Skip to main content
SpringerLink
Log in

Legal Considerations on Gray Zone Operations – From a Norwegian Perspective

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14324))

Included in the following conference series:

  • 214 Accesses

Abstract

Threats in the digital domain is one of the, if not the most significant risks facing the individual, societies, and nation states worldwide. We are raising the question of whether the legal regulation of the digitally connected worldwide network is adequate to meet the challenges of harmful behavior to critical infrastructure. The general assumption among technical and security experts, as well as in the ongoing public debate, is that it is not. We look into the status of the current Nordic legislation, identify the main challenges, and point out future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://eur-lex.europa.eu/eli/reg/2019/881/oj.

  2. 2.

    http://data.europa.eu/eli/reg/2022/1925/oj.

  3. 3.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679.

  4. 4.

    https://eur-lex.europa.eu/eli/dir/2022/2555/oj.

  5. 5.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554.

  6. 6.

    https://commission.europa.eu/business-economy-euro/doing-business-eu/contract-rules/digital-contracts/liability-rules-artificial-intelligence_en.

  7. 7.

    https://www.finlex.fi/fi/laki/alkup/2018/20181050.

  8. 8.

    https://finlex.fi/fi/laki/ajantasa/2014/20140917.

  9. 9.

    https://finlex.fi/fi/laki/ajantasa/2004/20040759.

  10. 10.

    https://julkaisut.valtioneuvosto.fi/handle/10024/164793.

  11. 11.

    https://fra.europa.eu/sites/default/files/fra_uploads/finland-study-data-surveillance-ii-legal-update-fi.pdf.

  12. 12.

    https://intermin.fi/en/national-security/civilian-intelligence.

  13. 13.

    https://www.government.se/government-policy/the-constitution-of-sweden-and-personal-privacy/act-containing-supplementary-provisions-to-the-eu-sfs-2018218-general-data-protection-regulation/.

  14. 14.

    https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/brottsdatalag-20181177_sfs-2018-1177/.

  15. 15.

    www.government.se/contentassets/7a2dcae0787e465e9a2431554b5eab03/the-swedish-criminal-code.pdf.

  16. 16.

    https://lagen.nu/1960:729.

  17. 17.

    www.mprt.se/globalassets/dokument/lagar-och-regler/the-swedish-radio-and-television-act.pdf.

  18. 18.

    https://perma.cc/GUK7-BZFR.

  19. 19.

    https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2022482-om-elektronisk-kommunikation_sfs-2022-482/.

  20. 20.

    https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-20181174-om-informationssakerhet-for_sfs-2018-1174/.

  21. 21.

    https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2010751-om-betaltjanster_sfs-2010-751/.

  22. 22.

    https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2018558-om-foretagshemligheter_sfs-2018-558/.

  23. 23.

    https://www.government.se/contentassets/7d1bd1801f8d46a69ded4cd2a30bb6fe/protective-security-act-2018-585.pdf.

  24. 24.

    https://www.offentlighedsportalen.dk/dokument/219573.

  25. 25.

    https://www.retsinformation.dk/eli/lta/2021/153#id5aafd591-62c0-4b56-8167-4f117d6dddfd.

  26. 26.

    https://www.retsinformation.dk/eli/lta/2016/567.

  27. 27.

    https://lovdata.no/dokument/NL/lov/2018-06-15-38.

  28. 28.

    https://www.regjeringen.no/no/dokumenter/prop.-109-ls-20222023/id2975558/.

  29. 29.

    https://eur-lex.europa.eu/eli/dir/2022/2555/oj.

  30. 30.

    https://lovdata.no/dokument/NL/lov/2018-06-01-24.

  31. 31.

    https://lovdata.no/dokument/NL/lov/2003-07-04-83.

  32. 32.

    https://lovdata.no/dokument/SF/forskrift/2004-02-16-401.

  33. 33.

    https://lovdata.no/dokument/NL/lov/1990-06-29-50.

  34. 34.

    https://webfileservice.nve.no/API/PublishedFiles/Download/5690526d-60af-4cd5-b7fc-51c87cb66f48/202119965/3425769.

  35. 35.

    https://www.finanstilsynet.no/globalassets/laws-and-regulations/regulations/regulations-on-use-of-ict.pdf.

  36. 36.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554.

  37. 37.

