Influential resource on international cyber law updated for 2024
An influential legal resource used by countries around the world to understand and analyse legal aspects of the use of cyber capabilities on the international plane has been updated for 2024.
The Cyber Law Toolkit is a unique interactive online guidance on international law and cyber operations. It is used by governments and military lawyers around the globe.
The influential research project charts key cyber incidents around the world and contains a database of all available national positions on international law and cyber operations
It is used as a resource when government officials and military commanders seek legal advice ahead of operations, or when planning defences against cyber attacks.
The 2024 update includes new scenarios, real-world cyber incidents and national positions. Scenarios reflect some of the most pressing contemporary challenges in cyberspace, including state-sponsored cyber operations, incidents targeting critical infrastructure, and the evolving landscape of malicious cyber activities by non-state actors.
Countries are increasingly publishing their positions on international law in cyberspace. The Toolkit helps those who haven’t yet formalized theirs. Its database of national positions offers an unprecedented comparative tool to understand how different states approach the application of international law in cyberspace.
The 32 hypothetical scenarios each describe cyber incidents inspired by real-world examples, along with detailed legal analysis. These entries explore the applicability of international law to each scenario and the legal questions they raise.
Regular updates to the Toolkit ensure it remains aligned with the latest developments in international law and cyber operations. The 2024 update continues this tradition, providing fresh insights into the most recent global developments and reflecting the latest state practice and expert opinion in this rapidly evolving field.
The project team consists of Professor Kubo Mačák, from the University of Exeter, Tomáš Minárik from the Czech National Cyber and Information Security Agency and Otakar Horák, from the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). The individual scenarios and the Toolkit as a whole have been reviewed by more than 50 external experts and peer reviewers.
Professor Mačák said: “As cyber operations become more integral to military and governmental strategies, understanding the legal parameters is vital. The Cyber Law Toolkit continues to be an essential resource for those navigating these complex issues, offering up-to-date, practical guidance on how international law applies to cyber incidents.“
Among the new scenarios, Scenario 30 covers backdoors and implants, focusing on states establishing and countering backdoors in each other’s networks, Scenario 31 examines the sharing of degrading content during armed conflict, while Scenario 32 explores whether certain cyber operations could give rise to individual criminal responsibility for the crime of aggression.
The repository of real-world examples has grown to 72 incidents. Among the most recent additions from 2023 are: the cyber incident against a water authority in Pennsylvania, the operations against NATO’s aid mission in Turkey and Syria and the data breach at the International Criminal Court.
The Toolkit continues to expand its database of national positions, now tracking 39 national positions and one common position from the African Union. Several states, including Austria, the Czech Republic, and Costa Rica, have explicitly acknowledged the Toolkit as a resource relied on in preparing their positions. Costa Rica also highlighted the Toolkit as a legal capacity-building initiative during its statement at the UN Security Council open debate on Addressing evolving threats in cyberspace in June 2024.
The Toolkit is supported by six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China.
The project team is now inviting proposals for new scenarios for inclusion in the 2025 update. Each submission should describe a hypothetical cyber incident and discuss the international legal issues it presents. The submission deadline is 15 November 2024. Successful authors will receive an honorarium. For more information on the submission process, please download the full details here: Cyber Law Toolkit: Call for Submissions for the 2025 Annual Update (PDF).