, 15 tweets, 11 min read Read on Twitter
International Committee of the Red Cross releases report on the human cost of cyber operations. What rules exist? Need to expand? I'm proud being part of this (co-author). Threat with analysis. #CyberICRC blogs.icrc.org/law-and-policy…
My analysis of @ICRC report selection. Cyberoperations. What impacts on exploit cost? Why supply chain attacks are a risk? Targeting health care (lethal cyberattacks; can you even detect?), ICS. Armed conflict context. How to move forward? #CyberICRC blog.lukaszolejnik.com/icrc-report-on…
The full report is here. My analysis follows. Report speaks on cyber operations & armed conflict context, where many peacetime assumptions may differ. Supply chain attacks are a risk. Exploit price is driven by specific demand. #CyberICRC icrc.org/en/download/fi…
Are cyber operations (espionage, attacks) cheaper than traditional spy/attacks? Not so simple, there are a lot of other costs involved. #CyberICRC
Technological change impacts on risk (attack/defence). For example processor changes might actually solve a lot of security problems, making exploits non-viable. Will this happen? #CyberICRC
As hospitals are increasingly digitized, risk of it falling apart following cyberattack increases. Unfortunately there is an (unethical) reason why hospitals are targeted with ransomware.
On lethal cyberattacks, there are a lot uncertainties. Technically killing with cyberoperation is possible. It would have serious consequences. On the other hand, detection today is not certain. Is anyone even looking? #CyberICRC blog.lukaszolejnik.com/icrc-report-on…
Cyberattacks on industrial control systems, with physical effects (disruption, destruction) is fortunately difficult and require large resources. Not many have the capability. In armed conflict motivations change. #CyberICRC
Some people still speak of "grey zones" when it comes to cyberattacks? Well, not always precisely. There are a lot of rules in international law. How to apply them is another story! Oh, and forget about cyber-only war. #CyberICRC
Disclosing vulnerabilities improves cybersecurity. But countries are not obliged to do so. Using exploits for spying is also not forbidden. Exploits leave traces making it easier to recover and reuse in later attacks. Are these remnants of war (i.e. mines)? #CyberICRC
It's not simple to predict collateral damage of cyber operations. But in some contexts, some might choose to prefer it over physical kinetic destruction (less civilian harm). Your point? #CyberICRC
Interested in cyber-peacekeeping? Consider those below. Can digital markers help distinguish essential off-limits civilian infrastructure? Can they explain cyberattack purpose (stability)? #CyberICRC
Malware reengineering and repurpose an important consideration. Meanwhile, some systems (even high-stakes) and device are highly vulnerable. In assessing the risk (or actual attack), focus on the impact. #CyberICRC
Some tools ("cyber weapons") can be unlawful. Rules already exist. But in some contexts programmers, developers, analysts, etc. - can become combattants and lawful targets. Not simple to establish, though. Same for military objectives. #CyberICRC
Lastly, many technical avenues to explore, also on the "weaponization of vulnerabilities" development front. #CyberICRC
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lukasz Olejnik
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!