UK Will Name The Nations Sponsoring Cyber Attacks

Uploaded on 2018-06-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Britain will name and shame foreign states that hire hackers to carry out cyber-attacks or interfere via the Internet in national elections, the British attorney general has warned.

In a speech referring to Russian and North Korean “campaigns of intrusion”, Jeremy Wright QC called for international sanctions to be applied against countries that exploit cyberspace for illegal purposes.

“If we stay silent, if we accept that the challenges posed by cyber technology are too great for the existing framework of international law to bear, that cyberspace will always be a grey area, a place of blurred boundaries, then we should expect cyberspace to continue to become a more dangerous place,” Wright told an audience at Chatham House in central London.

“The question is not whether or not international law applies, but rather how it applies and whether our current understanding is sufficient ... Hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them ...

“If it would be a breach of international law to bomb an air traffic control tower with the effect of downing civilian aircraft, then it will be a breach of international law to use a hostile cyber operation to disable air traffic control systems which results in the same, ultimately lethal, effects.” 

Such rights are already established in the UN charter, Wright said, including prohibitions on interventions in the domestic affairs of states and the threat or use of force against the territorial independence or political integrity of any country. 

Cyber operations that cause, or present an imminent threat of, death and destruction on an equivalent scale to an armed attack also give rise to an inherent right to take action in self-defence as recognised under article 51 of the UN charter, Wright said.

“If a hostile state interferes with the operation of one of our nuclear reactors, resulting in widespread loss of life, the fact that the act is carried out by way of a cyber operation does not prevent it from being viewed as an unlawful use of force or an armed attack against us.”

Counter-measures cannot involve the use of force, he said. They must be both necessary and proportionate to the purpose of inducing the hostile state to comply with its obligations under international law. 

The UK does not believe that it is always legally obliged to give prior notification to a hostile state before taking counter-measures against it.

“It could not be right for international law to require a counter-measure to expose highly sensitive capabilities in defending the country in the cyber arena, as in any other arena.” 

Wright’s comments, which follow an FBI inquiry into alleged Russian interference in the 2016 US presidential election, are intended to deter hacking attacks from abroad and attempts by foreign states to influence domestic politics. Wright is keen to ensure that international law keeps up with the rapid pace of technological development and that the international community does not let cyberspace degenerate into a “lawless world”. The UK, he added, is prepared to identify states that recruit proxy actors or hackers to disguise the source of online attacks. 

The WannaCry ransomware incident last year, which affected the NHS, was attributed by the UK and its allies to North Korean-sponsored hackers.

The new National Cyber Security Centre has a mandate to protect Britain’s interests in cyberspace. In the past year it identified on average 4.5m malicious emails per month. The UK government has said it is investing £1.9bn in cybersecurity. 
Other cyber-attacks in which the UK has named and shamed state actors include the hack and leak of Democratic National Committee emails in the run-up to the US election.

This year, Britain blamed the Russian military for the NotPetya ransomware attack, which started in the Ukraine and spread around the world.

In April, the National Cyber Security Centre, the US Department for Homeland Security and the FBI issued a joint statement saying there had been an extensive and sustained Russian campaign of intrusions into the internet infrastructure of the UK and the US.

Guardian

You Might Also Read: 

Nation State Cyber Attacks Are An Act Of War:

Nation State Hacking Is On Trend In 2018:
 

« Cybercrime Is Increasing In Scotland
Facebook Gave Chinese Tech Firms Access To User Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

DH2i

DH2i

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

NCIIPC's mission is to protect the Critical Information Infrastructure of India, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction.