Cyberthreats

Introduction

The Evolution of Cyberthreats

• Dependency, Interconnectivity, and New Vulnerabilities
• Boundlessness, Anonymity, and Technological Progress
• The Vagueness of Cyberintrusions and Unclear Responsibilities
• The Problem of Attribution and Sovereignty in Cyberspace

Understanding Cyberthreats

Technical Background

• Computerization and Interconnectivity
• The Role of Hard- and Software
• Oligarchy
• Flaws

Institutional Background

• The Evolution of the Internet
• A Short History of Governance in Cyberspace
• Actors and Terms
• Hackers
• Script Kiddies and Cybervigilantes
• Non-State Actors with a Political Agenda
• System Administrators and Cybersecurity Companies
• Cybercriminals
• ICT Companies
• State Actors and CERTs
• The Mass Media

Nature of Cyberweapons

Tools

• Viruses and Worms
• Backdoors: Trojans and Rootkits
• Botnets

Techniques

• DoS Attacks
• Infiltration
• Social Engineering
• Probing, Sniffing, and Mapping
• Anonymization Techniques
• Ever-Growing Sophistication

Cyberthreats and Critical Infrastructure

• Definition and Risk Assessment of Critical Infrastructure
• Critical Information Infrastructure

CII as Catalyst for Vulnerabilities

• Connectivity
• Ownership
• Origin
• Interdependencies

The Internet as CII

• Critical Elements of the Internet
• The Internet’s International Character
• Case Study: The Susceptibility of Power Grids to Cyberattacks
• Cyberattacks Against Critical Infrastructure – A Probable Danger?

The Scope of Cyberthreats

Myth or Reality? Case Studies on Reported Cyberincidents

• Evolution of Cyberthreats as a Matter of National Security
• Estonia
• South Ossetia War
• Kyrgyzstan
• GhostNet – Tibetan Authorities
• Stuxnet – Iranian Nuclear Program
• Operation Aurora – Google vs China
• Other Occurrences and Trends
• Analysis and Lessons Learned

Strategic Reflections on Cyberintrusions

A Challenge for International Law

Part II Interstate Cyberthreats

Outlining Cyberwar

• Definition
• The Role of Cyberspace in Warfare

National and Regional Strategies

• United States of America
• People’s Republic of China
• Russian Federation
• European Union
• North Atlantic Treaty Organization
• Others
• A New “Cyber Cold War” ?
• Cyberwar in International Law

The Contemporary Jus Ad Bellum

• The Prohibition of the Use of Force

Self-Defense

• Armed Attack
• Aggression
• Indirect Force
• State Responsibility for the Conduct of Non-State Actors
• Immediacy
• Necessity and Proportionality
• Collective Self-Defense and Regional Collective Security
• The Role of the Security Council with Regard to Self-Defense

Action Taken by the Security Council under Chapter VII of the UN Charter

• Measures under Article UN Charter
• Force Authorized by the Security Council
• Retorsions and Reprisals
• The Principle of Non-Intervention

Cyberwar and the Jus Ad Bellum

The Use of Force in Cyberspace

• The Obscurity Dilemma
• The Consequential Dilemma
• Cyberattacks as Use of Force
• Schmitt’s Scheme
• Measurability
• Presumptive Legitimacy
• Severity
• Immediacy and Directness
• The Threat of the Use of Force in Cyberspace

Self-Defense

• Cyberattacks as Armed Attack
• Invasion, Occupation, and Attacks Against the Territory of a State
• Naval Blockade vs Infoblockade
• Attack Against the Armed Forces of a State
• Third State Involvement
• Indirect Force
• State Responsibility for Cyberwar Activities by Non-State Actors
• Immediacy
• Necessity and Proportionality
• Adequate Form for Self-Defense Against Cyberattacks
• Collective Cyber Self-Defense and Collective Cybersecurity
• The Role of the Security Council with Regard to Self-Defense Against Cyberattacks

Security Council Actions under Chapter VII

• Cybermeasures Under Article UN Charter
• Cyberforce Authorized by the Security Council
• Cyberspace and the Maintenance of International Peace and Security
• Retorsions and Reprisals in Response to Cyberattacks
• Cyberattack asIntervention or Other UnlawfulAct UnderInternational Law

