Advanced search
Publication Cover
International Review of Law, Computers & Technology Volume 38, 2024 - Issue 1
Submit an article Journal homepage
253
Views
0
CrossRef citations to date
0
Altmetric
Research Articles

Defending medical facilities from cyber attacks: critical issues with the principle of due diligence in international law

Nori KatagiriDepartment of Political Science, Saint Louis University, Saint Louis, MO, USACorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-4502-0497
ORCID Icon
Pages 1-20 | Received 20 Jul 2022, Accepted 18 Feb 2023, Published online: 15 Mar 2023

References

  • Achten, Nele. 2021. Regulating Cybersecurity in the Health Care Sector. Zurich: Center for Security Studies.
  • Akande, Dapo, Antonio Coco, and Talita de Souza Dias. 2021, January 5. “Old Habits Die Hard: Applying Existing International Law in Cyberspace and Beyond,” EJIL Talk!
  • Beckers Hospital Review. 2022, March 17. “Healthcare Organizations now must Report Cyberattacks to DHS”.
  • Biller, Jeffrey, and Michael Schmitt. 2019. “Classification of Cyber Capabilities and Operations as Weapons, Means, or Methods of Warfare.” International Law Studies 95.
  • Bleeping Computer. 2021, August 17. “Conti Ransomware Prioritizes Revenue and Cyberinsurance Data Theft”.
  • The Citizen Lab. 2021, September 28. “Pandemic Privacy A Preliminary Analysis of Collection Technologies, Data Collection Laws, and Legislative Reform during COVID-19”.
  • Clem, Sagar Galwankar, and George Buck. 2003. “Health Implications of Cyber-Terrorism.” Prehospital and Disaster Medicine 18 (3). doi:10.1017/S1049023X00001163.
  • Coco, Antonio, and Talita de Souza Dias. 2020. “Cyber Due Diligence in Public Health Crises.” In Covid-19, Law and Human Rights: Essex Dialogues, edited by Carla Ferstman and Andrew Fagan. Colchester: University of Essex.
  • Coco, Antonio, and Talita de Souza Dias. 2021. “‘Cyber Due Diligence’: A Patchwork of Protective Obligations in International Law.” European Journal of International Law XX (XX): 771–806. doi:10.1093/ejil/chab056.
  • Convention (I) for the Amelioration of the Condition. 1949, August 12. Convention (I) for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field. Geneva.
  • Couzigou, Irène. 2018. ““Securing Cyber Space: The Obligation of States to Preventharmful International Cyber Operations.” International Review of Law, Computers & Technology 32 (1): 37–57. doi:10.1080/13600869.2018.1417763.
  • Cybereason, 2021, September 17. “Grief Gang’s New Quadruple Extortion Scheme Doesn’t Change the Game”.
  • Cyberpeace Institute. 2021. Playing with Lives: Cyberattacks on Healthcare Are Attacks on People. Geneve: Cyberspace Institute.
  • Cybersecurity and Infrastructure Security Agency. 2019. Security Tip (ST04-024): Understanding ISPs: https://www.cisa.gov/uscert/ncas/tips/ST04-024.
  • Cybersecurity and Infrastructure Security Agency. 2022. Alert (AA21-265A): Conti Ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa21-265a.
  • Cyware. 2020, April 24. “APT36 Taking Advantage of COVID-19 Fear to Spread Crimson RAT”
  • Dederer, Hans-Georg, and Tassilo Singer. 2019. “Adverse Cyber Operations: Causality, Attribution, Evidence, and Due Diligence.” International Law Studies 95.
  • Defense One. 2021, June 21. “US Companies Won’t Pay to Prepare for Cyber Attacks. Congress Must Step In”.
  • Delerue, François. 2020. Cyber Operations and International Law. Cambridge: Cambridge University Press.
  • Dias, Talita, and Antonio Coco. 2022. Cyber Due Diligence in International Law. Oxford: Oxford Institute for Ethics, Law and Armed Conflict.
  • Dinniss, Heather Harrison. 2012. Cyber Warfare and the Laws of War. Cambridge: Cambridge University Press.
  • Eichensehr, Kristen. 2020. “The Law & Politics of Cyberattack Attribution.” UCLA Law Review 67: 521–598.
  • The Financial Times, 2021, May 21. “Hackers Target US Infrastructure after Digitisation on the Cheap”.
  • Finnemore, M., and K. Sikkink. 1998. “International Norm Dynamics and Political Change.” International Organization 52 (4).
  • Fischerkeller, Michael, Emily Goldman, and Richard Harknett. 2022. Cyber Persistence Theory: Redefining National Security in Cyberspace. Oxford: Oxford University Press.
  • Gallais, Cecilia, and Eric Filiol. 2017, Winter. “Critical Infrastructure: Where Do We Stand Today? A Comprehensive and Comparative Study of the Definitions of a Critical Infrastructure.”Journal of Information Warfare 16 (1): 64–87.
