Difference between revisions of "Scenario 10: Legal review of cyber weapons"

Jump to navigation Jump to search
 
=== Facts ===
State A develops new sophisticated malware designed to weaken the military capacity of its adversaries in times of armed conflict. The software is capable of replicating itself through cyber infrastructure.
State A develops new sophisticated malware designed to weaken the military capacity of its adversaries in times of armed conflict. The software is capable of replicating itself through cyber infrastructure. Once installed in a host system, the malware assesses it for the presence of a specific programmable logic controller (PLC) used by several States for the purposes of automated maintenance of military equipment. If it does not detect this specific PLC in a given host system, it attempts to further spread through any connected networks and then it shuts itself down in that particular host system. However, if the detection is positive, the malware uses a vulnerability in the PLC to slightly alter the maintenance process. The effect of this alteration is that instead of servicing the equipment in question, the maintenance machines damage it and thus render it unusable. Tests in controlled environment show that whenever the malware is installed in a host system, it causes it to significantly slow down for a short period of time. However, it is not expected to cause physical damage unless the target PLC is detected in a specific host system.
 
State A develops new sophisticated malware designed to weaken the military capacity of its adversaries in times of armed conflict. The software is capable of replicating itself through cyber infrastructure. Once installed in a host system, the malware assesses it for the presence of a specific programmable logic controller (PLC) used by several States for the purposes of automated maintenance of military equipment. If it does not detect this specific PLC in a given host system, it attempts to further spread through any connected networks and then it shuts itself down in that particular host system. However, if the detection is positive, the malware uses a vulnerability in the PLC to slightly alter the maintenance process. The effect of this alteration is that instead of servicing the equipment in question, the maintenance machines damage it and thus render it unusable. Tests in controlled environment show that whenever the malware is installed in a host system, it causes it to significantly slow down for a short period of time. However, it is not expected to cause physical damage unless the target PLC is detected in a specific host system.
 
The effect of this alteration is that instead of servicing the equipment in question, the maintenance machines damage it and thus render it unusable. Tests in controlled environment show that whenever the malware is installed in a host system, it causes it to significantly slow down for a short period of time. However, it is not expected to cause physical damage unless the target PLC is detected in a specific host system.
 
=== Similar real-world incidents ===