Editing Scenario 03: Cyber operation against the power grid

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
__NUMBEREDHEADINGS__
 
 
[[File:Scenario 03.jpg|alt=|thumb|© NATO CCD COE]]
 
[[File:Scenario 03.jpg|alt=|thumb|© NATO CCD COE]]
 
Intelligence services of a State compromise the supply chain of an industrial control system in another State, thereby gaining access to a part of its electric power grid. Subsequent operations bring down the grid, leading to prolonged blackouts. The scenario considers whether such incidents may amount to, among others, a prohibited use of force, an intervention in the internal affairs of another State, or a violation of the sovereignty of another State. Specific consideration is given to whether there exists a standalone obligation to refrain from conducting operations against critical infrastructure of other States through cyber means.  
 
Intelligence services of a State compromise the supply chain of an industrial control system in another State, thereby gaining access to a part of its electric power grid. Subsequent operations bring down the grid, leading to prolonged blackouts. The scenario considers whether such incidents may amount to, among others, a prohibited use of force, an intervention in the internal affairs of another State, or a violation of the sovereignty of another State. Specific consideration is given to whether there exists a standalone obligation to refrain from conducting operations against critical infrastructure of other States through cyber means.  
Line 22: Line 21:
  
 
=== Examples ===
 
=== Examples ===
* [[Industroyer – Crash Override (2016)]]
 
 
* [[Power grid cyberattack in Ukraine (2015)]]
 
* [[Power grid cyberattack in Ukraine (2015)]]
 +
* [[Stuxnet (2010)]]
 
* [[Steel mill in Germany (2014)]]
 
* [[Steel mill in Germany (2014)]]
* [[Stuxnet (2010)]]
 
  
 
== Legal analysis ==
 
== Legal analysis ==
Line 68: Line 66:
  
 
== Checklist ==
 
== Checklist ==
* [[Use of force]]:
+
* Use of force: Did the operation result in actual physical damage or injury to individuals?
** Did the operation result in actual physical damage or injury to individuals?
+
* Non-intervention: Did the operation bear on any of those matters in which States are allowed to decide freely?
* [[Prohibition of intervention]]:
+
* Non-intervention: Did the operation amount to a coercive act against the victim State?
** Did the operation bear on any of those matters in which States are allowed to decide freely?
+
* Sovereignty: What is the position of the client on whether sovereignty is a standalone primary rule of international law?
** Did the operation amount to a coercive act against the victim State?
+
* Sovereignty: Were any individuals associated with an outside State physically present in the domestic State’s territory without the latter’s consent?
* [[Sovereignty]]:
+
* Sovereignty: Did the operation occasion a loss of functionality of cyber infrastructure?
** What is the position of the client on whether sovereignty is a standalone primary rule of international law?
+
* Sovereignty: Did the operation interfere with or usurp inherently governmental functions of another State?
** Were any individuals associated with an outside State physically present in the domestic State’s territory without the latter’s consent?
+
* Critical infrastructure: What is the position of the client on whether there is a standalone rule prohibiting cyber operations against critical national infrastructure?
** Did the operation occasion a loss of functionality of cyber infrastructure?
 
** Did the operation interfere with or usurp inherently governmental functions of another State?
 
* Critical infrastructure:
 
** What is the position of the client on whether there is a standalone rule prohibiting cyber operations against critical national infrastructure?
 
  
 
== Appendixes ==
 
== Appendixes ==
Line 88: Line 82:
 
* [[Use of force]]
 
* [[Use of force]]
 
* [[Scenario 06: Cyber countermeasures against an enabling State]]
 
* [[Scenario 06: Cyber countermeasures against an enabling State]]
* [[Scenario 14: Ransomware campaign]]
 
  
 
=== Notes and references ===
 
=== Notes and references ===

Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)