• Home

  • Documents

  • Cyberwarfare - Political 1 and 2mun.mcsoxford.org/briefings/2019/Cyberwarfare - Political... ·...
3
Cyberwarfare Introduction Cyberwarfare defines any form of conflict conducted in cyberspace; i.e. the globally interconnected network of digital and telecommunications infrastructure. Hypothetical examples of cyberwarfare might include the use of malware to infect and incapacitate an adversary’s electrical power grid, nuclear reactor or water treatment systems. Given the technology and expertise required for large scale conflict of this type has emerged relatively recently, there is a distinct absence of legal conventions or geopolitical concurrence concerning both the scope of the term ‘cyberwarfare’ (i.e. as distinct from non-aggressive cyber operations) and the responsibilities of cyber belligerents under international humanitarian law. The need for a defined regulatory scheme and precise codification of these principles was highlighted by UN Secretary General Antonio Guterres in February 2018. Furthermore, the risk of interference or aggression by non-state actors is particular aggravated in the case of cyberwarfare due to the publicly accessible nature of cyberspace and transnational nature of communication infrastructures. This, combined with the impediments to formal accountability posed by botnets, IP spoofing etc. compounds the need for international cooperation in the formulation of cyber legislation. Recent Case Studies Stuxnet — In June 2010, an Iranian nuclear facility at Natanz was infiltrated by the Stuxnet virus, resulting in the destruction of 1000+ nuclear centrifuges. Stuxnet is widely believed to be the product of an unacknowledged covert campaign by the US and Israeli intelligence services, Operation Olympic Games. US Election —In 2017, the US accused Russian intelligence services of conducting cyber operations against targets associated with the 2016 Presidential election; specifically, that they maintained access to the Democratic National Committee networks from June 2015 - July 2016 to exfiltrate large quantities of sensitive information which were then publicly disclosed via WikiLeaks. US military — In 2014, a probe of the US Senate Armed Committee claimed to have found that hackers associated with the Chinese government had repeatedly infiltrated the computer systems of contractors affiliated with the US military. Saudi Aramco — In 2012, the Shamoon virus (a wiper logic bomb) was introduced into the computer system of Saudi Aramco, Saudi Arabia’s national oil company via an anonymous phishing email, supposedly by anonymous dissidents objecting to the oppressive regime of Abdullah bin Abdulaziz Al Saud.

Cyberwarfare - Political 1 and 2mun.mcsoxford.org/briefings/2019/Cyberwarfare - Political... · 2019. 1. 30. · Cyberwarfare Introduction Cyberwarfare defines any form of conflict

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

  • Cyberwarfare

    Introduction

    Cyberwarfare defines any form of conflict conducted in cyberspace; i.e. the globally interconnected network of digital and telecommunications infrastructure. Hypothetical examples of cyberwarfare might include the use of malware to infect and incapacitate an adversary’s electrical power grid, nuclear reactor or water treatment systems.

    Given the technology and expertise required for large scale conflict of this type has emerged relatively recently, there is a distinct absence of legal conventions or geopolitical concurrence concerning both the scope of the term ‘cyberwarfare’ (i.e. as distinct from non-aggressive cyber operations) and the responsibilities of cyber belligerents under international humanitarian law. The need for a defined regulatory scheme and precise codification of these principles was highlighted by UN Secretary General Antonio Guterres in February 2018. Furthermore, the risk of interference or aggression by non-state actors is particular aggravated in the case of cyberwarfare due to the publicly accessible nature of cyberspace and transnational nature of communication infrastructures. This, combined with the impediments to formal accountability posed by botnets, IP spoofing etc. compounds the need for international cooperation in the formulation of cyber legislation.

    Recent Case Studies

    Stuxnet — In June 2010, an Iranian nuclear facility at Natanz was infiltrated by the Stuxnet virus, resulting in the destruction of 1000+ nuclear centrifuges. Stuxnet is widely believed to be the product of an unacknowledged covert campaign by the US and Israeli intelligence services, Operation Olympic Games.

    US Election —In 2017, the US accused Russian intelligence services of conducting cyber operations against targets associated with the 2016 Presidential election; specifically, that they maintained access to the Democratic National Committee networks from June 2015 - July 2016 to exfiltrate large quantities of sensitive information which were then publicly disclosed via WikiLeaks.

    US military — In 2014, a probe of the US Senate Armed Committee claimed to have found that hackers associated with the Chinese government had repeatedly infiltrated the computer systems of contractors affiliated with the US military.

    Saudi Aramco — In 2012, the Shamoon virus (a wiper logic bomb) was introduced into the computer system of Saudi Aramco, Saudi Arabia’s national oil company via an anonymous phishing email, supposedly by anonymous dissidents objecting to the oppressive regime of Abdullah bin Abdulaziz Al Saud.

  • Issues

    Jus ad bellum

    Jus ad bellum concerns the conditions under which entering into particular forms of warfare is legally justified. In the existing framework of international law, aggressive acts can be classified into 3 categories:

    The wrongful threat/use of force. These are prohibited under article 2(4) UN Charter but are in and of themselves insufficient to derogate states from their obligations under the Charter to abstain from force and pursue peaceful diplomatic settlement.

