Scenario 16: Cyber attacks against ships on the high seas
Jump to navigation
Jump to search
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
fill this in!
===Facts=== <b>[F1] </b>State A and several other States have all agreed to pass domestic legislation that prevents companies incorporated in their territory from selling certain prohibited goods to State C. State A argues that this is justified by security concerns about how these goods would be used. The legislation grants State A the power to request the cargo manifests of ships bound for State C which depart from any of State A’s ports as well as the power to search any of State A’s flagged ships for the prohibited goods. State B has refused to follow State A’s actions and publicly stated that it does not believe the goods should be prohibited, and would continue to permit the sale of these goods to State C. The sale of these goods has not been prohibited under international law. <b>[F2] </b>State A has since made numerous public statements criticising State B for not passing similar legislation. In these statements, State A has suggested it might stop and investigate ships that depart from State B and are under State B’s jurisdiction that are bound for State C if there are reasonable grounds to believe that there are prohibited goods on-board. In response, State B has sent two warships to the high seas that are adjacent to the exclusive economic zone of State A, to prevent any searches. <b>[F3] </b>A month after State A enacted the legislation, State B discovers that the cyber infrastructure belonging to government custom officials in State B’s main port has been breached. State B determines that the breach originated from a targeted [[Glossary#spear-phishing|spear-phishing]] campaign against the computer systems in the customs agency headquarters. Malware installed as a result of the spear-phishing campaign has enabled the perpetrator to gain access to the shipping schedules and cargo manifests belonging to many of the ships that have departed from State B, destined for State C. This information has been classed as sensitive by State B in the aftermath of the legislation passed by State A and others. In the following days, State B traces the cyber operation to the Cyber Branch of State A’s military (<b>incident 1</b>). <b>[F4] </b>Two weeks after the discovery of the unauthorised access into the computer systems of the customs agency, State B’s coastguard (a branch of State B’s military force) receives a distress signal from a merchant vessel registered to State B. The captain of the vessel states that their on-board navigational systems are suffering from significant interference as they sail through the high seas adjacent to State A’s exclusive economic zone, making navigation dangerous and increasing the risk to the crew and the vessel. An investigation traces the interference to an Advanced Persistent Threat (APT) group that has achieved a foothold in the ship’s network through a spear-phishing campaign targeting crew members. The network was not [[Glossary#Network_segmentation|segmented]], thus giving the APT group real-time access to multiple systems across the ship, including the navigation systems. The sophistication of the APT operation, and the similarity with the above described spear-phishing campaign against State B’s government customs officials, leads State B to attribute the operation to the Cyber Branch in State A (<b>incident 2</b>). <b>[F5] </b>To protect the merchant vessel from any possible boarding threat, State B’s coastguard commands one of the nearby warships dispatched to the high seas to assist the merchant vessel. The warship reports that there has been disruption to its navigational radar capabilities and that it is unable to locate the merchant vessel. State B traces the source of the interference to the same APT group responsible for the interference with the merchant vessel’s on-board navigational systems. State B therefore attributes the interference to the Cyber Branch in State A (<b>incident 3</b>). <b>[F6] </b>To end both operations, State B infects a computer in the Foreign Office of State A with a virus designed to render the machine permanently unusable, and that spreads across the network to other computers. In the aftermath of incident 1 and whilst the cyber operation was continuing against the customs officials<i>, </i>this weakness was identified by State B as being exploitable if needed. State A’s Foreign Office shares a building with the Cyber Unit, and it is believed by State B that they may share the same network. The purpose is to stop the cyber operations of State A against State B, conducted by State A’s Cyber Branch (<b>incident 4</b>). <b>[F7]</b> All concerned States are parties to the United Nations Convention on the Law of the Sea (UNCLOS).<ref>[https://www.un.org/depts/los/convention_agreements/texts/unclos/unclos_e.pdf United Nations Convention on the Law of the Sea] (adopted 10 December 1982, entered into force 16 November 1994) 1833 UNTS 3 (UNCLOS).</ref>
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see
International cyber law: interactive toolkit:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
(opens in new window)
Retrieved from "
Not logged in
What links here
Get shortened URL