  • German Federal Foreign Office and German Federal Ministry of Defence. 2021. “On the Application of International Law in Cyberspace” (March 2021). https://www.auswaertiges-amt.de/blob/2446304/32e7b2498e10b74fb17204c54665bdf0/on-the-application-of-internation-al-law-in-cyberspace-data.pdf.
  • Gisel, Laurent, Tilman Rodenhäuser, and Knut Dörmann. 2021. “Twenty Years on: International Humanitarian law and the Protection of Civilians Against the Effects of Cyber Operations During Armed Conflicts.” International Review of the Red Cross (913): 287–334. doi:10.1017/S1816383120000387.
  • Global Commission on the Stability of Cyberspace. 2018. “Norm Package Singapore.”
  • Hathaway, Oona, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Persue, and Julia Spiegel. 2011. “The Law of Cyber-Attack.” California Law Review 100 (4).
  • Hathaway, Oona, and Alasdair Phillips-Robins. 2020, December 4. “COVID-19 and International Law Series: Vaccine Theft, Disinformation, the Law Governing Cyber Operations.” Just Security.
  • Henckaerts, Jean-Marie, and Louise Doswald-Beck. 2012. Customary International Humanitarian Law. Cambridge: Cambridge University Press.
  • International Court of Justice, “Corfu Channel case. Merits, ICJ Reports”. 1949. https://www.icj-cij.org/public/files/case-related/1/001-19490409-JUD-01-00-EN.pdf.
  • Jalali, Mohammad, Bethany Russell, Sabina Razak, and William J Gordon. 2019, January. “EARS to Cyber Incidents in Health Care.” Journal of the American Medical Informatics Association 26 (1): 81–90. doi:10.1093/jamia/ocy148.
  • Jensen, Eric Talbot, and Sean Watts. “Due Diligence and the U.S. Defend Forward Cyber Strategy,” J. Reuben Clark Law School, Brigham Young University Research Paper, No. 20-24.
  • Jhangiani, Tasha, and Graham Kennis. 2021, June 15. “Protecting the Critical of Critical: What Is Systemically Important Critical Infrastructure?” Lawfare.
  • Kastelic, Andraz. 2021. Due Diligence in Cyberspace: Normative Expectations of Reciprocal Protection of International Legal Rights. Geneva: United nations institute for disarmament research.
  • Katagiri, Nori. 2022a. “Two Explanations for the Paucity of Cyber-Military, Cross-Domain Operations.” Journal of Cybersecurity 8 (1). doi:10.1093/cybsec/tyac002.
  • Katagiri, Nori. 2022b, July. “Explaining Cyberspace Dynamics in the COVID Era.” Global Studies Quarterly 2 (3). doi:10.1093/isagsq/ksac022.
  • KELA. 2021, September 6. “The Ideal Ransomware Victim: What Attackers Are Looking For.”
  • Kello, Lucas. “Private Sector Cyber Weapons: An Adequate Response to the Sovereignty Gap?” In Bytes, Bombs, and Spies, edited by Lin Zegart, 367. Brookings Institution Press.
  • Kostyuk, Nadiya, and Yuri Zhukov. 2019. “Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?” Journal of Conflict Resolution 63 (2): 317–347. doi:10.1177/0022002717737138.
  • Lallie, Harjinder Singh, Lynsay Shepherd, Jason Nurse, Arnau Erola, Gregory Epiphaniou, Carsten Maple, and Xavier Bellekens. 2021, June. “Cyber Security in the age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks During the Pandemic.” Computers and Security 105. doi:10.1016/j.cose.2021.102248.
  • Libicki, Martin. 2020. “Correlations between cyberspace attacks and kinetic attacks,” 12th International Conference on Cyber Conflict, Jančárková T., Lindström L., Signoretti M., Tolga I., Visky G., eds., 20/20 Vision: The Next Decade (Tallinn: NATO CCDCOE, 2020).
  • Maschmeyer, Lennart, Ronald Deibert, and Jon Lindsay. 2021. “A Tale of two Cybers – How Threat Reporting by Cybersecurity Firms Systematically Underrepresents Threats to Civil Society.” Journal of Information Technology & Politics 18 (1): 1–20. doi:10.1080/19331681.2020.1776658.
  • McKinsey. 2020, July 21. “COVID-19 Crisis Shifts Cybersecurity Priorities and Budgets”.
  • Ministère des Armées. 2019, September 9. “Droit International Appliqué aux Operations dans le Cyberspace”, https://www.defense.gouv.fr/salle-de-presse/communiques/communi-ques-du-ministere-des-armees/communique_la-france-s-engage-a-promouvoir-un-cybere-space-stable-fonde-sur-la-confiance-et-le-respect-du-droit-international.
