Illegal: The SolarWinds Hack under International Law

European Journal of International Law, Forthcoming

9 Pages Posted: 1 Aug 2022

See all articles by Talita Dias

Talita Dias

Chatham House; University of Oxford - Blavatnik School of Government

Antonio Coco

University of Essex, School of Law

Tsvetelina J van Benthem

University of Oxford, Faculty of Law

Date Written: July 27, 2022

Abstract

In late 2020, news surfaced about one of the most extensive attacks on an information technology (IT) supply chain to date. Hackers exploited a vulnerability in the update system of Orion, a network monitoring and management software developed by the company SolarWinds. Malicious code embedded in Orion updates created a backdoor into the systems used by numerous private and public entities. This backdoor was then used to insert additional malware into affected systems, in particular spyware to exfiltrate confidential or sensitive data. Considering both the importance of preserving the integrity of IT supply chains and the diverse risks of harm that attacks such as the SolarWinds hack give rise to, this article examines this cyber operation according to the relevant rules of international law — notably those on sovereignty, non-intervention, general due diligence duties and international human rights law. It concludes that the operation may have been illegal on multiple fronts.

Keywords: SolarWinds Hack, IT Supply Chain Attacks International Law, Sovereignty, Non-intervention, Human Rights, Due Diligence,

Suggested Citation

Dias, Talita and Coco, Antonio and van Benthem, Tsvetelina J, Illegal: The SolarWinds Hack under International Law (July 27, 2022). European Journal of International Law, Forthcoming, Available at SSRN: https://ssrn.com/abstract=4174397 or http://dx.doi.org/10.2139/ssrn.4174397

Talita Dias (Contact Author)

Chatham House ( email )

10 St James's Square
London, SW1Y 4LE
United Kingdom

University of Oxford - Blavatnik School of Government ( email )

120 Walton Street
Oxford, Oxfordshire OX2 6GG
United Kingdom

HOME PAGE: http://https://www.bsg.ox.ac.uk/

Antonio Coco

University of Essex, School of Law ( email )

Colchester, Essex CO43SQ
United Kingdom

Tsvetelina J Van Benthem

University of Oxford, Faculty of Law ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
164
Abstract Views
716
Rank
341,126
PlumX Metrics