As the digital landscape grows more intricate and cyber threats escalate, legal practitioners worldwide face a pressing challenge: applying international law to cyber operations. Since its launch in 2019, the Cyber Law Toolkit has emerged as a critical web-based resource, offering legal professionals scenario-based insights to tackle complex cybersecurity issues through the lens of international law. A project spearheaded by the University of Exeter in partnership with global institutions, the Toolkit combines real-world examples, hypothetical scenarios, and detailed legal analysis to bridge the gap between academic theory and actionable practice.
The Toolkit’s value lies in its approach to the legal challenges posed by cyber operations—issues that require timely and precise guidance. It currently offers 32 carefully crafted hypothetical scenarios, each inspired by real incidents and coupled with legal analysis, to provide a roadmap for interpreting international law’s applicability to specific cyber activities. Designed to help professionals understand how the law interacts with cyber incidents, the Toolkit’s scenarios tackle pressing questions, such as the legal implications of election interference, attacks on critical infrastructure, and data theft. Each scenario is comprehensive, featuring factual descriptions, in-depth legal analyses, and reference checklists that outline critical considerations for legal advisors managing similar real-life cases.
Key Real-World Example Additions in 2023
In 2023, the Toolkit expanded to address four major cyber incidents that highlight evolving cyber threats and the international legal challenges they present. The first incident occurred in Pennsylvania in November 2023, where a hacktivist group named Cyber Av3ngers targeted a programmable logic controller (PLC) at a water authority’s pump station. The attack, credited by the United States to the Iranian Islamic Revolutionary Guard Corps (IRGC), involved compromising a Unitronics Vision system—a PLC known to have vulnerabilities that allow hackers to insert malicious code. The attackers claimed they targeted the device due to its Israeli origins, and they left a message on the system reading, “You have been hacked. Down with Israel. Every equipment [sic] ‘made in Israel’ is a Cyber Av3ngers legal target.” Although the water authority quickly contained the attack by switching to manual operation, the incident prompted the U.S. Treasury to impose sanctions on six IRGC Cyber Electronic Command officials, underscoring the serious implications of such cyber operations on critical infrastructure.
Another scenario added in 2023 involved a coordinated cyber attack by the Russian-aligned hacktivist group KillNet on NATO’s aid mission to Turkey and Syria following the devastating earthquake in February. KillNet, suspected of operating in alignment with Russia’s objectives, launched a series of distributed denial-of-service (DDoS) attacks on NATO systems and the Strategic Airlift Capability (SAC). This multinational NATO program is vital in providing airlift support for humanitarian missions. The cyber operations disrupted the NATO NR network and temporarily interrupted contact with an in-flight SAC aircraft, prompting NATO’s cyber teams to respond swiftly. While no aircraft damage was reported, this incident highlighted the vulnerability of humanitarian aid operations in conflict-affected regions and raised concerns about the potential implications for international law, especially concerning cyber attacks on aid missions.
The third new scenario in the Toolkit focuses on a data breach at the International Criminal Court (ICC). Though the exact timing of the breach remains undisclosed, this incident brought attention to the vulnerabilities of international organizations in cyberspace. The ICC, which often handles highly sensitive cases involving war crimes and international justice, saw its data compromised, raising alarms about security protocols and data protection within international bodies. The breach remains under investigation, but the situation has led the ICC to reinforce its data security measures, reflecting the growing need for robust cyber protections within such organizations.
Lastly, the 2023 updates include a disturbing cyber incident involving a video allegedly showing the beheading of a Ukrainian prisoner of war by Russian forces. First appearing in April 2023, the video quickly circulated across social media platforms. Although questions remain regarding its authenticity, the graphic content highlights the use of cyberspace for psychological warfare. This event has stirred international condemnation and intensified discussions around cyber operations that spread potentially unlawful or violent content. The incident underscores the legal complexities surrounding cyber activities that intersect with international humanitarian law, especially in active conflict zones like Ukraine.
These new scenarios embody the Toolkit’s commitment to providing timely, relevant resources that reflect current cyber threats and the legal responses they demand. Through these real-world incidents, the Toolkit remains an essential, evolving resource for legal professionals and policymakers grappling with the complexities of international law in cyberspace.
National Positions on International Cyber Law
One of the key features of the Cyber Law Toolkit is its repository of publicly available national positions on the application of international law to cyber operations. As of 2024, this collection includes contributions from more than 30 countries, providing insights into how different nations interpret and apply international legal frameworks to cyber activities. This section is continuously updated to reflect new statements, evolving legal stances, and emerging international consensus on cyber norms.
In 2023 and 2024, several countries added or updated their positions, reflecting a growing commitment worldwide to addressing cyber issues under international law. For instance, Costa Rica and Pakistan issued new statements in 2023, joining other countries that have clarified their approaches to cybersecurity norms and obligations. Additionally, Denmark and Ireland provided their updated stances in 2023, contributing to an expanding dialogue on international cyber legal principles in the European region.
In 2024, the African Union released its position, marking a significant step toward continental engagement in international cyber law and establishing a framework to support the cybersecurity interests of African member states. Austria and the Czech Republic also updated their positions in 2024, underscoring their active roles within Europe in shaping a cohesive regional approach to cyber operations under international law. This recent engagement reinforces the international community’s efforts to build consensus around norms that support transparency, security, and accountability in cyberspace.
The repository’s value lies in providing legal practitioners, policymakers, and researchers with direct access to national perspectives, enabling comparative analysis of approaches across diverse legal systems and geopolitical contexts. Each national position is carefully curated to reflect the legal and strategic priorities of each country, thereby contributing to a comprehensive understanding of how international law is evolving in response to the unique challenges of cyberspace.
By showcasing these perspectives, the Cyber Law Toolkit enables users to gain insights into global attitudes toward cyber governance and international security. As more countries continue to release and refine their positions, this resource remains a pivotal reference point for those working in international cyber law, fostering a clearer path toward cohesive and cooperative norms in an increasingly complex digital world.
An International Collaboration
Developed with support from a coalition of respected institutions, the Toolkit brings together diverse expertise from around the world. Key partners include the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), University of Exeter, the U.S. Naval War College, and Wuhan University in China. Each partner brings distinct perspectives, enriching the Toolkit’s resources with contributions from cybersecurity, defense, academia, and humanitarian law.
The Toolkit’s editorial team, led by General Editor Dr. Kubo Mačák (University of Exeter), Managing Editor Tomáš Minárik (NÚKIB), and Scenario Editor Otakar Horák (CCDCOE), ensures that every scenario is peer-reviewed and that content is well-aligned with international legal standards. Over 40 legal experts have participated in the review process, bringing a broad spectrum of views to create a resource that is rigorous, practical, and accessible.
An Evolving Resource for Legal and Cyber Professionals
By offering a living, adaptable resource that reflects the latest incidents and legal debates, the Cyber Law Toolkit empowers professionals across fields to navigate the nuanced domain of international cyber law. Legal practitioners, government advisors, and academics alike can rely on the Toolkit not only as a reference but as a collaborative platform for exploring new legal boundaries in the cyber realm.
Available online and accessible free of charge, the Cyber Law Toolkit is more than a resource—it is a community-driven project poised to adapt to the challenges of tomorrow.
News Source
International cyber law: interactive Toolkit. Cyberlaw.ccdcoe.org. (2024). Retrieved 29 October 2024, from https://cyberlaw.ccdcoe.org/wiki/Main_Page.
*Published with permission via Creative Commons (CC BY-SA 4.0).
Assisted by GAI and LLM Technologies
Source: HaystackID with Permission from ComplexDiscovery OÜ
