Scenario 06: Cyber countermeasures against an enabling State
Jump to navigation
Jump to search
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
fill this in!
== Scenario == === Keywords === Countermeasures, critical infrastructure, DDoS, due diligence, international co-operation, non-State actors === Facts === '''[F1]''' State A is generally considered to possess advanced cyber capabilities, including detection and incident reaction capabilities. However, it has come under a growing criticism that it does not do enough to thwart malicious cyber activities that originate from or transit through its territory. Several States have made public statements in international fora complaining that their requests for assistance submitted to State A’s authorities had been ignored. Nonetheless, State A’s public response has been to maintain that it had attended to all reasonable requests received from other States. '''[F2]''' Following an aircraft crash in State B involving scores of casualties, caused apparently by a fault in the air traffic control system of State B’s receiving airport, its domestic forensic investigation concludes that the fault had been caused by a premeditated cyber operation originating from the territory of State A and that it cannot be excluded that the operation will be repeated. State B’s relevant authorities submit a request for an urgent assistance to State A, asking that more information be provided on specific actors and that the infrastructure identified in the request be investigated and command and control servers shut down immediately. '''[F3]''' Several days later, the foreign ministry of State B issues a statement claiming that no response has been received from State A to the request for assistance. The statement further says that it considers the matter to be one of utmost importance for its national security and expresses grave concerns about impact on mutual relations. On the same day, the foreign ministry of State A responds with a public statement noting that while it cannot comment on any ongoing investigation, its general policy is to attend to all reasonable requests for assistance received from other States. It adds that in any event its domestic laws do not allow it to intervene in privately owned cyber infrastructure. '''[F4]''' One week after this exchange of statements, hundreds of State A’s government servers come under sustained large-scale distributed denial-of-service (DDoS) attacks. As a result, many public services ordinarily provided to the population of State A by online means become unavailable, including the system of e-health prescriptions, lodging of e-tax returns, and e-ticketing on public transport across the country. === Examples === *[[Colonial Pipeline ransomware attack (2021)]] *[[Springhill Medical Center ransomware attack (2019)]] *[[DNC email leak (2016)]] *[[Office of Personnel Management data breach (2015)]] *[[Sony Pictures Entertainment attack (2014)]] *[[Cyber attacks against Estonia (2007)]] <!-- *[[Sands Casino hack (2014)]] *[[Operation Ababil (2012-2013)]] -->
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see
International cyber law: interactive toolkit:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
(opens in new window)
Retrieved from "
Not logged in
What links here
Get shortened URL