- Security TWENTY
- Women in Security Awards
The law in armed conflict applies just the same to the use of cyber means as other means of waging war, the Attorney General and Fareham MP Suella Braverman told the think-tank Chatham House in a speech. She called for shared agreement with other countries ‘on prohibited behaviours for key sectors’, in terms of cyber; ‘a cyber governance framework that is founded in international law’.
In the same way that a country can lawfully respond when attacked militarily, there is also a basis to respond, and options available, in the face of hostile cyber operations in peace, she said. She called for ‘a framework for governing international relations and to rein in irresponsible cyber behaviour. Setting out more detail on what constitutes unlawful activity by states will bring greater clarity about when certain types of robust measures are justified in response.’
She discussed ‘four of the most significant sectors that are vulnerable to disruptive cyber conduct: energy security; essential medical care; economic stability; and democratic processes’. She singled out Russia and China for carrying out ‘irresponsible or hostile cyber activity’. Cyber has increased the size of the border to be protected – not just the physical Britain and Northern Ireland, but ‘every household and business in the country’. She added: “But just because the scale of the challenge has increased, it does not change our fundamental duty to protect citizens, families and businesses from the array of threats present in cyberspace.”
She summed up: “International law matters in cyberspace because if we don’t shape the rules here, if we don’t have a clear framework to counter hostile activity in cyberspace, and if we don’t get cyber security right, the effects will be likely to be felt more often and in hugely disruptive ways by ordinary people.”
Steve Cottrell, EMEA CTO at the artificial intelligence and cyber firm Vectra argues for an international alignment. He says: “Whilst it is extremely positive that the UK Government are looking at opportunities to provide clarity in this area, it is hard to see how anything meaningful can be achieved without widespread international consensus and legislative alignment. Cyber-attacks frequently cross international boundaries and are often perpetrated from countries who tolerate or downright encourage the attacks as they serve their broader political interests.
“Additionally, there is a challenge when it comes to activities that could be categorised as state espionage – as these are not explicitly prohibited under international law. Geopolitics is likely to continue to be the main catalyst for cyber-attacks against nations and organisations for the foreseeable future, and its key that security defenders stay alert to the evolving cyber threat landscape.”
John Davis, Director UK & Ireland, at the training body the SANS Institute says: “The Attorney General’s view that international law applies as equally to the cyber world as in the real world serves as a reminder that cyberattacks require a response in the same way as other acts of war on a nation state.
“The potential for cybercrime to be used as a tool for warfare is real. Every citizen has a role to play in digital fortification, whether it’s protecting a country, a company, or a consumer.
“Awareness and vigilance are vital weapons in our response to these threats. Power comes through knowledge and cyber security training can’t just be a tick in the box exercise but an ongoing journey of education.”
Keiron Holyome, VP, UKI, Middle East and Africa at Blackberry, says: “Cyber warfare is a formidable threat to British businesses and institutions, so it’s right that it is governed by international legislation. As governments work on a Geneva convention for cyberspace, our critical infrastructure and businesses face a daily threat. But we must not forget the wealth of strategy, skills and technology already available that are equipped to prevent attacks before they have chance to execute.
“Continuous threat hunting, automated controls deployment, proactive testing and securing every single endpoint is possible with a prevention first approach. It starts with a Zero Trust environment – no user can access anything until they prove who they are, that their access is authorised, and they’re not acting maliciously.
“The best way UK organisations can defend themselves in the face of cyber warfare is to be more proactive – and less reactive – in their protection strategy, deploying threat-informed defence and managed services to counter pervading skills and resource challenges. By building up a strong bastion of preventative security, organisations can increase their resilience in the face of global cyber threat.”