The Experts below are selected from a list of 150 Experts worldwide ranked by ideXlab platform
Ido Kilovaty - One of the best experts on this subject based on the ideXlab platform.
-
world wide web of exploitations the case of peacetime Cyber espionage Operations under international law towards a contextual approach
2016Co-Authors: Ido KilovatyAbstract:The emergence of Cyber espionage, as well as the ability to leak gathered sensitive information, has exacerbated the complexity of determining the legality of espionage under international law. Cyber espionage, just like other Cyber Operations, offers a highly sophisticated, relatively inexpensive, and accessible medium to achieve certain informational, political, and Operational goals. The indeterminacy of Cyber espionage in international law has given rise to various arguments as to which international norms and principles are applicable to Cyber espionage. Divergent positions, however, focus only on certain aspects of Cyber espionage. For this reason, the scope of legal treatment of Cyber espionage is limited and lacks context. The purpose of this article is to reject this dichotomous approach and propose a more nuanced framework for addressing Cyber espionage in international law. Cyber Operations should be analyzed on a continuum that triggers different norms depending on the context and consequences. The contextual approach focuses on the effects of a Cyber Operation and the context in which it occurs to determine the relevant set of norms applicable to it.
-
World Wide Web of Exploitations – The Case of Peacetime Cyber Espionage Operations under International Law: Towards a Contextual Approach
2016Co-Authors: Ido KilovatyAbstract:The emergence of Cyber espionage, as well as the ability to leak gathered sensitive information, has exacerbated the complexity of determining the legality of espionage under international law. Cyber espionage, just like other Cyber Operations, offers a highly sophisticated, relatively inexpensive, and accessible medium to achieve certain informational, political, and Operational goals. The indeterminacy of Cyber espionage in international law has given rise to various arguments as to which international norms and principles are applicable to Cyber espionage. Divergent positions, however, focus only on certain aspects of Cyber espionage. For this reason, the scope of legal treatment of Cyber espionage is limited and lacks context. The purpose of this article is to reject this dichotomous approach and propose a more nuanced framework for addressing Cyber espionage in international law. Cyber Operations should be analyzed on a continuum that triggers different norms depending on the context and consequences. The contextual approach focuses on the effects of a Cyber Operation and the context in which it occurs to determine the relevant set of norms applicable to it.
Marco Roscini - One of the best experts on this subject based on the ideXlab platform.
-
Evidentiary issues in international disputes related to state responsibility for Cyber Operations
2015Co-Authors: Marco RosciniAbstract:In spite of the crucial importance of evidentiary issues, works on inter-state Cyber Operations, both above and below the level of the use of force, have so far focused on whether such Operations are consistent with primary norms of international law and on the remedies available to the victim state under the jus ad bellum and the law of state responsibility, and have almost entirely neglected a discussion of the evidence the victim state needs to produce to demonstrate, either before a judicial body or elsewhere, that an unlawful Cyber Operation has been conducted against it and that it is attributable to another state. The present article fills this gap. It starts with a brief account of the international law of evidence and then discusses who has the burden of proof in relation to claims seeking remedies (including reparation) for damage caused by Cyber Operations. It then analyzes the standard of proof required in the Cyber context. Finally, the possible methods of proof are examined, distinguishing between those which are admissible and those which are inadmissible.
-
Cyber Operations: Identifying the Problem and the Applicable Law (Chapter 1)
2014Co-Authors: Marco RosciniAbstract:The internet has changed the rules of many industries, and war is no exception. But can a computer virus be classed as an act of war? Does a Denial of Service attack count as an armed attack? And does a state have a right to self-defense when attacked in Cyber space? With the range and sophistication of Cyber attacks against states showing a dramatic increase in recent times, this book investigates the traditional concepts of 'use of force', 'armed attack', and 'armed conflict' and asks whether existing laws created for analogue technologies can be applied to new digital developments. The book provides a comprehensive analysis of primary documents and surrounding literature to establish whether and how existing rules on the use of force in international law apply to Cyber Operations. In particular, it assesses the rules of the jus ad bellum, the jus in bello, and the law of neutrality (whether based on treaty or custom), and analyses why each rule applies or does not apply in the Cyber context. Those rules which can be seen to apply are then discussed in relation to each specific type of Cyber Operation. The book addresses the key questions of whether a Cyber Operation amounts to the use of force and, if so, whether the victim state may exercise its right of self-defense; whether Cyber Operations trigger the application of international humanitarian law when they are not accompanied by traditional hostilities; what rules must be followed in the conduct of Cyber hostilities; how neutrality is affected by Cyber Operations; and whether those conducting Cyber Operations are combatants, civilians, or civilians taking direct part in hostilities. The book is essential reading for everyone wanting a better understanding of how international law regulates Cyber combat.
