Why the Law of Armed Conflict (LOAC) Must Be Expanded to Cover Vital Civilian Data
By Colonel Beth D. Graboritz Lieutenant Colonel James W. Morford Major Kelley M. Truax
| November 18, 2020
In June 2017, during Ukraine’s multi-year undeclared war with Russia, the NotPetya worm hit Ukraine as part of a “scorched-earth testing ground for Russian cyberwar tactics.” Between 2015 and 2016, Kremlin-backed hackers known as Sandworm focused on Ukrainian government organizations and companies. In the NotPetya cyber-attack against Ukraine, this worm spread automatically, rapidly, and indiscriminately throughout thousands of computers worldwide, crippling multinational companies, including maritime shipping giant Maersk, pharmaceutical giant Merck, food producer Mondelēz International, and even Russia’s state-owned oil company, Rosneft. NotPetya is unlike other malware to date because its goal was purely destructive. It mimicked ransomware but was, in reality, more sinister since there was no amount of ransom that could be paid to decrypt a system’s data because no decryption key even existed. Damages associated with the 2017 NotPetya attack exceeded $10 billion. While there was no loss of life, former U.S. Department of Homeland Security advisor Tom Bossert equated NotPetya’s destructiveness to “using a nuclear bomb to achieve a small tactical victory.”
FULL ARTICLE HERE