    Armed attacks

    Under article 51 of the UN charter, individual and collective self-defense is justified in response to armed attacks. In exercising this right, states are absolved of their responsibilities under article 2 (i.e. to abstain from force), provided they act in accordance with specific modalities governing this right that have emerged under international law; specifically:

    - Principle of necessity - Qualitative - self-defence is justified only in preventing further harm - Quantitative - the actions of self-defence shall use only the force/weaponry/militia required

    to prevent further harm and no more.

    - Principle of proportionality - The harm elicited in the exercise of self-defence to the belligerent and/or third parties must

    be justified by the gravity of the attack (i.e. in reasonable proportion to the quantity of harm it aims to prevent).

    - Threat to the peace - When an act is determined to constitute a threat to the peace, the Security Council is

    empowered (by article 24 and Chapter 7 of the Charter) to take forcible measures to resolve the dispute, including armed force, interruption of economic relations (sanctions) and communicative infrastructures.

    This taxonomy raises a number of issues in relation to cyber conflict:

    - Which operations constitute uses of force? - Hence - what constitutes legitimate self-defense (i.e. in cases of non-armed conflict)? - How should we understand? - Should the measures which the Security Council has authority to implement include the cyber

    domain (enforcing cyber blockades, military attacks against targets etc.)? - How should law of neutrality be extended to include non-combatants particularly given the

    difficulty of determining the precise geographical routing of many cyber operations? - How should ‘armed’ cyberattacks be distinguished from other operations?

    Possible grounds for distinction: - Effects (death, injury, disruptive etc.) - Intent of originating nation (i.e. to violate sovereignty) - Target (state-owned computer systems, critical infrastructures etc.) - How do these considerations extend to conflict with non-state actors?

    Jus in bello

  • Jus in bello defines the obligations of belligerents in situations of armed conflict. Also termed International Humanitarian Law (IHL), its principal contributions are from: The 4 Geneva Conventions of 1949 and its 2 additional protocols of 1977 4th Hague Convention of 1907

    The interpretation of these documents in the context of cyberwarfare raises a number of issues: How should we understand the humanitarian obligations of states conducting cyberwarfare, particularly in relation the treatment of civilians? For example, what measures constitute ‘attacks’ against civilians? Where should the distinction between civilian and combatant be drawn?

    Suggested Reading

    https://uk.reuters.com/article/us-un-guterres-cyber/u-n-chief-urges-global-rules-for-cyber-warfare-idUKKCN1G31Q4

    http://unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdf

    https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0

    https://www.dni.gov/files/documents/ICA_2017_01.pdf

    https://www.reuters.com/article/us-usa-military-cyberspying/chinese-hackers-breach-u-s-military-contractors-senate-probe-idUSKBN0HC1TA20140917

    https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html

    https://uk.reuters.com/article/us-un-guterres-cyber/u-n-chief-urges-global-rules-for-cyber-warfare-idUKKCN1G31Q4https://uk.reuters.com/article/us-un-guterres-cyber/u-n-chief-urges-global-rules-for-cyber-warfare-idUKKCN1G31Q4http://unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdfhttps://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0https://www.dni.gov/files/documents/ICA_2017_01.pdfhttps://www.reuters.com/article/us-usa-military-cyberspying/chinese-hackers-breach-u-s-military-contractors-senate-probe-idUSKBN0HC1TA20140917https://www.reuters.com/article/us-usa-military-cyberspying/chinese-hackers-breach-u-s-military-contractors-senate-probe-idUSKBN0HC1TA20140917https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html

Mediating Technomoral Care: Taking Cyberwarfare Beyond ...essay.utwente.nl/76901/1/Melnyk_MA_BMS.pdf · Mediating Technomoral Care: Taking Cyberwarfare Beyond State Level Master Thesis

Mediating Technomoral Care: Taking Cyberwarfare Beyond ...essay.utwente.nl/76901/1/Melnyk_MA_BMS.pdf · Mediating Technomoral Care: Taking Cyberwarfare Beyond State Level Master Thesis

Documents
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare

Documents
Professional briefings

Professional briefings

Education
Cyberwarfare focusing on higher education as a prime target

Cyberwarfare focusing on higher education as a prime target

Internet
Civilians in Cyberwarfare: Casualties

Civilians in Cyberwarfare: Casualties

Documents
Exec Briefings

Exec Briefings

Documents
Cyberwarfare & Cybersecurity

Cyberwarfare & Cybersecurity

Documents
Visual 5.1 Briefings Unit 5: Briefings. Visual 5.2 Briefings Describe components of field, staff, and section briefings/meetings. Plan to give an

Visual 5.1 Briefings Unit 5: Briefings. Visual 5.2 Briefings Describe components of field, staff, and section briefings/meetings. Plan to give an

