UK: We’ll Return Fire Against Lethal State Cyber-Attacks

May 26, 2018

The UK’s attorney general has explained the government’s stance on state-supported cyber-attacks, declaring the country will fight back versus any nation trying to cause it harm and carry on to attribute serious online dangers.

Talking at the Chatham House Royal Institute for International Affairs on Wednesday morning, Jeremy Wright turned out to be the first minister to elaborate the UK’s view on how universal law applies to the Internet.

“The UK thinks it is clear that cyber-operations that lead to or present an impending danger of, death and devastation on an equal scale to an armed attack will give rise to a natural right to take action in self- defense, as recognized in Article 51 of the UN Charter,” he claimed.

“If an aggressive state meddles with the job of one of our atomic reactors, leading to extensive loss of life, the fact that the act is performed by way of a cyber-operation doesn’t avert it from being seen as an illegal use of power or an armed attack versus us. If it would be a violation of universal law to bomb an air traffic control tower with the effect of downing noncombatant plane, then it will be a violation of universal law to use an aggressive cyber-operation to incapacitate air traffic control systems which lead to the same, eventually deadly, effects.”

Wright also declared the UK would carry on to work to name and shame the countries which start such attacks, claiming that if more states get included in such work the evaluation will be more definite.

“It is vital that our enemies know their activities will be held up for inspection as an additional inducement to become more responsible members of the global community,” he added.

It is not clear why the government selected this time to declare its position however, it can’t be a coincidence that state-backed attacks have risen over the previous year. In November 2017, NCSC chief Ciaran Martin pointed to Kremlin attacks on the UK’s vital infrastructure, and in April this year, the GCHQ body announced a joint warning with the US authorities of more Russian attack operations.

That’s beside the WannaCry ransomware attack that caused main outages at the NHS — consequently blamed on North Korea.

Nevertheless, Priscilla Moriuchi, director of strategic threat development at Recorded Future, contended that public naming and shaming is a double-edged sword.

“On one hand [it] lets individuals, companies, and governments modify their reactions to and evaluate the danger involved in interventions, intellectual property thievery, and customer data loss. Public attribution puts a cyber-intrusion into the background and helps governments in defining rules of behavior in cyber-space,” she alleged.

“Conversely, there is slight proof that public attribution prevents nations from carrying out cyber-assisted spying. Naming and shaming might deter nations from carrying out damaging or disrupting cyber-attacks due to the real-world, life-and-death results, nevertheless, public attribution as a deterrent for cyber-intelligence or intellectual property thievery remains unverified.”