    The Norwegian Supreme Court`s ruling in Rt. 2003/1770 where a Swedish citizen was charged with fraud committed abroad but also with Norwegian victims. Whereas in Rt.2004/1619 the opposite was the case, when two Norwegian citizens were convicted for data breaches in several hundred of servers located outside of Norway.

  38. 38.

    https://www.icj-cij.org/files/case-related/70/070-19860627-JUD-01-00-EN.pdf.

  39. 39.

    https://www.un.org/en/about-us/un-charter/chapter-7.

  40. 40.

    https://www.icj-cij.org/files/case-related/70/070-19860627-JUD-01-00-EN.pdf.

  41. 41.

    https://www.icj-cij.org/files/case-related/70/070-19860627-JUD-01-00-EN.pdf.

References

  1. Corn, G.P.: Cyber national security: navigating gray-zone challenges in and through cyberspace. In: Williams, W.S., Ford, C.M. (eds.) Complex Battlespaces: The Law of Armed Conflict and the Dynamics of Modern Warfare. Oxford Academic (2019)

    Google Scholar 

  2. ENISA: Threat Landscape 2022 (2022)

    Google Scholar 

  3. https://www.cfr.org/cyber-operations/ukrainian-it-army

  4. Soesanto, S.: The IT Army of Ukraine - Structure, Tasking, and Ecosystem. Center for Security Studies (CSS), ETH Zürich (2022)

    Google Scholar 

  5. Cisco Talos: Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools. Talos Intelligence, vol. 2023. Talos (2022)

    Google Scholar 

  6. Bateman, J.: Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications. Carnegie (2022)

    Google Scholar 

  7. Sheahan, M., Steitz, C., Rinke, A.: Satellite outage knocks out thousands of Enercon’s wind turbines. Reuters. Reuters (2022)

    Google Scholar 

  8. Microsoft: An overview of Russia’s cyberattack activity in Ukraine (2022)

    Google Scholar 

  9. https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

  10. Bîzgă, A.: Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine. Bitdefender (2022)

    Google Scholar 

  11. Sklerov, M.J.: Solving the dilemma of state response to cyberattacks: a justification for the use of active defenses against states who neglect their duty to prevent. Mil. Law Rev. 201, 1–85 (2009)

    Google Scholar 

  12. Utenriksdepartementet: Internasjonal cyberstrategi for Norge (2017)

    Google Scholar 

  13. Fjellvikås, S.B.: Grensene for en stats selvforsvarsrett etter FN-pakten artikkel 51 ved digitale angrep fra en annen stat. Det juridiske fakultet, vol. Master. University of Oslo (2018)

    Google Scholar 

  14. Schmitt, M.N.: Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge University Press (2017)

    Google Scholar 

  15. Indeed. https://www.indeed.com/career-advice/career-development/document-analysis#:~:text=What%20is%20document%20analysis%3F,upon%20the%20information%20they%20provide

  16. Columbia University Mailman School of Public Health. https://www.publichealth.columbia.edu/research/population-health-methods/content-analysis

  17. Krippendorff, K.: Content Analysis - An Introduction to Its Methodology. SAGE (2013)

    Google Scholar 

  18. Kaminska, M., Shires, J., Smeets, M.: Cyber Operations During the 2022 Russian invasion of Ukraine: Lessons Learned (so far). European Cyber Conflict Research Initiative (2022)

    Google Scholar 

  19. Beecroft, N.: Evaluating the International Support to Ukrainian Cyber Defense. Carnegie (2022)

    Google Scholar 

  20. Lachow, I.: The Private Sector Role in Offensive Cyber Operations: Benefits, Issues and Challenges. SSRN (2016)

    Google Scholar 

  21. Smeets, M.: Integrating offensive cyber capabilities: meaning, dilemmas, and assessment. Def. Stud. 18, 395–410 (2018)

    Article  Google Scholar 

  22. Pattison, J.: From defence to offence: the ethics of private cybersecurity. Eur. J. Int. Secur. 5, 233–254 (2020)

    Article  Google Scholar 

  23. Broeders, D.: Private active cyber defense and (international) cyber security—pushing the line? J. Cybersecur. 7 (2021)

    Google Scholar 

  24. Kyberselvityshankkeen työryhmä: Valtioneuvoston julkaisuja 2023:31. Selvitys viranomaisten toimintaedellytyksistä kyberturvallisuudessa. Valtioneuvosto (2023)

