The organization said Friday researchers Bernhards Blumbergs, Tomas Minarik, Kris van der Meij and Lauri Lindstrom have called for a special joint investigation among the victim nations on both NotPetya and WannaCry in efforts to deliver a response in line with international law.
“As important government systems have been targeted, then in case the operation is attributed to a state, this could count as a violation of sovereignty,” Minarik said regarding NotPetya.
“Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures,” he added.
CCD COE noted that Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations indicates that self-defense and collective defense with military means are not applicable response options unless a cyber incident has consequences comparable to an armed attack.
The researchers also said the actors behind the NotPetya and WannaCry attacks are likely not the same and appear to be targeting a global demonstration of disruptive power rather than financial gain.