Editing Scenario 05: State investigates and responds to cyber operations against private actors in its territory

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 17: Line 17:
 
'''[F4]''' The technical aspects of the first incident, or rather its lack of sophistication, seem to suggest that the attackers were just an amateur group. By contrast, the scale of the second incident indicates that a State actor could have been involved in some capacity. Also, most of the group’s activities seem to originate from the territory of State B, although the persons involved and their exact location are unknown to State A.
 
'''[F4]''' The technical aspects of the first incident, or rather its lack of sophistication, seem to suggest that the attackers were just an amateur group. By contrast, the scale of the second incident indicates that a State actor could have been involved in some capacity. Also, most of the group’s activities seem to originate from the territory of State B, although the persons involved and their exact location are unknown to State A.
   
'''[F5]''' Considering that States A and B have not had mutual diplomatic relations for many years, that State B is uncooperative in mutual legal assistance requests, and that there is a risk of destruction of evidence by State B, State A decides to remotely access several computers in the territory of State B without State B’s consent, in the course of a criminal investigation by State A’s cyber police unit in coordination with its intelligence service (<b>incident 3</b>).
+
'''[F5]''' <!-- In relation to countermeasures, the legal analysis implies that 'urgent countermeasures' were relevant for the factual scenario. But incident 3 wasn't really inending to stop State B's illegal ativity, but rather to gain more evidence for purposes of criminal investigation. Would urgent countermeasures really dispose of the notification and negotiation requirement in these circumstances? -->requests, and that there is a risk of destruction of evidence by State B, State A decides to remotely access several computers in the territory of State B without State B’s consent, in the course of a criminal investigation by State A’s cyber police unit in coordination with its intelligence service (<b>incident 3</b>).
   
 
'''[F6]''' During the cyber operation against State B, State A discovers that a minority of the malicious activities indeed originated from the network of the General Staff of the Armed Forces of State B (<b>incident 4</b>). State A is also able to identify some of the individuals responsible for the attacks and consequently issues public arrest warrants for these individuals, two of whom happen to be military personnel of State B serving in cyber intelligence (<b>incident 5</b>).
 
'''[F6]''' During the cyber operation against State B, State A discovers that a minority of the malicious activities indeed originated from the network of the General Staff of the Armed Forces of State B (<b>incident 4</b>). State A is also able to identify some of the individuals responsible for the attacks and consequently issues public arrest warrants for these individuals, two of whom happen to be military personnel of State B serving in cyber intelligence (<b>incident 5</b>).
Line 90: Line 90:
 
'''[L17]''' Following from the above analysis of sovereignty, incident 2 (the deletion of data leading to a loss of functionality) is contrary to the rights of State A, and would have been unlawful if conducted by State B. It would be more difficult to similarly qualify incident 1 (the DDoS attack).
 
'''[L17]''' Following from the above analysis of sovereignty, incident 2 (the deletion of data leading to a loss of functionality) is contrary to the rights of State A, and would have been unlawful if conducted by State B. It would be more difficult to similarly qualify incident 1 (the DDoS attack).
   
'''[L18]''' The cyber activities leading to incident 2 were conducted from the cyber infrastructure in the territory of State B; however, State B’s due diligence obligation is not breached solely by the fact that these incidents happened, even though they may have resulted in serious adverse consequences and were contrary to the rights of State A. State A would have to prove that State B had an actual or constructive knowledge of the harmful cyber activities at the time they were launched, and that it neglected its duty to terminate them.
+
'''[L18]''' The cyber activities leading to incident 2 were conducted from the cyber infrastructure in the territory of State B; however, State B’s due diligence obligation is not breached solely by the fact that these incidents happened, even though they resulted in serious adverse consequences and were contrary to the rights of State A.<!-- The point whether he threshold of serious adverse consequences is met on the facts of the scenario merits further discussion - the interference was pretty limited in scope and temporal effect. --> State A would have to prove that State B had an actual or constructive knowledge of the harmful cyber activities at the time they were launched, and that it neglected its duty to terminate them.
   
 
'''[L19]''' The information that some of the harmful cyber activities were launched from State B’s government infrastructure is available to State A from incident 4 onwards. Even if it cannot be proved that State B actually gave orders to its organs, or instructed or directed the non-State actors (“State B Digital Army”) to conduct the DDoS attacks and data deletion (see the section on attribution above), the constructive knowledge requirement (“should have known”) likely triggers the breach of its due diligence obligation for the activities originating from its government cyber infrastructure.<ref>[https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 6, para 40.</ref> State B could argue that its government infrastructure was taken over by non-State actors or a third State, or that it did what was to be expected from a reasonable State to terminate the activities, but the burden of proof would then shift to its side.<ref>Cf. Joanna Kulesza, <i>Due Diligence in International Law</i> (Brill Nijhoff 2016) 53.</ref>
 
'''[L19]''' The information that some of the harmful cyber activities were launched from State B’s government infrastructure is available to State A from incident 4 onwards. Even if it cannot be proved that State B actually gave orders to its organs, or instructed or directed the non-State actors (“State B Digital Army”) to conduct the DDoS attacks and data deletion (see the section on attribution above), the constructive knowledge requirement (“should have known”) likely triggers the breach of its due diligence obligation for the activities originating from its government cyber infrastructure.<ref>[https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 6, para 40.</ref> State B could argue that its government infrastructure was taken over by non-State actors or a third State, or that it did what was to be expected from a reasonable State to terminate the activities, but the burden of proof would then shift to its side.<ref>Cf. Joanna Kulesza, <i>Due Diligence in International Law</i> (Brill Nijhoff 2016) 53.</ref>

Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)