Cyber attacks against state hackers ‘legal’
Britain can legally launch cyber attacks on hostile states that hack key services, says the Attorney General. In a speech at Chatham House, Suella Braverman QC will argue that international law applies as equally in the cyber world as in the real world, where the principle of “non-intervention” in another country’s affairs allows states to take defensive countermeasures. She will warn that international “rules of the road” need to be established in order to prevent future attacks.
BRITAIN can legally launch cyber attacks on hostile states that hack key services, says the Attorney General.
In a speech at Chatham House, Suella Braverman, QC will argue that international law applies as equally in the cyber world as in the real world where the principle of “non intervention” in another country’s affairs allows states to take defensive countermeasures.
In the wake of Russia’s cyber and real warfare against Ukraine, she said this meant that states could legally introduce sanctions as well as cyber countermeasures provided they were “proportionate” to the unlawful attack.
She will warn that international “rules of the road” need to be established in order to prevent future attacks.
“International law matters in cyberspace because if we don’t shape the rules here, if we don’t have a clear framework to counter hostile activity, and if we don’t get cyber security right, the effects will be likely to be felt more often and in hugely disruptive ways by ordinary people,” she said.
She cited a council cyber breach in 2020 which disrupted services for months by shutting down IT systems and stopping it from carrying out property purchases. It cost the authority £10million. Ms Braverman said there was “confusion” and a “vacuum” over how international law should apply in cyberspace. She believed there would be a consensus but there was, as yet, no legal document.
Ms Braverman believed the governing principle should be the international law of non-intervention which prohibits coercive acts by one State that adversely or detrimentally interferes with the sovereign activities of another.
She said the next step was to establish the types of “coercive and disruptive” acts that would be deemed unlawful.
‘If we don’t get cyber security right, the effects will be felt more often and in hugely disruptive ways by people’
She identified four of the most vulnerable sectors: energy security, essential medical care such as hospitals, economic stability which would include disrupting supply chains and democratic processes like elections.
Last week the UK, US, EU and other allies announced that Russia has been behind cyber-attacks since the start of its invasion. The most recent attack on communications company Viasat in Ukraine had a wider impact across the continent, disrupting wind farms and internet users in central Europe.