    Google Scholar 

  25. Lång, J., Haavikko, T.: Data Security and Cybercrime in Finland. Lexology (2019)

    Google Scholar 

  26. Justis- og beredskapsdepartementet: Norge får sin første lov om digital sikkerhet (2023)

    Google Scholar 

  27. Spiegel: Britain’s GCHQ Hacked Belgian Telecoms Firm. Spiegel International (2013)

    Google Scholar 

  28. Baumgärtner, V.M., Knobbe, M., Schindler, J.: German Intelligence Also Snooped on White House. Spiegel International (2017)

    Google Scholar 

  29. Justis- og beredskapsdepartementet: Meld. St. 9 (2022–2023): Nasjonal kontroll og digital motstandskraft for å ivareta nasjonal sikkerhet—Så åpent som mulig, så sikkert som nødvendig (2022)

    Google Scholar 

  30. Etterretningstjenesten: Fokus 2023 Trusselvurdering (2023)

    Google Scholar 

  31. White House: Findings from Select Federal Reports: The National Security Implications of a Changing Climate. The White House (2015)

    Google Scholar 

  32. Jones, K.: Legal loopholes and the risk of foreign interference (2023)

    Google Scholar 

  33. Committee on Foreign Relations: Putin’s Asymmetric Assault on Democracy in Russia and Europe: Implications for U.S. National Security. Senate Committee Print (2018)

    Google Scholar 

  34. Ministery of Defence: Allied Joint Publication-3.20, Allied Joint Doctrine for Cyberspace Operations. In: NATO (ed.) (2020)

    Google Scholar 

  35. Helkala, K., Cook, J., Lucas, G., Pasquale, F., Reichberg, G., Syse, H.: AI in cyber operations: ethical and legal considerations for end-users. In: Sipola, T., Kokkonen, T., Karjalainen, M. (eds.) Artificial Intelligence and Cybersecurity, pp. 185–206. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-15030-2_9

    Chapter  Google Scholar 

  36. Forsvaret: Forsvarets fellesoperative doktrine (2019)

    Google Scholar 

  37. Forsvarsdepartementet: NOU 2023:14 Forsvaskomisjonen av 2021 - Forsvar for fred og frihet (2023)

    Google Scholar 

  38. Forsvardepartementet, Justis- og beredskapsdepartementet: Støtte og samarbeid - En beskrivelse av totalforsvaret i dag (2015)

    Google Scholar 

  39. NATO: Cyber Defence Pledge (2016)

    Google Scholar 

  40. Brent, L.: NATO’s role in cyberspace. NATO Review (2019)

    Google Scholar 

  41. Nasjonal sikkerhetsmyndighet: Rammeverk for håndtering av IKT-hendelser (2017)

    Google Scholar 

  42. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (2018)

    Google Scholar 

  43. Sunde, I.M.: Cyber crime law. In: Årnes, A. (ed.) Digital Forensics. Wiley (2017)

    Google Scholar 

  44. Sunde, I.M.: Cyber investigation law. In: Årnes, A. (ed.) Cyber Investigations. Wiley (2022)

    Google Scholar 

  45. https://www.dhs.gov/news/2018/09/05/secretary-nielsen-remarks-rethinking-homeland-security-age-disruption

  46. https://www.fbi.gov/wanted/cyber/russian-interference-in-2016-u-s-elections

Download references

Author information

Authors and Affiliations

  1. Telenor, Fornebu, Norway

    Lars Berg

  2. Norwegian University of Science and Technology, Trondheim, Norway

    Lars Berg & André Årnes

  3. Norwegian Defence University College/Norwegian Defence Cyber Academy, Trondheim, Norway

    Kirsi Helkala

  4. White Label Consultancy, Oslo, Norway

    André Årnes

Authors
  1. Lars Berg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kirsi Helkala
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. André Årnes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kirsi Helkala .

Editor information

Editors and Affiliations

  1. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Lothar Fritsch

  2. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Ismail Hassan

  3. OsloMet - Oslo Metropolitan University, Oslo, Norway

    Ebenezer Paintsil

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Berg, L., Helkala, K., Årnes, A. (2024). Legal Considerations on Gray Zone Operations – From a Norwegian Perspective. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-47748-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-47747-8

  • Online ISBN: 978-3-031-47748-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation