magnify
Home Posts tagged "NotPetya"

The NotPetya Cyber Operation as a Case Study of International Law

Published on July 11, 2017        Author:  and

The recent “NotPetya” cyber-operation illustrates the complexity of applying international law to factually ambiguous cyber scenarios. Manifestations of NotPetya began to surface on 27 June when a major Ukrainian bank reported a sustained operation against its network. The Ukrainian Minister of Infrastructure soon announced ‘an ongoing and massive attack everywhere’.  By the following day, NotPetya’s impact was global, affecting, inter alia, government agencies, shipping companies, power providers, and healthcare providers. However, there are no reports of NotPetya causing deaths or injuries.

Cybersecurity experts have concluded that despite being initially characterized as a ransomware attack similar to WannaCry and Petya, NotPetya was directed at specific systems with a purpose of ‘causing economic losses, sowing chaos, or perhaps testing attack capabilities or showing own power’. Additionally, most agree that Ukraine was the target of the operation, which bled over into other States. The key question, however, is the identity of the attacker. NATO Cooperative Cyber Defence Centre of Excellence experts have opined that ‘NotPetya was probably launched by a state actor or a non-state actor with support or approval from a state.’

Although the facts are less than definitively established, the EJIL: Talk! editors have asked us to analyse the incident on the assumption that it is factually and legally attributable to a State.  We begin with a peacetime international law survey and conclude with an international humanitarian law (IHL) analysis. Read the rest of this entry…