UK Can Legally Launch ‘Defensive’ Cyberattacks Against Hostile States: Attorney General

UK Can Legally Launch ‘Defensive’ Cyberattacks Against Hostile States: Attorney General
UK Attorney General Suella Braverman leaves 10 Downing Street following a cabinet meeting, in London, on March 15, 2022. Leon Neal/Getty Images
Alexander Zhang
Updated:

Britain can respond to cyberattacks by hostile states by taking countermeasures including sanctions or “defensive” cyberattacks, the UK’s attorney general has said.

In a speech delivered at the Chatham House think tank on May 19, Suella Braverman said that international law should be applied to cyberspace to make it clear when a nation state has acted unlawfully and what action can be legally taken in response to a cyberattack.

She said that cyberspace is not a lawless “grey zone,” and international law “governs and plays a fundamental role in regulating cyberspace.”

She highlighted the need for “leadership and partnerships” between the UK and its partners to shape and strengthen international cyber governance, with the aim of promoting a “free, open, peaceful, and secure cyberspace.”

According to the attorney general, the UK government’s position is that “the rule on non-intervention provides a clearly established basis in international law for assessing the legality of state conduct in cyberspace during peacetime.”

“It serves as a benchmark by which to assess lawfulness, to hold those responsible to account, and to calibrate responses,” she said.

Braverman said it is important to be clear what kinds of behaviour are unlawful, so that states can be clearer on “the range of potential options that can lawfully be taken in response.”

“This is crucial in enabling states to act within the law whilst taking robust and decisive action,” she said.

The approach will encourage “more agile and decisive international action in response to specific threats” and will help “avoid inadvertent or damaging escalations,” she said.

Speaking to The Telegraph ahead of her speech, Braverman identified four significant sectors vulnerable to cyberattacks—energy security, essential medical care, economic stability, and democratic processes such as elections.

The countermeasures that can be taken against state-sponsored cyberattacks could include economic sanctions, visa bans, and excluding the offending state from international groupings, she said.

Asked if it could include cyberattacks against the hostile state, she said: “They could involve cyber and non-cyber. If you have clearly established unlawfulness and if it was the most effective and most proportionate means, it would be justified. It is defensive cyber, effectively.”

‘Moment of Reckoning’

In recent years, UK officials have repeatedly highlighted the cyber threat posed by hostile regimes, especially China and Russia.
In July 2020, then Foreign Secretary Raab said he was “deeply concerned” over evidence that the Chinese regime was “engaged in malicious cyberattacks against commercial, medical, and academic institutions, including those working to respond to the coronavirus pandemic.”
In January 2021, Gen. Nick Carter, then the chief of the Defence Staff, warned that if “unconventional warfare” attacks on Britain from hostile adversaries such as China and Russia are not kept in check, this could lead to a conventional war.
In April 2021, Jeremy Fleming, director of Britain’s GCHQ intelligence agency, said the West is facing a “moment of reckoning” as China and Russia increase their malign activities in cyberspace and other fields of technology.
Mary Clark and PA Media contributed to this report.