Main Page: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(major update - featured incidents) |
No edit summary |
||
Line 45: | Line 45: | ||
<choose uncached> |
<choose uncached> |
||
<option> |
<option> |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:NCSC-GRU.png|left| |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:NCSC-GRU.png|left|150px]] |
||
On 4 October 2018, the UK National Cyber Security Centre issued a [https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed statement] accusing the Russian military intelligence service (generally referred to under its previous abbreviation GRU for ''Glavnoye razvedyvatel'noye upravleniye'') of a series of cyber attacks “conducted in flagrant violation of international law”. These attacks have ranged from [[DNC email leak (2016)|hacking the Democratic National Committee]] in the US and publishing its documents online, to attempting to compromise the UK Foreign and Commonwealth Office systems through a spearphishing attack, to using ransomware to cause disruption to Ukrainian public transport systems. Some of these attacks allegedly attributable to the GRU display factual pattern similar to several of the toolkit scenarios. In particular, [[Scenario 01: Election interference|Scenario 01]] considers the law relevant to electoral interference using cyber means; [[Scenario 02: Cyber espionage against government departments|Scenario 02]] considers the extent to which cyber espionage targeted against another State’s foreign ministry violates international law; and [[Scenario 03: Cyber attack against the power grid|Scenario 03]] looks at the extent to which disruption of public utilities and other critical infrastructure violates international law.</div></option> |
On 4 October 2018, the UK National Cyber Security Centre issued a [https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed statement] accusing the Russian military intelligence service (generally referred to under its previous abbreviation GRU for ''Glavnoye razvedyvatel'noye upravleniye'') of a series of cyber attacks “conducted in flagrant violation of international law”. These attacks have ranged from [[DNC email leak (2016)|hacking the Democratic National Committee]] in the US and publishing its documents online, to attempting to compromise the UK Foreign and Commonwealth Office systems through a spearphishing attack, to using ransomware to cause disruption to Ukrainian public transport systems. Some of these attacks allegedly attributable to the GRU display factual pattern similar to several of the toolkit scenarios. In particular, [[Scenario 01: Election interference|Scenario 01]] considers the law relevant to electoral interference using cyber means; [[Scenario 02: Cyber espionage against government departments|Scenario 02]] considers the extent to which cyber espionage targeted against another State’s foreign ministry violates international law; and [[Scenario 03: Cyber attack against the power grid|Scenario 03]] looks at the extent to which disruption of public utilities and other critical infrastructure violates international law.</div></option> |
||
<option> |
<option> |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:SingHealth_logo.jpg|left| |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:SingHealth_logo.jpg|left|150px]] |
||
In July 2018, Singapore’s health system (SingHealth) was infiltrated by malware and the personal particulars of about 1.5 million people were [https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html stolen]. Among the victims of the hack were some prominent Singaporean politicians, including the prime minister. Only data containing personal information of the patients like name, date of birth, address, gender, etc was taken. However, the records were neither deleted nor edited. According to the [https://www.youtube.com/watch?time_continue=28&v=RsjUUgGpqA8 statement] of the Health Minister Gan Kim Yong, this attack was “unprecedented”. The professionalism with which the attack was conducted and the fact that records of politicians were affected made the Cyber Security Agency of Singapore (CSA) and the government suspect that another State may have been [https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security involved]. Yet, no specific allegations have been made in this regard. Although none of the existing scenarios analyses a cyber incident involving patient records, the cyber operations against SingHealth is related to scenarios [[Scenario 01: Election interference|01]] and [[Scenario 02: Cyber espionage against government departments|02]], which consider whether exfiltration of data amounts to a violation of State sovereignty.</div> |
In July 2018, Singapore’s health system (SingHealth) was infiltrated by malware and the personal particulars of about 1.5 million people were [https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html stolen]. Among the victims of the hack were some prominent Singaporean politicians, including the prime minister. Only data containing personal information of the patients like name, date of birth, address, gender, etc was taken. However, the records were neither deleted nor edited. According to the [https://www.youtube.com/watch?time_continue=28&v=RsjUUgGpqA8 statement] of the Health Minister Gan Kim Yong, this attack was “unprecedented”. The professionalism with which the attack was conducted and the fact that records of politicians were affected made the Cyber Security Agency of Singapore (CSA) and the government suspect that another State may have been [https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security involved]. Yet, no specific allegations have been made in this regard. Although none of the existing scenarios analyses a cyber incident involving patient records, the cyber operations against SingHealth is related to scenarios [[Scenario 01: Election interference|01]] and [[Scenario 02: Cyber espionage against government departments|02]], which consider whether exfiltration of data amounts to a violation of State sovereignty.</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:DHS. |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:DHS.png|left|150px]] |
||
