme.--> The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 [[People#Peer_reviewers|peer reviewers]]. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 22 September 2021; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.</div>
 
|}
 
|}
 
<!-- END OF MIDDLE BOX -->
 
<!-- END OF MIDDLE BOX -->
 
<!-- SECTIONS AT BOTTOM OF PAGE -->
 
<!-- SECTIONS AT BOTTOM OF PAGE -->
  +
<!--
<div id="mp-lower" style="padding-top:4px; padding-bottom:2px; overflow:auto; border:1px solid #e2e2e2; overflow:auto; margin-top:4px;">
 
  +
<div id="mp-lower" style="padding-top:4px; padding-bottom:2px; overflow:auto; border:1px solid #e2e2e2; overflow:auto; margin-top:4px;"><h2 id="mp-other" style="margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Call for submissions</h2>
  +
Cyber Law Toolkit is now inviting submissions for its next general update in 2022. Successful authors will be awarded an honorarium. This call for submissions is open until '''1 November 2021'''. Full text of the call with submission dates and contacts is available for download here: [https://static.miraheze.org/cyberlawwiki/0/0d/Call_for_submissions_2021-22.pdf Call for submissions (PDF)]
  +
-->
  +
<!-- REMOVED OLD OTHER RESOURCES BOX
 
<h2 id="mp-other" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">Other resources</h2>
 
<h2 id="mp-other" style="margin:0.5em; background:#eeeeee; border:1px solid #ddd; color:#222; padding:0.2em 0.4em; font-size:120%; font-weight:bold; font-family:inherit;">Other resources</h2>
 
<div id="mp-other-content" style="padding:0.1em 0.6em;">
 
<div id="mp-other-content" style="padding:0.1em 0.6em;">
Line 100: Line 149:
 
*'''[[Short form citation]]''' – Abbreviated references for the most commonly used citations in the Toolkit.
 
*'''[[Short form citation]]''' – Abbreviated references for the most commonly used citations in the Toolkit.
 
*'''[[Bibliography]]''' – Bibliography of resources used in the creation and development of the Toolkit.
 
*'''[[Bibliography]]''' – Bibliography of resources used in the creation and development of the Toolkit.
  +
*'''[[People]]''' – List of all people involved in the projec{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}t (including scenario authors, peer reviewers, research assistants...).-->
<!-- *'''[[Editing rules]]''' - Note on the editing of articles. Please read this if you would like to help us develop the content of the Toolkit. -->
 
*'''[[People]]''' – List of all people involved in the projec{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}}t (including scenario authors, peer reviewers, research assistants...).
 
<!-- CALL FOR SUBMISSIONS NOW INACTIVE
 
<h2>Call for submissions</h2>
 
Cyber Law Toolkit is now inviting submissions for its next general update in 2022. Successful authors will be awarded an honorarium. This call for submissions is open until 1 November 2020. Full text of the call with submission dates and contacts is available for download here: [ADD LINK HERE PDF]
 
END CALL FOR SUBMISSIONS SECTION -->
 
   
 
</div>
 
</div>
Line 124: Line 168:
 
</option>
 
</option>
 
<option>
 
<option>
<!-- INCIDENT 4-->
+
<!-- INCIDENT 4
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operators concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div>
 
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operators concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div>
 
</option>
 
</option>
 
<option>
 
<option>
<!-- INCIDENT 5-->
+
<!-- INCIDENT 5
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:IDF_Hamas.png|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:IDF_Hamas.png|left|150px]]
 
In early May 2019, hostilities flared up again in the context of the armed conflict between Israel and Palestine. According to [https://www.nytimes.com/2019/05/05/world/middleeast/gaza-rockets-israel-palestinians.html news reports], hundreds of rockets were fired on Israel, while the Israel Defense Forces (IDF) answered with artillery and airstrikes. Remarkably, the Israeli response included also a kinetic attack allegedly aimed at countering a hostile cyber operation conducted by Hamas. In particular, the IDF [https://twitter.com/IDF/status/1125066395010699264 announced on Twitter] that it had “thwarted an attempted Hamas cyber offensive” and subsequently conducted an air strike against the Hamas Cyber Headquarters. The announcement has sparked a [https://www.linkedin.com/pulse/retaliatory-cyber-attacks-legal-precedent-time-israel-singer/ debate] [https://www.lawfareblog.com/crossing-cyber-rubicon-overreactions-idfs-strike-hamas-cyber-facility whether] this operation sets a legal precedent from the perspective of international law. Within the Toolkit, [[Scenario 03: Cyber attack against the power grid|Scenario 03]] considers when a cyber operation may qualify as a use of force under international law and [[Scenario 12: Cyber operations against computer data|Scenario 12]] analyses aspects of the law of targeting with respect to cyber operations.</div>
 
In early May 2019, hostilities flared up again in the context of the armed conflict between Israel and Palestine. According to [https://www.nytimes.com/2019/05/05/world/middleeast/gaza-rockets-israel-palestinians.html news reports], hundreds of rockets were fired on Israel, while the Israel Defense Forces (IDF) answered with artillery and airstrikes. Remarkably, the Israeli response included also a kinetic attack allegedly aimed at countering a hostile cyber operation conducted by Hamas. In particular, the IDF [https://twitter.com/IDF/status/1125066395010699264 announced on Twitter] that it had “thwarted an attempted Hamas cyber offensive” and subsequently conducted an air strike against the Hamas Cyber Headquarters. The announcement has sparked a [https://www.linkedin.com/pulse/retaliatory-cyber-attacks-legal-precedent-time-israel-singer/ debate] [https://www.lawfareblog.com/crossing-cyber-rubicon-overreactions-idfs-strike-hamas-cyber-facility whether] this operation sets a legal precedent from the perspective of international law. Within the Toolkit, [[Scenario 03: Cyber attack against the power grid|Scenario 03]] considers when a cyber operation may qualify as a use of force under international law and [[Scenario 12: Cyber operations against computer data|Scenario 12]] analyses aspects of the law of targeting with respect to cyber operations.</div>
 
