Cyber ​​and the Law | Occupational safety

The law in armed conflict applies equally to the use of cyber means as other means of warfare, Attorney General and MP for Fareham Suella Braverman told the Chatham House think tank in a statement. speech. She called for a shared agreement with other countries “on prohibited behaviors for key sectors”, in terms of cyber; “a framework for e-governance based on international law”.

Just as a country can legally react when attacked militarily, there is also a basis for reacting and options available in the face of hostile cyber operations in peacetime, she said. She called for “a framework to govern international relations and to curb irresponsible cyber behavior”. Defining in more detail what constitutes illegal activity by states will provide greater clarity on when certain types of robust measures are warranted in response.

She spoke of “four of the most important sectors that are vulnerable to disruptive cyber conduct: energy security; essential medical care; economic stability; and democratic processes”. She pointed the finger at Russia and China for carrying out “irresponsible or hostile cyber activity”. Cyber ​​has increased the size of the border to be protected – not just physical Britain and Northern Ireland, but “every home and business in the country”. She added: “But just because the scale of the challenge has grown doesn’t mean it doesn’t change our fundamental duty to protect citizens, families and businesses from the range of threats found in cyberspace.”

She summed up: “International law is important in cyberspace because if we don’t define the rules here, if we don’t have a clear framework to counter hostile activities in cyberspace, and if we don’t ensure cybersecurity, the effects will likely be felt more often and in extremely disruptive ways by ordinary people.

You can read the speech in full on Chatham House is hosting an online event for members on Tuesday 24 May on Ukraine: An Assessment of the UK’s Military and Political Role.


Steve Cottrell, CTO EMEA of artificial intelligence and cyber company Vectra argues for international alignment. He says: “While it is hugely positive that the UK government is exploring options for greater clarity in this area, it is difficult to see how anything meaningful can be achieved without broad international consensus and legislative alignment. Cyberattacks frequently cross international borders and are often perpetrated from countries that condone or outright encourage the attacks because it serves their broader political interests.

“Furthermore, there is a challenge with regard to activities that could qualify as state espionage – as they are not explicitly prohibited by international law. Geopolitics will likely continue to be the primary enabler of cyberattacks against nations and organizations for the foreseeable future, and it is essential that security advocates remain alert to the evolving cyber threat landscape.

John Davis, UK and Ireland Director of the training organization SANS Institute, said: “The Attorney General’s view that international law applies to the cyber world as well as the real world reminds us that Cyberattacks require a response in the same way as other acts of war against a nation state.

“The potential for using cybercrime as a tool of warfare is real. Every citizen has a role to play in digital fortification, whether protecting a country, a company or a consumer.

“Awareness and vigilance are vital weapons in our response to these threats. Knowledge is power, and cybersecurity training cannot simply be a tick-in-the-box exercise, but a lifelong journey of education. »

Keiron Holyome, Vice President, UKI, Middle East and Africa at Blackberry, said: “Cyber ​​warfare is a formidable threat to UK businesses and institutions, so it is only fitting that it is governed by international law. As governments work on a Geneva convention for cyberspace, our critical infrastructure and businesses face a daily threat. But we must not forget the wealth of strategy, skills and technology already available that are equipped to deter attacks before they have a chance to execute.

“Continuous hunting for threats, deploying automated controls, proactive testing, and securing every endpoint is possible with a prevention-focused approach. It starts with a Zero Trust environment – no user can access anything until they prove who they are, their access is authorized, and they are not acting maliciously.

“The best way for UK organizations to defend against cyber warfare is to be more proactive – and less reactive – in their protection strategy, deploying threat-informed defense and managed services to counter security challenges. skills and resources. By building a strong bastion of preventive security, organizations can increase their resilience against the global cyber threat.

Comments are closed.