On 27 July 2018, the ''New York Times'' [https://www.nytimes.com/2018/07/27/us/politics/russian-hackers-electric-grid-elections-.html reported] a statement from the US Department of Homeland Security (DHS) that a 2017 cyber campaign by Russia had allegedly compromised the networks of several electrical utility companies in the US. The DHS [https://www.bbc.co.uk/news/technology-44937787 linked] the attack to the Russian group known as Dragonfly or Energetic Bear. The DHS [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 stated] that the attacks put the infiltrators in a position where they were capable of causing blackouts on the US territory. The department [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 cited] "hundreds of victims", greater than previously acknowledged. The statement was preceded by a [https://www.us-cert.gov/ncas/alerts/TA18-074A joint alert] issued by the DHS and the Federal Bureau of Investigation (FBI) in March 2018, warning network defenders of Russian threats to US critical infrastructure sectors including energy, water, and aviation. [[Scenario 03: Cyber attack against the power grid|Scenario 03]] specifically considers and assesses the impact of one State conducting a cyber operation against the electrical grid of another State.</div> |
On 27 July 2018, the ''New York Times'' [https://www.nytimes.com/2018/07/27/us/politics/russian-hackers-electric-grid-elections-.html reported] a statement from the US Department of Homeland Security (DHS) that a 2017 cyber campaign by Russia had allegedly compromised the networks of several electrical utility companies in the US. The DHS [https://www.bbc.co.uk/news/technology-44937787 linked] the attack to the Russian group known as Dragonfly or Energetic Bear. The DHS [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 stated] that the attacks put the infiltrators in a position where they were capable of causing blackouts on the US territory. The department [https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110 cited] "hundreds of victims", greater than previously acknowledged. The statement was preceded by a [https://www.us-cert.gov/ncas/alerts/TA18-074A joint alert] issued by the DHS and the Federal Bureau of Investigation (FBI) in March 2018, warning network defenders of Russian threats to US critical infrastructure sectors including energy, water, and aviation. [[Scenario 03: Cyber attack against the power grid|Scenario 03]] specifically considers and assesses the impact of one State conducting a cyber operation against the electrical grid of another State.</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left| |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:CyberCommand.jpg|left|150px]] |
||
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operatives concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div> |
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the [https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html media reports], the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operatives concerned. [[Scenario 01: Election interference|Scenario 01]] of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and [[Scenario 06: Cyber countermeasures against an enabling State|scenario 06]] considers whether the victim State may engage in [[Countermeasures|countermeasures]] against an enabling State.</div> |
||
</option> |
</option> |
Revision as of 16:18, 5 February 2019
About the projectThe Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. You can explore the Toolkit in a number of different ways. At its heart, the Toolkit consists of 13 (and counting) hypothetical scenarios, each of which contains a description of cyber incidents inspired by real-world examples accompanied by detailed legal analysis. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; or by reading about individual real-world examples that had inspired the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.
Cyber law scenarios |
Featured incident
Prior to the US midterm elections in 2018, the US Cyber Command implemented a new preventive strategy in order to protect the elections from foreign interference. According to the media reports, the strategy was aimed at preventing Russian individuals from engaging in concerted disinformation campaigns. The targeted individuals were informed that their work and online conduct would be surveilled by the US authorities. However, the US officials did not disclose the number of individuals they had contacted nor the method of transferring the warning to the operatives concerned. Scenario 01 of the Toolkit analyses whether specific forms of electoral interference abroad violate rules of international law and scenario 06 considers whether the victim State may engage in countermeasures against an enabling State.
Behind the scenesThe project is supported through the UK ESRC IAA Project Co-Creation scheme. Partner institutions include the University of Exeter, United Kingdom; NATO Co-operative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia; and the Czech National Cyber and Information Security Agency (NCISA) in Brno, Czechia. The project team is composed of Dr Kubo Mačák (Exeter); Mr Tomáš Minárik (CCD COE); and Ms Taťána Jančárková (NCISA). The individual scenarios and the Toolkit as such have been reviewed by a team of over 20 peer reviewers. The Toolkit was formally launched on [XX] May 2019 in Tallinn, Estonia, and it is continuously updated by a team led by Mr Minárik. For questions about the project including media enquiries, please contact us at [projectadress]@exeter.ac.uk.
|
Other resources
- FAQ – Frequently asked questions about the project and the Toolkit.
- All articles – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
- Keywords – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
- Examples – List of real-world incidents that have inspired the analysis in the Toolkit.
- Glossary – Glossary of the technical terms used in the Toolkit.
- Short form citation – Abbreviated references for the most commonly used citations in the Toolkit.
- Bibliography – Bibliography of resources used in the creation and development of the Toolkit.
- People – List of all people involved in the project (including scenario authors, peer reviewers, research assistants...).