Main Page: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
m (removed incident 16) |
(fixing end of remarks) |
||
Line 195: | Line 195: | ||
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div> |
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div> |
||
</option> |
</option> |
||
<!-- INCIDENT 9 |
<!-- INCIDENT 9 |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Unemblem.gif|left|150px]] |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Unemblem.gif|left|150px]] |
||
On 29 January 2020, ''The New Humanitarian'' [https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack?utm_source=The+New+Humanitarian&utm_campaign=c8dddbbc45-EMAIL_CAMPAIGN_2020_01_29&utm_medium=email&utm_term=0_d842d98289-c8dddbbc45-75573037 reported] that dozens of servers were “compromised” at the United Nations offices in Geneva and Vienna. The attack dated back to July 2019 and affected staff records, health insurance, and commercial contract data. According to an unnamed UN official cited in an Associated Press [https://apnews.com/0d958e15d7f5081dd612f07482f48b73 report] on the same day, the level of sophistication was so high that it was possible a State-backed actor might have been behind it. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, the impact of which could and should have been averted by the host State.</div> |
On 29 January 2020, ''The New Humanitarian'' [https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack?utm_source=The+New+Humanitarian&utm_campaign=c8dddbbc45-EMAIL_CAMPAIGN_2020_01_29&utm_medium=email&utm_term=0_d842d98289-c8dddbbc45-75573037 reported] that dozens of servers were “compromised” at the United Nations offices in Geneva and Vienna. The attack dated back to July 2019 and affected staff records, health insurance, and commercial contract data. According to an unnamed UN official cited in an Associated Press [https://apnews.com/0d958e15d7f5081dd612f07482f48b73 report] on the same day, the level of sophistication was so high that it was possible a State-backed actor might have been behind it. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, the impact of which could and should have been averted by the host State.</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 10 |
<!-- INCIDENT 10 |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:EUCouncil.png|left|150px]] |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:EUCouncil.png|left|150px]] |
||
On 30 July 2020, the Council of the European Union [https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ decided] to impose restrictive measures against six individuals and three entities considered to be responsible for or involved in various hostile cyber operations. These included the [[Attempted hack of the OPCW (2018)|attempted hack of the Organization for the Prohibition of Chemical Weapons (OPCW)]] and the [[WannaCry (2017)|WannaCry]] and [[NotPetya (2017)|NotPetya]] incidents. The sanctions imposed included a travel ban and an asset freeze. In addition, EU persons and entities were prohibited from making funds available to those listed. This was the first time the EU has imposed restrictive measures of this kind. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, and [[Scenario 17: Collective responses to cyber operations|Scenario 17]] discusses the legality of targeted restrictive measures of this kind from the perspective of international law.</div> |
On 30 July 2020, the Council of the European Union [https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ decided] to impose restrictive measures against six individuals and three entities considered to be responsible for or involved in various hostile cyber operations. These included the [[Attempted hack of the OPCW (2018)|attempted hack of the Organization for the Prohibition of Chemical Weapons (OPCW)]] and the [[WannaCry (2017)|WannaCry]] and [[NotPetya (2017)|NotPetya]] incidents. The sanctions imposed included a travel ban and an asset freeze. In addition, EU persons and entities were prohibited from making funds available to those listed. This was the first time the EU has imposed restrictive measures of this kind. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, and [[Scenario 17: Collective responses to cyber operations|Scenario 17]] discusses the legality of targeted restrictive measures of this kind from the perspective of international law.</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 11 |
<!-- INCIDENT 11 |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]] |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]] |
||
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad; [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] and [[Scenario 23: Vaccine research and testing|Scenario 23]] both focus on various cyber operations against hospitals.</div> |
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad; [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] and [[Scenario 23: Vaccine research and testing|Scenario 23]] both focus on various cyber operations against hospitals.</div> |
||
</option> |
</option> |
||
<option> |
<option> |
||
<!-- INCIDENT 16 |
<!-- INCIDENT 16 |
||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Emblem of the African Union.svg|left|150px]] |
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Emblem of the African Union.svg|left|150px]] |
||
The first sign of an [[African Union headquarters hack (2020)|malicious cyber activity targeting the headquarters of the African Union in Addis Ababa]] was spotted in January 2020. The suspected actor is the "Bronze President", a hacker group allegedly residing in China. The perpetrators obtained data from the headquarters’ IT system. The data was only transmitted during work hours, which concealed it in the regular data stream. China distanced itself from the activity claiming the incident was supposed to damage Sino-African relations. |
The first sign of an [[African Union headquarters hack (2020)|malicious cyber activity targeting the headquarters of the African Union in Addis Ababa]] was spotted in January 2020. The suspected actor is the "Bronze President", a hacker group allegedly residing in China. The perpetrators obtained data from the headquarters’ IT system. The data was only transmitted during work hours, which concealed it in the regular data stream. China distanced itself from the activity claiming the incident was supposed to damage Sino-African relations. |
Revision as of 15:31, 14 June 2022
About the projectThe Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.
Cyber law scenarios |
Featured incident
On 13 December 2020, FireEye announced the discovery of an ongoing supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware. The victims included many U.S. governmental organisations (such as the Department of Homeland Security, the Department of Energy, or the Treasury) and businesses (including Microsoft, Cisco, or Deloitte). Once the systems were infected, hackers could transfer files, execute files, profile the system, reboot the machines, or disable system services. The U.S. government has attributed the attack to an ‘Advanced Persistent Threat Actor, likely Russian in origin’. Even though the campaign’s full scope remains unknown, recovering from the hack and conducting investigations may take up to 18 months. In the Toolkit, data theft and cyber espionage against government departments are analysed in Scenario 02. Given that private sector organizations were among the victims, Scenario 09 on economic cyber espionage is also relevant.
Quick links
Behind the scenesThe project is supported by the following six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China. The core of the project team consists of Dr Kubo Mačák (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 peer reviewers. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 22 September 2021; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.
|