Abstract
Abstract In late 2020, news surfaced about one of the most extensive attacks on an information technology (IT) supply chain to date. Hackers exploited a vulnerability in the update system of Orion, a network-monitoring and management software developed by the company SolarWinds. Malicious code embedded in Orion updates created a backdoor into the systems used by numerous private and public entities. This backdoor was then used to insert additional malware into affected systems – in particular, spyware to exfiltrate confidential or sensitive data. Considering both the importance of preserving the integrity of IT supply chains and the diverse risks of harm that attacks such as the SolarWinds hack give rise to, this article examines this cyber operation according to the relevant rules of international law – notably those on sovereignty, non-intervention, general due diligence duties and international human rights law. It concludes that the operation may have been illegal on multiple fronts.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
