> Details

Bendiek, Annegret [Author]; Schulze, Matthias [Author] ; Stiftung Wissenschaft und Politik -SWP- Deutsches Institut für Internationale Politik und Sicherheit

Attribution: a major challenge for EU cyber sanctions; an analysis of WannaCry, NotPetya, Cloud Hopper, Bundestag Hack and the attack on the OPCW

Reference
management

Bookmarks

Remove from
bookmarks

Share this on Whatsapp

Close

Bookmarks



You can manage bookmarks using lists, please log in to your user account for this.
  • Media type: E-Book
  • Title: Attribution: a major challenge for EU cyber sanctions; an analysis of WannaCry, NotPetya, Cloud Hopper, Bundestag Hack and the attack on the OPCW
  • Other titles: Attribution als Herausforderung für EU-Cybersanktionen: eine Analyse von WannaCry, NotPetya, Cloud Hopper, Bundestag-Hack, OVCW
  • Contributor: Bendiek, Annegret [Author]; Schulze, Matthias [Author]
  • Corporation:
  • Published: Berlin, 2021
  • Published in: SWP Research Paper ; Bd. 11/2021
  • Extent: 42 S.
  • Language: English
  • DOI: https://doi.org/10.18449/2021RP11
  • Identifier:
  • Keywords: EU ; Sicherheitspolitik ; Verteidigungspolitik ; GSVP ; Informationstechnologie ; Kommunikationstechnologie ; Kriminologie ; Völkerrecht ; Hacker ; Spionage ; Strafverfolgung ; Sanktion ; Europol ; Russland ; China ; Nordkorea ; Ständige Strukturierte Zusammenarbeit (EU) ; Telekommunikationspolitik ; Kritische Infrastrukturen ; Vermeidungsstrategie ; Computerkriminalität ; Cyberterrorismus ; Zuständigkeit ; Sanktionen nach Völkerrecht ; [...]
  • Origination:
  • Footnote: Veröffentlichungsversion
    begutachtet
  • Description: The attribution of cyberattacks is a sovereign act by the EU Member States. However, these all have different technical and intelligence capabilities. This leads to a lack of coherence in European cyber diplomacy, for exam­ple when imposing cyber sanctions. Analysis of policy responses to the WannaCry, NotPetya, Cloud Hopper, OPCW, and Bundestag hack cyber incidents reveals the following problems: Attribution takes a long time and relies on intelligence from NATO partners; the technical realities and the legal facts for classifying and pros­ecuting cyberattacks do not always match; the weighting of the criteria for establishing what constitutes a crime is unclear. Cyber sanctions should be proportionate, targeted measures and destructive attacks, such as WannaCry or NotPetya, should result in harsher punishment than everyday cases of cyber espionage, such as Cloud Hopper or the Bundestag hack. The EU must adapt its tools accordingly. The EU should tighten the legal criteria and harmonise the standards of evidence for attribution. The EU Joint Cyber Unit and EU INTCEN, part of the European External Action Service, should be strengthened to improve the exchange of forensic information and to coordinate attribution policy more effectively. EU Member States and their allied partners should better coordinate political signalling to condemn cyberattacks. To this end, it would make sense to allow qualified majority voting for the adoption of cyber sanctions. (author's abstract)
  • Access State: Open Access
  • Rights information: