The following blog is excerpted by permission from the article "Cyber and the Law," originally published May 20, 2022, in Professional Security Magazine, based in the United Kingdom. (Photo: U.K. Attorney General and Conservative Member of Parliament Suella Braverman).
Cyber and the Law
The law in armed conflict applies just the same to the use of cyber-means as other means of waging war, the Attorney General and Fareham MP Suella Braverman told the think-tank Chatham House in a speech. She called for shared agreement with other countries “on prohibited behaviors for key sectors,” in terms of cyber, “a cyber governance framework that is founded in international law.”
In the same way that a country can lawfully respond when attacked militarily, there is also a basis to respond, and options available, in the face of hostile cyber operations in peace, she said. She called for “a framework for governing international relations and to rein in irresponsible cyber behavior. Setting out more detail on what constitutes unlawful activity by states will bring greater clarity about when certain types of robust measures are justified in response.”
She discussed “four of the most significant sectors that are vulnerable to disruptive cyber conduct: energy security; essential medical care; economic stability; and democratic processes.” She singled out Russia and China for carrying out “irresponsible or hostile cyber activity.” Cyber has increased the size of the border to be protected – not just the physical Britain and Northern Ireland (and the rest of the world), but “every household and business in the country.” She added: “But just because the scale of the challenge has increased, it does not change our fundamental duty to protect citizens, families and businesses from the array of threats present in cyberspace.”
She summed up: “International law matters in cyberspace because if we don’t shape the rules here, if we don’t have a clear framework to counter hostile activity in cyberspace, and if we don’t get cybersecurity right, the effects will be likely to be felt more often and in hugely disruptive ways by ordinary people.”
Read the full speech: gov.uk.
Comment from BlackBerry
Keiron Holyome, VP, UKI, Middle East and Africa at BlackBerry, says: “Cyber warfare is a formidable threat to British businesses and institutions, so it’s right that it is governed by international legislation. As governments work on a Geneva convention for cyberspace, our critical infrastructure and businesses face a daily threat. But we must not forget the wealth of strategy, skills, and technology already available that are equipped to prevent attacks before they have a chance to execute.”
“Continuous threat hunting, automated controls deployment, proactive testing and securing every single endpoint is possible with a prevention-first approach. It starts with a Zero Trust environment – no user can access anything until they prove who they are, that their access is authorized, and they’re not acting maliciously.”
“The best way UK organizations can defend themselves in the face of cyber warfare is to be more proactive – and less reactive – in their protection strategy, deploying threat-informed defense and managed services to counter pervading skills and resource challenges. By building up a strong bastion of preventative security, organizations can increase their resilience in the face of global cyber threat.”
Read the full article in Professional Security Magazine Online.