How The CyberPeace Institute Responds to a CyberattackDownload PDF
To illustrate how each of the Institute’s three functions would come into play once the organization is fully operational, this case study is built around a fictional global ransomware attack called “WreckWeb.” Based on several real world precedents, this fictional account walks the reader through each of the Institute’s functions from the perspectives of the individuals who would be tasked with leading the Institute’s efforts: assisting vulnerable victims, conducting attack analyses, and sharing their findings.
In order to capture the nature, scale and impact of such a global cyberattack, the report begins by highlighting in particular the consequences of the 2017 “NotPetya” attack and the gaps in the international response. While NotPetya was chosen as one prominent example, similar events take place with increasing frequency each passing year and underline the core mission of the Institute to operate in response to attacks that cause “significant and direct harm on civilians and/or civilian infrastructure.”
Anatomy of a global cyber incident – NotPetya
The NotPetya malware was first deployed via commercial tax software in Ukraine and then spread autonomously via tools developed by the US military – tools that had been stolen and repurposed. NotPetya was initially thought to be ransomware, a type of malicious software designed to deny access to a computer system or data until a ransom is paid. The reality was far worse and it quickly became apparent that the malware was instead designed to permanently damage computer systems. The attack spread across the globe, taking businesses and critical services offline, and causing billions of dollars of damage in a matter of days.
CyberPeace Institute Function: Assistance
In the midst of a global ransomware attack, the CyberPeace Institute coordinates rapid response efforts to aid vulnerable populations. In this section of the case study, time is of the essence as the coordinator of the Institute’s assistance efforts, Francois Mittlestand, races against the clock to deliver technical support to a humanitarian aid organization operating in a conflict zone that suddenly finds itself unable to access critical systems in the face of a spreading global ransomware attack known as "WreckWeb."
CyberPeace Institute Functions: Accountability
In the wake of significant attacks, the world is often left with more questions than answers. This portion of the case study captures how the CyberPeace Institute’s Director of Accountability, Stefanija Dolenc, leads a consortium of experts in a deliberate and methodical analysis of both the technical nature of the WreckWeb attack and the breadth of its impact. This work illuminates how the attack was conducted, as well as who was impacted, to provide an authoritative and independent accounting of the harm done by WreckWeb.
CyberPeace Institute Function: Advancement
Attacks in cyberspace often evade scrutiny in the public eye and fail to be recognized as violations of expectations by the international community. This final chapter in the case study tells the story of how Kal Sunghyon leads the CyberPeace Institute’s Advancement work, picking up where the Accountability analyses left off. Follow Kal as he convenes legal experts to review the WreckWeb attack and determine where laws and norms were violated. Then read about how the analysis work and legal conclusions are shared in publications around the world, encouraging citizens everywhere to take notice and promote adherence to international rules in cyberspace.