-
Cyber Operations and the Use of Force in International Law
2014Co-Authors: Marco RosciniAbstract:The internet has changed the rules of many industries, and war is no exception. But can a computer virus be classed as an act of war? Does a Denial of Service attack count as an armed attack? And does a state have a right to selfdefence when attacked in Cyberspace? With the range and sophistication of Cyber attacks against states showing a dramatic increase in recent times, this book investigates the traditional concepts of ‘use of force’, ‘armed attack’, and ‘armed conflict’ and asks whether existing laws created for analogue technologies can be applied to new digital developments. The book provides a comprehensive analysis of primary documents and surrounding literature to establish whether and how existing rules on the use of force in international law apply to Cyber Operations. It assesses the rules of the jus ad bellum, the jus in bello, and the law of neutrality (whether based on treaty or custom), and analyses why each rule applies or does not apply in the context of Cyber Operations. Those rules which can be seen to apply are then discussed in relation to each specific type of Cyber Operation. The book addresses the key questions of whether a Cyber Operation amounts to a use of force and, if so, whether the victim state can exercise its right of self-defence; whether Cyber Operations trigger the application of international humanitarian law when they are not accompanied by traditional hostilities; what rules must be followed in the conduct of Cyber hostilities; how neutrality is affected by Cyber Operations; and whether those conducting Cyber Operations are combatants, civilians, or civilians taking direct part in hostilities. The book is essential reading for everyone wanting a better understanding of how international law regulates Cyber combat
-
Cyber Operations as a use of force
Research Handbook on International Law and Cyberspace, 1Co-Authors: Marco RosciniAbstract:The determination of the threshold above which a Cyber Operation amounts to a use of force under Article 2(4) of the UN Charter has proved to be a very contentious issue. The present Chapter addresses this problem and first establishes what is meant by ‘armed’ force and whether Cyber Operations can qualify as such. It then distinguishes between Cyber attacks and Cyber exploitation and, within the former, between Cyber attacks that cause, or are reasonably likely to cause, physical damage to persons or property, those that incapacitate infrastructures without physically damaging them, and other Cyber attacks and Cyber-related conduct.
-
Cyber Operations as a use of force
Research Handbook on International Law and Cyberspace, 1Co-Authors: Marco RosciniAbstract:The provisions on the use of force contained in the UN Charter apply to Cyber Operations conducted by states against other states even though the rules were adopted well before the advent of Cyber technologies. This chapter argues that a Cyber Operation is a use of armed force when it entails the use of a ‘weapon’ accompanied by a coercive intention. This occurs not only in the case of Cyber attacks designed to cause physical damage to property, loss of life or injury of persons, but also of Cyber attacks employing capabilities that render ineffective or unusable critical infrastructures so to cause significant disruption of essential services, even when they do not materially damage those infrastructures. Indeed, the increasing digitalization of today’s societies has made it possible to cause considerable harm to states through non-destructive means: physical infrastructures can be incapacitated by affecting their operating systems, with consequent disruption of services but without the need to destroy them. An evolutive interpretation of Article 2(4) should take this into account. On the other hand, Cyber exploitation carried out to collect information may be a violation of the sovereignty of the targeted state when it entails an unauthorized intrusion into the Cyber infrastructure located on its territory, but not intervention and even less a use of force, as it lacks the coercive element and does not involve the use of a destructive payload capable of resulting in physical damage to property, loss of life, injury of persons, or malfunction of infrastructure.
Jan Van Den Berg - One of the best experts on this subject based on the ideXlab platform.
-
MILCOM - Assessment Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations
MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018Co-Authors: Clara Maathuis, Wolter Pieters, Jan Van Den BergAbstract:Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.
-
Assement Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations
2018Co-Authors: Clara Maathuis, Wolter Pieters, Jan Van Den BergAbstract:Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical – military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.
Clara Maathuis - One of the best experts on this subject based on the ideXlab platform.
-
MILCOM - Assessment Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations
MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018Co-Authors: Clara Maathuis, Wolter Pieters, Jan Van Den BergAbstract:Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.
-
Assement Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations
2018Co-Authors: Clara Maathuis, Wolter Pieters, Jan Van Den BergAbstract:Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical – military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.
Adamson Liisi - One of the best experts on this subject based on the ideXlab platform.
-
Application of the Non-Intervention Principle to Low-Intensity Cyber Operations
Helsingin yliopisto, 2015Co-Authors: Adamson LiisiAbstract:Present work focuses on the non-intervention principle and low-intensity Cyber Operations. More specifically, its main question is, whether the principle of non-intervention applies to low-intensity Cyber Operations and if it does, is the legal framework of non-intervention principle an effective way to regulate peacetime low-intensity Cyber Operations. Information Age and the rapid development of ICTs have provided hostile actors the opportunity to exploit the advantages Cyberspace offers. Fear for the largely unknown has fostered a rich academic debate around the applicability of the use of force and LOAC. Yet, all of the information Operations we have seen thus far have remained under the Article 2(4) threshold and that will most likely be the trend also in the future. Low-intensity Cyber Operations, meaning those that do not produce any damage or the damage caused is insignificant, can affect severely the everyday functioning of a heavily technology dependent State. They are inexpensive, easy to deploy, effective and can be used during peacetime with the added benefit of attacker anonymity. Thus, understanding the international law framework covering such Operations is of outmost importance. The thesis first looks at the concept of sovereignty in relation to Cyberspace, since the non-intervention principle derives from the notion of sovereignty. Due to Cyberspace’s intangible nature, two main misconceptions have arisen. Firstly, Cyberspace is often mistakenly found to be part of the global commons. Secondly, Cyberspace is often seen as a domain, where States cannot assert their authority. Whilst addressing those two misconceptions, it is concluded that neither of those arguments is particularly true. States can exercise sovereignty and assert authority over the information infrastructure located in their territory. Theoretical framework of the non-intervention principle sets forth that the principle has a dual legal basis. Grounded on the one hand in treaty law and on the other hand customary international law, the principle was most clearly delineated by the UN from 1960s to 1980s. Generally, the non-intervention principle is said to consist of two elements: coercion and intervention that affects the internal or external affairs of the State. It is established that the nature of coercion has changed over time. That is also what this present work is grounded in. Cyber Operations represent the next step in the evolution of States’ interventionist means. Whilst applying the international law framework of non-intervention principle to low-intensity Cyber Operations it becomes clear that the standards applied within the framework are too high to effectively regulate such offensive Operations. The scope of States’ margin of appreciation regarding domaine réservé has been significantly reduced and the level of coercion needed to effectively apply the non-intervention principle does not correspond to today’s security environment. States are increasingly using Cyber Operations to achieve their strategic goals. From Estonia in 2007 to Sony in 2014 the interventionist means of States have grown to be less intensive, yet more penetrating, long-term and effective. A vivid example is Cyber espionage, which is often disregarded in the discourse as a matter that is already resolved. Yet, as the Cyber means grow more effective, Cyber espionage through low-intensity Cyber Operations becomes more penetrative and the line between violation of sovereignty and non-intervention principle becomes clouded. In order for a Cyber Operation to breach the non-intervention principle, it must have a coercive nature and not be categorised as mere intrusion. The examples of State-on-State Cyber Operations show that none of the known Cyber attacks has crossed the UN Charter Article 2(4) threshold. Instead they could be seen as unlawful interventions if extensive interpretation is applied. That leads to the second question of the present work: is the non-intervention principle effective in tackling the low-intensity Cyber Operations? Whereas the framework of the non-intervention principle is valid and relevant, the standards applied therein, developed close to three decades ago, do not adequately consider the changed security landscape of the 21st century. While the security threats become more penetrative and invasive, yet the interventionist means become low-intensity, the international community must look for feasible solutions for the technology future to come