  • Ministry of Foreign Affairs of the Czech Republic. 2020, April. “Comments Submitted by the Czech Republic in Reaction to the Initial “pre-draft” Report of the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security.” https://front.un-arm.org/wp-content/uploads/2020/04/czech-re-public-oewg-pre-draft-suggestions.pdf.
  • Muthuppalaniappan, Menaka, and Kerrie Stevenson. 2021. “Healthcare Cyber-Attacks and the COVID-19 Pandemic: An Urgent Threat to Global Health.” International Journal for Quality in Health Care 33 (1). doi:10.1093/intqhc/mzaa117.
  • Narayanan, Anu, Jonathan W. Welburn, Benjamin M. Miller, Sheng Tao Li, and Aaron Clark-Ginsberg. 2020. Deterring Attacks Against the Power Grid: Two Approaches for the U.S. Department of Defense. Santa Monica, CA: RAND Corporation.
  • National Public Radio. 2021, April 9. “After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users”.
  • The Netherlands. 2019, July 5. “Letter to the Parliament on the International Legal Order in Cyberspace”, https://www.government.nl/ministries/ministry-of-foreign-affairs/documents/parliamentary-documents/2019/09/26/letter-to-the-parliament-on-the-interna-tional-legal-order-in-cyberspace.
  • New Zealand. 2020. “The Application of International Law to State Activity in Cyberspace”.
  • Nollkaemper, Andre. 2003. “Concurrence Between Individual Responsibility and State Responsibility in International Law.” International and Comparative Law Quarterly 52 (3): 615–640. doi:10.1093/iclq/52.3.615.
  • Nye, Joseph. 2022, January/February. “The End of Cyber-Anarchy? How to Build a New Digital Order.” Foreign Affairs.
  • Nye, Joseph. [2016] 2017, Winter. “Deterrence and Dissuasion in Cyberspace.” International Security 41 (3): 44–71. doi:10.1162/ISEC_a_00266.
  • Office for Civil Rights, Department of Health and Human Services, data retrieved as of December 1. 2021. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.
  • Optiv Security. 2019. “Cyber Threat Intelligence Estimate (Denver, 2019).”
  • Oxford Institute for Ethics, Law, and Armed Conflict. 2020, May. “The Oxford Statement on the International Law Protections Against Cyber Operations Targeting the Health Care Sector”.
  • Palo Alto Networks. 2021, March 24. “Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech”.
  • Patrick, Colin. 2019, April. “Debugging the Tallinn Manual 2.0’s Application of the Due Diligence Principle to Cyber Operations.” Washington International Law Journal 28 (2).
  • Perakslis, Eric, and Martin Stanley. 2021. Digital Health: Understanding the Benefit-Risk Patient-Provider Framework. Oxford: Oxford University Press.
  • Point, Check. 2021, May 12. “The New Ransomware Threat: Triple Extortion”.
  • Pranggono, Bernardi, and Abdullahi Arabo. 2021, March/April. “COVID-19 Pandemic Cybersecurity Issues.” Internet Technology Letters 4 (2). doi:10.1002/itl2.247.
  • Pronto, Arnold. 2015. “Understanding the Hard/Soft Distinction in International Law.” Vanderbilt Journal of Transnational Law 48.
  • Ramzan, Zulfikar. 2020, December 21. “Five ways COVID-19 will Change Cybersecurity” Help Net Security.
  • Recorded Future. 2021, July 27. “BlackMatter Ransomware Emerges As Successor to DarkSide, REvil”.
  • Recorded Future. 2021, March 16. “‘I Scrounged through the Trash Heaps … now I’m a Millionaire:’ An Interview with REvil’s Unknown”.
  • Saladin, Claudia. 2000. “Precautionary Principle in International Law.” International Journal of Occupational and Environmental Health 6 (4): 270–280. doi:10.1179/oeh.2000.6.4.270.
  • Schmitt, Michael. 2015. “In Defense of Due Diligence in Cyberspace.” Yale Law Journal Forum 125: 68.
  • Schmitt, Michael. 2017b. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press.
  • UNGA. 2021, July 14. “Report of the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security. UN Document A/76/135.” https://front.un-arm.org/wp-content/uploads/2021/08/A_76_135-2104030E-1.pdf.
  • United Nations. 2015. “Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security: note / by the Secretary-General”.
  • United Nations General Assembly (UNGA). 2021, July 13. “Official Compendium of Voluntary National Contributions on the Subject of how International Law Applies to the Use of Information and Communications Technologies by States Submitted by Participating Governmental Experts in the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security established pursuant to General Assembly resolution 73/266.” UN Document A/76/136. https://front.un-arm.org/wp-content/uploads/2021/08/A-76-136-EN.pdf.
  • The Wall Street Journal. 2019, May 12. “Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security”.
  • The Wall Street Journal, 2021, June 10 “The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’”.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.