View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 20, 2022updated 01 Jun 2022 5:45pm

UK could lawfully launch cyberattacks against other countries – attorney general

Suella Braverman's speech gave an insight into the government's position on cyber attacks.

By Claudia Glover

The UK could lawfully launch “defensive” cyberattacks against countries which threaten critical national infrastructure, attorney general Suella Braverman has said.

a speech given last night at Chatham House by Attorney General Rt Honourable Suella Braverman, the UK’s approach to laws of international cyber warfare were outlined. The UK government appears to condone what it calls “offensive cyber operations” in cyber space, a new policy position that some analysts have voiced could be a cause for concern.
Attorney General Suella Braverman. Photo by Oli Scarff – WPA Pool/Getty Images

In her speech at Chatham House, Braverman said she believes “that we can and should be clearer about the types of disruptive State activity which are likely to be unlawful in cyberspace.”

She said it is important to continue to apply the principle of non-intervention – the idea that states can conduct their business without interference – in cyberspace, but she said the government was seeking to bring clarity to what does and doesn’t constitute unlawful bevhaviour, and “to move the focus to the types of coercive and disruptive behaviours that responsible States should be clear are unlawful when it comes to the conduct of international affairs in peacetime.”

Braverman spoke around four broad topics, outlining cyber activity may be considered disruptive or coercive and, potentially, unlawful. These were energy security; essential medical care; economic stability; and democratic processes. She said the list was a “non-exhaustive” one “to move the discussion forward”. Examples of what might be considered unlawful coercive behaviour included disruption of hospital computer systems, and interference with power supply to critical infrastructure.

Has the UK clarified its position on cybersecurity?

Braverman’s speech “opens up an international conversation in which the UK wants to be a leader,” says Greg Austin, programme head of cyber, space and future conflict at the International Institute for Strategic Studies think tank. “This represents a radical departure from past approaches to the promotion of lawful behaviour in cyberspace,” Austin says. “The commitment to [clarifying these cyber laws] looks as fresh and inspiring, as has been the commitment of countries like Latvia and the Netherlands.” The difference, Austin says, is that the UK “has got the money to spend, and it’s got the diplomatic strength to spend.”

The speech could also be read as a warning to countries like Russia and China which continually push the boundaries of what is legally acceptable in cyberspace, Austin says. “My first reaction to it was that Russia and China had better pay very close attention to this speech because the United Kingdom is definitely keeping score of all of these untoward and unacceptable activities they are undertaking and they reserve the right to undertake retaliation,” he argues.

Offensive operations in cyberspace

However, Alexei Drew, researcher at think tank RAND Europe was less impressed by the speech, describing it as “showboating.” She says: “The UK is not the first state to say, as this statement suggests, that the existing laws of armed conflict apply in cyberspace. That’s the starting position of a lot of countries in the UN.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Drew said Braverman’s admission that the UK now condones taking action in certain circumstances troubling. Braverman said the UK could legally strike back as part of a “defensive” measure if some of the critical infrastructure mentioned in her speech was targeted. She drew a distinction between this and the offensive tactics deployed by other countries, which would break the non-intervention principle.

“The concept of defensive cyberattacks to deter actions that might be seen as breaching the law, like the use of cyber attacks against us, is technically nonsense,” Drew says. She argues that a defensive cyber attack and an offensive cyber attack are the same thing, and that trying to make the distinction between them that Braverman did is problematic.

Drew adds: “The technical means of carrying these attack out are the same. It comes down to semantics as to whether you consider something offensive or defensive. I think it’s problematic to frame it this way.”

Read more: UK government thwarts multi million pound credit card fraud

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.