Main Page: Difference between revisions
(minor fixes to code of new incidents (18-20)) |
(fixing UN emblem) |
||
Line 98: | Line 98: | ||
<option weight="2"> |
<option weight="2"> |
||
<!-- INCIDENT 18--> |
<!-- INCIDENT 18--> |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File: |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:UN emblem blue.svg|left|150px]] |
||
On 9 September 2021, Bloomberg [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year reported] that the United Nations’ computer networks had been breached as of April that year. The cyber operation was first alerted to the UN by a cybersecurity company and later [https://www.un.org/sg/en/content/sg/note-correspondents/2021-09-09/note-correspondents-response-questions-about-reported-cyberattack confirmed] by the UN Secretary General’s spokesperson who said that corrective actions were being implemented to mitigate the impact. Although there was no reported damage to the UN systems, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ analysts] suggested that some of the exfiltrated data could be used to support future attacks against the UN or its agencies. Within the Toolkit, a similar operational methodology is addressed in [[Scenario 02: Cyber espionage against government departments |Scenario 02]], while [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]], specifically analyzes a hypothetical situation in which an international organization falls victim to cyber-attacks, and [[Scenario 12: Cyber operations against computer data|Scenario 12]] considers cyber operations against computer data. |
On 9 September 2021, Bloomberg [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year reported] that the United Nations’ computer networks had been breached as of April that year. The cyber operation was first alerted to the UN by a cybersecurity company and later [https://www.un.org/sg/en/content/sg/note-correspondents/2021-09-09/note-correspondents-response-questions-about-reported-cyberattack confirmed] by the UN Secretary General’s spokesperson who said that corrective actions were being implemented to mitigate the impact. Although there was no reported damage to the UN systems, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ analysts] suggested that some of the exfiltrated data could be used to support future attacks against the UN or its agencies. Within the Toolkit, a similar operational methodology is addressed in [[Scenario 02: Cyber espionage against government departments |Scenario 02]], while [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]], specifically analyzes a hypothetical situation in which an international organization falls victim to cyber-attacks, and [[Scenario 12: Cyber operations against computer data|Scenario 12]] considers cyber operations against computer data. |
||
</div> |
</div> |
Revision as of 15:37, 14 June 2022
About the projectThe Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.
Cyber law scenarios |
Featured incidentOn 7 May 2021, the Colonial Pipeline Company, one of the biggest fuel suppliers in the USA, experienced a ransomware attack. The perpetrators used a breach of a work account that allowed remote access to the internal network. The attack caused theft of nearly 100 GB of data, disruption of the company’s accountancy and preventive closure of the distributive network. These actions resulted in a panic that led to a buyout of fuel, a steep rise in its prices and fuel shortages. Governors of several US states declared a state of emergency. According to the FBI, the perpetrator is believed to be the DarkSide gang, a private Russian speaking group motivated by monetary gains. The group resides in Russia or former Soviet states and may be tolerated by the local authorities. The US president Joe Biden said the Russian government had “some responsibility”; Russia distanced itself from the incident. In the Toolkit, Scenario 14 explores the legal questions regarding ransomware extortion campaigns. Given the indirect involvement of a State, Scenario 06 deals with the possible countermeasures deployed against an enabling State. Quick links
Behind the scenesThe project is supported by the following six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China. The core of the project team consists of Dr Kubo Mačák (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 peer reviewers. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 22 September 2021; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.
|