International law wasn't developed with cyber space in mind, but the UK is setting out its legal approach amid tensions with Russia.

Just as physically damaging attacks would be breaches of international law, so are cyber attacks which go beyond espionage according to the Attorney General, Jeremy Wright QC.

Speaking to the Chatham House think tank, Mr Wright, who is a government minister and an MP for Kenilworth and Southam, emphasised that international law must keep pace with technological change to remain relevant.

He said: "If a hostile state interferes with the operation of one of our nuclear reactors, resulting in widespread loss of life, the fact that the act is carried out by way of a cyber operation does not prevent it from being viewed as an unlawful use of force or an armed attack against us.

"If it would be a breach of international law to bomb an air traffic control tower with the effect of downing civilian aircraft, then it will be a breach of international law to use a hostile cyber operation to disable air traffic control systems which results in the same, ultimately lethal, effects."

Although this is the first time a government minister has gone on the record about the UK's interpretation of international law in regards to cyber attacks, that interpretation is essentially in line with a UN declaration in 2013.

:: What can the UK actually expect in a cyberwar

Image: The Kremlin has been accused of aggressive cyber activities

These comments do not run counter to the UN declaration, but come in the context of the UK attributing a number of aggressive cyber activities to Russia, including activities which directly affected the UK.

From the hack of the Democratic National Congress emails in the run-up to the US elections in 2016, through to the NotPetya cyber attack which devastated computers in Ukraine and across Europe last year, many Kremlin-linked campaigns have drawn criticism from Westminster.

However, a recent warning about intrusions into internet infrastructure issued by the National Cyber Security Centre suggested for the first time that the Russian government was attempting to hack into the UK's critical national infrastructure.

That assertion followed a severe deterioration in the relationship between the two countries after the attempted murder in Salisbury of a former Russian intelligence officer who defected to the UK.

In April, the director of GCHQ warned that the nerve agent attack in Salisbury – which badly injured former Russian spy Sergei Skripal, his daughter and a police officer – demonstrated "how reckless Russia is prepared to be".

:: Naming Russia offers cyber security its #MeToo moment

Foreign Secretary Boris Johnson and his Russian counterpart Sergei Lavrov 4:25
Video: Boris and Russian minister trade barbs and news conference

Speaking to Sky News in February, a NATO-affiliated cyber security expert noted how few people suspected two years ago that a nation state might interfere in the domestic affairs of another by manipulating social media during an election.

Such a notion was little known in 2009, when an international group of experts began writing the Tallinn Manual; a NATO academic study into how international law should be applied to cyber conflicts.

Almost a decade later these questions still remain, partially driven by aggressive cyber activities which NATO members have attributed to Russia, including interference in the 2016 election in the US.

In February charges were filed against 13 employees of a Russian troll factory which was accused of attempting to interfere with the 2016 US presidential election.

According to Mr Wright QC, the UK will also view the use of cyber technologies to interfere in another state's elections with the effect of altering the result as prohibited, and allowed the states affected by that to take action to stop it.

Sky News asked the Attorney General's office whether this was different from using technology to interfere with the intention of altering the result – that is, was an unsuccessful attempt also prohibited?

A spokesperson for the office said that an unsuccessful attempt would not be considered an illegal act and thus the UK's interpretation of international law did not allow states to take actions regarding it.

This presents a curious scenario for the US, which by the standards of a declassified Intelligence Community Assessment was victim to unsuccessful Russian attempts to interfere in the 2016 presidential election.

12:42
Video: Defence Minister on Russia, cyber warfare and tackling fake news

The proceedings against those named in the February interference indictment were part of the US criminal justice system, and not part of international law which governs interactions between states.

Russia has denied the alleged interference, and the intelligence community can't reveal its sources or it risks jeopardising its ability to detect and identify similar activities in the future.

Mr Wright said: "There is no legal obligation requiring a state to publicly disclose the underlying information on which its decision to attribute hostile activity is based, or to publicly attribute hostile cyber activity that it has suffered in all circumstances.

More from Russia

"However, the UK can and does attribute malicious cyber activity where we believe it is in our best interests to do so, and in furtherance of our commitment to clarity and stability in cyberspace.

"Sometimes we do this publicly, and sometimes we do so only to the country concerned. We consider each case on its merits."

Original Article

[contf] [contfnew]

Sky News

[contfnewc] [contfnewc]