</option>
 
</option>
 
<option>
 
<option>
<!-- INCIDENT 6-->
+
<!-- INCIDENT 6
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Huawei featured incident - cropped.png|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Huawei featured incident - cropped.png|left|150px]]
 
In September 2019, Huawei released a [https://www.huawei.com/en/facts/voices-of-huawei/media-statement-regarding-reported-us-doj-probes-into-huawei?utm_medium=sm&utm_source=facts_twitter&utm_campaign=WSJOliviera media statement] accusing the US government of “disrupting” Huawei’s business operations with “every tool at its disposal” including the launch of “cyber attacks to infiltrate Huawei's intranet and internal information systems”. The accusation came three days after a [https://www.wsj.com/articles/u-s-prosecutors-probe-huawei-on-new-allegations-of-technology-theft-11567102622?mod=article_inline Wall Street Journal article] which had reported about the US Department of Justice investigations into Huawei for alleged technology theft. In the Toolkit, [[Scenario 09: Economic cyber espionage|Scenario 09]] assesses the lawfulness of economic cyber espionage under international law. In addition, [[Scenario 05: State investigates and responds to cyber operations against private actors in its territory|Scenario 05]] considers the legal limits to the exercise of law enforcement by one State in response to malicious cyber operations from another.</div>
 
In September 2019, Huawei released a [https://www.huawei.com/en/facts/voices-of-huawei/media-statement-regarding-reported-us-doj-probes-into-huawei?utm_medium=sm&utm_source=facts_twitter&utm_campaign=WSJOliviera media statement] accusing the US government of “disrupting” Huawei’s business operations with “every tool at its disposal” including the launch of “cyber attacks to infiltrate Huawei's intranet and internal information systems”. The accusation came three days after a [https://www.wsj.com/articles/u-s-prosecutors-probe-huawei-on-new-allegations-of-technology-theft-11567102622?mod=article_inline Wall Street Journal article] which had reported about the US Department of Justice investigations into Huawei for alleged technology theft. In the Toolkit, [[Scenario 09: Economic cyber espionage|Scenario 09]] assesses the lawfulness of economic cyber espionage under international law. In addition, [[Scenario 05: State investigates and responds to cyber operations against private actors in its territory|Scenario 05]] considers the legal limits to the exercise of law enforcement by one State in response to malicious cyber operations from another.</div>
 
</option>
 
</option>
 
<option>
 
<option>
<!-- INCIDENT 7-->
+
<!-- INCIDENT 7
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Turla featured incident - cropped.png|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Turla featured incident - cropped.png|left|150px]]
 
In October 2019, the UK’s National Cyber Security Centre (NCSC) and the US National Security Agency (NSA) issued a report on the activities of the hacker group Turla, suspected to be based in Russia. The report [https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims claimed] that two malicious tools – previously [https://www.ncsc.gov.uk/news/turla-group-malware identified] as being used by Turla – were Iranian in origin. Allegedly, Turla was now using these tools independently to exploit them for its own intelligence aims. While the report acknowledged the difficulties of attributing cyber operations, it claimed that Turla had had access to Iranian tools and thus had most likely compromised Iran’s operational as well as command-and-control infrastructure. The tools have allegedly [https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/ been used] for espionage against foreign governments, most likely in the [https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments Middle East]. Within the Toolkit, [[Scenario 02: Cyber espionage against government departments|scenario 02]] considers the legality of cyber espionage against government departments and [[Scenario 07: Leak of State-developed hacking tools|scenario 07]] considers the leak of State-developed hacking tools and their subsequent repurposing by malicious actors.</div>
 
In October 2019, the UK’s National Cyber Security Centre (NCSC) and the US National Security Agency (NSA) issued a report on the activities of the hacker group Turla, suspected to be based in Russia. The report [https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims claimed] that two malicious tools – previously [https://www.ncsc.gov.uk/news/turla-group-malware identified] as being used by Turla – were Iranian in origin. Allegedly, Turla was now using these tools independently to exploit them for its own intelligence aims. While the report acknowledged the difficulties of attributing cyber operations, it claimed that Turla had had access to Iranian tools and thus had most likely compromised Iran’s operational as well as command-and-control infrastructure. The tools have allegedly [https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/ been used] for espionage against foreign governments, most likely in the [https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments Middle East]. Within the Toolkit, [[Scenario 02: Cyber espionage against government departments|scenario 02]] considers the legality of cyber espionage against government departments and [[Scenario 07: Leak of State-developed hacking tools|scenario 07]] considers the leak of State-developed hacking tools and their subsequent repurposing by malicious actors.</div>
 
</option>
 
</option>
 
<option>
 
<option>
<!-- INCIDENT 8-->
+
<!-- INCIDENT 8
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]]
 
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div>
 
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div>

Latest revision as of 12:10, 8 November 2021

MainBanner21.jpg

__NONUMBEREDHEADINGS__

Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.