Documents
UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN · 2020. 2. 25. · UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN WEITZ* ABSTRACT Cyberwarfare

UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN · 2020. 2. 25. · UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN WEITZ* ABSTRACT Cyberwarfare

Documents
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy

Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy

Education
ICT Security 2011 - Cyberwarfare: intelligence penetration_response

ICT Security 2011 - Cyberwarfare: intelligence penetration_response

Technology
University briefings

University briefings

Education
North Korea and Cyberwarfare: How North Korea’s Cyber Attacks …s-space.snu.ac.kr/bitstream/10371/85190/1/02_Tom Papain.pdf · 2019-04-29 · North Korea and Cyberwarfare: How

North Korea and Cyberwarfare: How North Korea’s Cyber Attacks …s-space.snu.ac.kr/bitstream/10371/85190/1/02_Tom Papain.pdf · 2019-04-29 · North Korea and Cyberwarfare: How

Documents
Information Operations, Cyberwarfare

Information Operations, Cyberwarfare

Documents
THE FAILED APPLICATION OF JUST WAR DOCTRINE TO CYBERWARFARE

THE FAILED APPLICATION OF JUST WAR DOCTRINE TO CYBERWARFARE

Documents
Cetmons Cyberwarfare

Cetmons Cyberwarfare

News & Politics
The Ethics of Cyberwarfare - Penn Law

The Ethics of Cyberwarfare - Penn Law

Documents
Cyberwarfare and Artificial Intelligenceethics.calpoly.edu/iceland_program.pdf · Welcome to our workshop on the social, ethical, and legal implications on cyberwarfare and artificial

Cyberwarfare and Artificial Intelligenceethics.calpoly.edu/iceland_program.pdf · Welcome to our workshop on the social, ethical, and legal implications on cyberwarfare and artificial

Documents
CyberWarfare - uniroma1.itsicurezza.dis.uniroma1.it/sites/default/files/allegati_notizie/cyberwarfare (ridotto).pdfCyberWarfare Prof.&Ing.&Claudio&CILLI cilli@di.uniroma1.it h7p://dsi.uniroma1.it/~cilli&

CyberWarfare - uniroma1.itsicurezza.dis.uniroma1.it/sites/default/files/allegati_notizie/cyberwarfare (ridotto).pdfCyberWarfare Prof.&Ing.&Claudio&CILLI [email protected] h7p://dsi.uniroma1.it/~cilli&

Documents
Decoding China’s CyberWarfare: Perceptions, Strategies, and … · 2014. 2. 6. · Decoding China’s CyberWarfare: Perceptions, Strategies, and Capabilities Dr. Michael Raska Research

Decoding China’s CyberWarfare: Perceptions, Strategies, and … · 2014. 2. 6. · Decoding China’s CyberWarfare: Perceptions, Strategies, and Capabilities Dr. Michael Raska Research

Documents
By Disanalogy, Cyberwarfare is Utterly Newkryten.mm.rpi.edu/SB_JL_cyberwarfare_disanalogy_112113IT.pdf · By Disanalogy, Cyberwarfare is Utterly New Selmer Bringsjord Rensselaer Polytechnic

By Disanalogy, Cyberwarfare is Utterly Newkryten.mm.rpi.edu/SB_JL_cyberwarfare_disanalogy_112113IT.pdf · By Disanalogy, Cyberwarfare is Utterly New Selmer Bringsjord Rensselaer Polytechnic

Documents
Apollo Briefings

Apollo Briefings

Documents
AnalyticalReport Cyberwarfare& Cyberterrorism

AnalyticalReport Cyberwarfare& Cyberterrorism

Documents
Cyberwarfare by Stefano Mele

Cyberwarfare by Stefano Mele

Documents
Principles of Cyberwarfarepages.erau.edu/~andrewsa/bumgarner3_1.pdfwarfare principles apply to cyberwarfare, others have no meaning in cyberwarfare, and a few may actually be antagonistic

Principles of Cyberwarfarepages.erau.edu/~andrewsa/bumgarner3_1.pdfwarfare principles apply to cyberwarfare, others have no meaning in cyberwarfare, and a few may actually be antagonistic

Documents
A Cyberwarfare Weapon: Slowreq

A Cyberwarfare Weapon: Slowreq

Technology
Cyberwarfare and Aggressiveness in Cyberspace

Cyberwarfare and Aggressiveness in Cyberspace

Presentations & Public Speaking
Cyberwarfare e Cyberspace: Aspetti Concettuali, Fasi ed ... · 3. Fasi della Cyberwarfare: Globalizzazione, Network e Cyberterrorismo..... 48 3.1 Cyberspazio e Cyberwarfare – un

Cyberwarfare e Cyberspace: Aspetti Concettuali, Fasi ed ... · 3. Fasi della Cyberwarfare: Globalizzazione, Network e Cyberterrorismo..... 48 3.1 Cyberspazio e Cyberwarfare – un

Documents
CW9Z66 Briefings

CW9Z66 Briefings

Documents
Briefings A2

Briefings A2

Documents