{"id":36336,"date":"2022-05-20T10:45:00","date_gmt":"2022-05-20T10:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/archives\/36336"},"modified":"2022-05-20T10:45:00","modified_gmt":"2022-05-20T10:45:00","slug":"applying-international-law-to-cyber-will-be-a-tall-order","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=36336","title":{"rendered":"Applying international law to cyber will be a tall order"},"content":{"rendered":"
<\/div>\n

Cyber commentators have given a cautious welcome to a speech by the UK\u2019s attorney general, Suella Braverman, delivered to the Chatham House think tank<\/a>, in which she set out the government\u2019s position on the application of international law to cyber space, in the context of cyber warfare, espionage and other state-backed intrusions.<\/p>\n

In her speech, Braverman set out her thoughts on how international law might apply in cyber space, and called for governments to come together to establish an appropriate and clear legal framework. This has been taken as a signal that in some circumstances, launching cyber attacks against hostile countries could be seen as justified and lawful<\/a>.<\/p>\n

\u201cThe UK\u2019s aim is to ensure that future frontiers evolve in a way that reflects our democratic values and interests and those of our allies,\u201d she said. \u201cWe want to build on increasing activism by likeminded states when it comes to international cyber governance.<\/p>\n

\u201cThis includes making sure the legal framework is properly applied, to protect the exercise of powers derived from the principle of state sovereignty \u2013 to which this government attaches great importance \u2013 from external coercion by other states.<\/p>\n

\u201cThe law needs to be clear and well understood if it is to be part of a framework for governing international relations and to rein in irresponsible cyber behaviour. Setting out more detail on what constitutes unlawful activity by states will bring greater clarity about when certain types of robust measures are justified in response.\u201d<\/p>\n

\n

<\/i>Principle on non-intervention is crucial<\/h3>\n

As previously reported<\/a>, Braverman said that established international laws on non-intervention have a big part to play in laying down the future legislative landscape for cyber.<\/p>\n

\u201cAccording to the Court [the International Court of Justice] in that case, all states or groups of states are forbidden from intervening \u2013 directly or indirectly in internal or external affairs of other states. A prohibited intervention must accordingly be one bearing on matters in which each state is permitted, by the principle of state sovereignty, to decide freely,\u201d she said.<\/p>\n

\u201cOne of these is the choice of a political, economic, social and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones.<\/p>\n

\u201cThe UK\u2019s position is that the rule on non-intervention provides a clearly established basis in international law for assessing the legality of state conduct in cyber space during peacetime.\u201d<\/p>\n<\/section>\n

\n

<\/i>Appropriate responses<\/h3>\n

Braverman said this rule could serve as a benchmark to assess lawfulness, hold those responsible to account and, crucially, calibrate appropriate responses.<\/p>\n

She explained this rule could be particularly important in cyber space for two reasons: first because it sits at the heart of international law and protects core matters relating to a country\u2019s sovereignty; second because, thanks to the prevalence of state-backed cyber attacks that fall below the threshold of the use of force (or on its margins), it becomes key to enable countries to define behaviour as unlawful.<\/p>\n

In terms of how this rule might work in a cyber context, Braverman said it was necessary to focus on the types of \u201ccoercive and disruptive\u201d behaviours that countries can agree are unlawful. This could include attacks on energy supply, medical care, economic stability (i.e. the financial system) or democratic processes. Then it will become possible to establish the range of potential options that can be taken as a proportionate response.<\/p>\n

Although much of the content of Braverman\u2019s speech has been set out before \u2013 including by her predecessor in post, Jeremy Wright \u2013 this is thought to be the first time the government has been specific in the types of cyber attacks that could warrant a response \u2013 a significant moment.<\/p>\n

Braverman said there were a wide range of effective response options in such circumstances, such as sanctions, travel bans, exclusion from international bodies and so on. But beyond this, she said, a country may respond to an unlawful act in ways which would be deemed unlawful under normal circumstances \u2013 that is to say, conducting cyber attacks of their own.<\/p>\n

\u201cThe UK has previously made clear that countermeasures are available in response to unlawful cyber operations by another state,\u201d she said. \u201cIt is also clear that countermeasures need not be of the same character as the threat and could involve non-cyber means, where it is the right option in order to bring unlawful behaviour in cyber space to an end.<\/p>\n

\u201cThe National Cyber Force draws together personnel from intelligence and defence in this area under one unified command for the first time. It can conduct offensive cyber operations \u2013 flexible, scalable\u202fmeasures to meet a full range of operational requirements. And, importantly, the National Cyber Force operates under an established legal framework. Unlike some of our adversaries, it respects international law. It is important that democratic states can lawfully draw on the capabilities of offensive cyber, and its operation not be confined to those States which are content to act irresponsibly or to cause harm.\u201d<\/p>\n<\/section>\n

