Global cyber capabilities

The Cyber Law Toolkit is known for its interactive online resource, offering guidance on international law and cyber operations. Widely used by governments and military legal experts worldwide, it features a comprehensive chart of key global cyber incidents and a database of national positions on international law and cyber operations.

The Cyber Law Toolkit is a unique, interactive legal resource used by countries around the world to understand and analyse the legal aspects surrounding the use of cyber capabilities on the international plane.

The influential research project charts key cyber incidents across the globe and contains a database of all available national positions on international law and cyber operations. It is used as a resource when government officials and military commanders seek legal advice ahead of operations, or when planning defences against cyber-attacks.

Latest developments

The 2024 update includes new scenarios, real-world cyber incidents and national positions. Scenarios reflect some of the most pressing contemporary challenges in cyberspace, including state-sponsored cyber operations, incidents targeting critical infrastructure and the evolving landscape of malicious cyber activities by non-state actors.

Countries are increasingly publishing their positions on international law in cyberspace; the toolkit helps those who haven’t yet formalised theirs. Its database of national positions offers an unprecedented comparative tool to understand how different states approach the application of international law in cyberspace.

The 32 hypothetical scenarios each describe cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. These entries explore the applicability of international law to each scenario and the legal questions they raise.

Regular updates to the toolkit ensure it remains aligned with the latest developments in international law and cyber operations. The 2024 update continues this tradition, providing fresh insights into the most recent global developments and reflecting the latest state practice and expert opinion in this rapidly evolving field.

Real-world inspiration

Among the new scenarios, Scenario 30 covers backdoors and implants, focusing on states establishing and countering backdoors in each other’s networks; Scenario 31 examines the sharing of degrading content during armed conflict; and Scenario 32 explores whether certain cyber operations could give rise to individual criminal responsibility for the crime of aggression.

The repository of real-world examples has grown to 72 incidents. Among the most recent additions from 2023 are the cyber incident against a water authority in Pennsylvania; the operations against NATO’s aid mission in Turkey and Syria; and the data breach at the International Criminal Court.

The toolkit continues to expand its database of national positions, now tracking 39 national positions and one common position from the African Union. Several states, including Austria, the Czech Republic and Costa Rica, have explicitly acknowledged the toolkit as a resource relied on in preparing their positions. Costa Rica also highlighted the toolkit as a legal capacity-building initiative during its statement at the United Nations Security Council open debate on ‘Addressing evolving threats in cyberspace’ in June 2024.

Behind the scenes

The toolkit project team comprises Professor Kubo Mačák, University of Exeter; Tomáš Minárik, Czech National Cyber and Information Security Agency (NÚKIB); and Otakar Horák, NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). The individual scenarios and the toolkit as a whole have been reviewed by more than 50 external experts and peer reviewers.

Professor Mačák said: “As cyber operations become more integral to military and governmental strategies, understanding the legal parameters is vital. The Cyber Law Toolkit continues to be an essential resource for those navigating these complex issues, offering up-to-date, practical guidance on how international law applies to cyber incidents.”

The toolkit is supported by six partner institutions: NÚKIB; the International Committee of the Red Cross (ICRC); NATO CCDCOE; the University of Exeter; the US Naval War College; and Wuhan University.

Contribute to the 2025 update

The team is now inviting proposals for new scenarios for inclusion in the 2025 update. Each submission should describe a hypothetical cyber incident and discuss the international legal issues it presents. The submission deadline is 15th November 2024. Successful authors will receive an honorarium.

Full details on the submission process can be found on the NATO CCDCOE website: Cyber Law Toolkit: Call for Submissions for the 2025 Annual Update.