Neutrality and Cyberwar

• Inviolability of Neutral Territory
• Telecommunication-Specific Provisions
• Neutral Popular Participation

Cyberespionage in the Jus Ad Bellum

Cyberwar and the Jus in Bello

• Introduction

Applicability of IHL on Cyberwar

• International Armed Conflict
• Violence
• Non-International Armed Conflict

IHL Aspects Relevant to Cyberwar

• Distinction
• Military Objectives
• Dual-Use and Human Shields
• Discrimination
• Precautions and Proportionality
• Feasibility
• Differentiated Responsibility Due to Technical Proficiency
• Specifically Protected Objects
• Cultural Property
• Works and Installations Containing Dangerous Forces
• Natural Environment
• Indispensible Objects
• Ruses of War and Perfidy
• Weapon Restrictions

The Legal Status of Involved Actors

• Combatant Status
• Cyberwarriors: Combatants or Civilians?
• The Problem of Visual Distinction
• Cybermercenaries and Private Contractors

Direct Participation in Hostilities

• The ICRC Interpretive Guide
• The Expert Meeting Report
• Undue Preference for Cyberattacks Among Civilians?
• Critical Examination of the Examples in the ICRC Guide
• Belligerent Nexus
• The Temporal Element of Loss of Immunity
• Unintentional Participation in Hostilities
• Involuntary Participation in Hostilities
• Wanton Participation
• Uncertainty Prevails – A Call for Generalization?

Cyberespionage in the Jus in Bello

Part III Non-State Actor Cyberthreats

Cyberterrorism

• The Changing Face of Terrorism
• The Challenge of Cyberspace
• Why Cyberterrorism?

A Real Threat or Just Exaggerated Cyberangst?

• The Use of Cyberspace for Terrorist Purposes
• The Elements of Cyberterrorism
• The Likeliness of Cyberterrorism
• Probable Manifestation of Cyberterrorism

Definition of Cyberterrorism

• Shifting from a Terrorist Intents-Based to an Effects-Based Approach
• Delimitation by the Scale of Attacks

The Convention on Cybercrime

• Scope of the Convention and its Application on Cyberterrorism
• Prevention of State-Sponsored Cyberattacks?

Hacktivism and Webtivism

• The Use of Cyberspace for Political Purposes
• A Case Study of Hacktivism: Anonymous
• Patriotic Hacking

Human Rights Aspects

• Censorship in Cyberspace
• Surveillance in Cyberspace
• Balancing Human Rights

New Instruments to Tackle Cyberterrorism?

Part IV Jurisdiction and Cyberspace

Possible Bases of Jurisdiction

• Principles of Jurisdiction
• The Jurisdictional Regime of the Convention on Cybercrime
• Universal Jurisdiction
• Possible ICC Jurisdiction?

Applying Traditional Principles to Cyberspace

• Enforcement

Cyberspace as International Space

Analogies to the High Seas

• Hot Pursuit
• Piracy

Jurisdictional Responses to Cyberintrusions

Part V A New Approach Toward Cyberthreats

Summary of Research Results

• Concept of Cyberthreats

Interstate Cyberthreats

• The Jus Ad Bellum
• The Jus in Bello
• Non-State Actor Cyberthreats
• Jurisdiction and Cyberspace

Recommendations to the International Community

• Separate Consideration of State and Non-State Actor Threats
• Harmonization of State Practice
• Shaping of a Global Opinion

Adaptation of the Law of Armed Conflict

• The Current Situation
• Reasons for Action
• Elaboration of a Compendium of State Positions
• Exclusion of Cyberespionage
• Obstacles
• The Use of Force Quandary
• The Obscurity Dilemma
• International Humanitarian Law not (yet) in the Spotlight

New Instruments

• Arms Control Regimes
• Arms Control Based on Monitoring and Verification
• Arms Control Based on a Declaration of Principles
• Non-State Actors
• Harmonization to Address Serious Cyberattacks
• Establishment of Cooperative Procedures
• Address Massive Compromisation
• Leave Out Content Issues
• Potential Controversy
• State-Borne Threats
• Non-State Actor Threats

Overarching Obstacles

• Obstacles to Investigation
• Anonymity
• Absence of Evidence Standards
• Obstacles to Cooperation: Differing Agendas and Capabilities
• Remedy by Other Types of Cooperation