\n

<\/i>Line in the sand<\/h3>\n

Oliver Pinson-Roxburgh, CEO of Defense.com<\/a>, was among those to voice their support for the ideas set down by the attorney general.<\/p>\n

\u201cThis speech is an important line in the sand on appropriate security standards in cyber space,\u201d he said. \u201cWe live in an era of evolving and unprecedented threats, with threat actors able to deploy automated attack methods to operate at pace and at scale.<\/p>\n

\u201cFacing a sprawling threat landscape, where individual actors out for financial gain are mixed in with the geopolitical disruption favoured by nation state actors, businesses need this sort of clarity from the government to help them monitor and respond to threats when they occur.<\/p>\n

\u201cIt was welcome to hear the attorney general highlight the responsibility of both the public and private sector to maintain cyber resilience,\u201d added Pinson-Roxburgh. \u201cBusinesses cannot entirely rely on the briefings and intelligence provided by the NCSC. Hostile actors will look for vulnerabilities across any organisation \u2013 large or small.<\/p>\n

\u201cThere are quick and easy steps businesses can take to build up an end-to-end approach to cyber security, from password best practices for staff, right the way through to the latest in vulnerability scanning and monitoring technology. As legislation for cyber space evolves, businesses can look to outsourced cyber security experts to help them make sense of the latest directives and understand how to remain compliant.\u201d<\/p>\n

Keiron Holyome, Blackberry<\/a> vice-president for UK and Ireland, Middle East, and Africa, also spoke in support of the government\u2019s ambitions, describing cyber warfare as a \u201cformidable threat\u201d to both UK businesses and institutions.<\/p>\n

\u201cIt\u2019s right that it is governed by international legislation,\u201d he said. \u201cAs governments work on a Geneva convention for cyber space, our critical infrastructure and businesses face a daily threat.\u201d<\/p>\n

However, he added, it was just as important not to lose sight of the wealth of strategies, skills and technologies that already exist and that can prevent attacks before they execute.<\/p>\n

\u201cContinuous threat hunting, automated controls deployment, proactive testing and securing every single endpoint is possible with a prevention-first approach,\u201d said Holyome. \u201cIt starts with a zero-trust environment \u2013 no user can access anything until they prove who they are, that their access is authorised and they\u2019re not acting maliciously.<\/p>\n

\u201cThe best way UK organisations can defend themselves in the face of cyber warfare is to be more proactive \u2013 and less reactive \u2013 in their protection strategy, deploying threat-informed defence and managed services to counter pervading skills and resource challenges. By building up a strong bastion of preventative security, organisations can increase their resilience in the face of global cyber threat.\u201d<\/p>\n<\/section>\n

\n

<\/i>Tall order<\/h3>\n

Steve Cottrell, EMEA chief technology officer at Vectra AI<\/a>, said: \u201cWhile it\u2019s extremely positive that the UK government is looking at opportunities to provide clarity in this area, it\u2019s hard to see how anything meaningful can be achieved without widespread international consensus and legislative alignment.<\/p>\n

\u201cCyber attacks frequently cross international boundaries and are often perpetrated from countries that tolerate or downright encourage the attacks as they serve their broader political interests.<\/p>\n

\u201cAdditionally, there is a challenge when it comes to activities that could be categorised as state espionage \u2013 as these are not explicitly prohibited under international law,\u201d he said. \u201cGeopolitics is likely to continue to be the main catalyst for cyber attacks against nations and organisations for the foreseeable future, and it\u2019s key that security defenders stay alert to the evolving cyber threat landscape.\u201d<\/p>\n

Ismael Valenzuela, Blackberry\u2019s vice-president of threat research and intelligence, said: \u201cSetting rules of the road for cyber conflict and defining justified responses is a tall order. While this defining of the international law in cyber space is an admirable and necessary development signifying the importance of cyber security for nation states, public and private organisations need to continue to prioritise improving their proactive threat-informed defensive stance against cyber attacks.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Cyber commentators have given a cautious welcome to a speech by the UK\u2019s attorney general, Suella Braverman, delivered to the Chatham House think tank, in which she set out the government\u2019s position on the application of international law to cyber space, in the context of cyber warfare, espionage and other state-backed intrusions. In her speech, […]<\/p>\n","protected":false},"author":1,"featured_media":36337,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-36336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36336"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/36337"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}