UK can legally launch cyberattacks to counter hostile states, says attorney general

The UK can legally carryout cyber offensive actions to counter unlawful activity by hostile states, according to the nation’s Attorney General Suella Braverman. Braverman’s decree came during a speech at the Chatham House foreign affairs think tank where she outlined the UK government’s stance on applying international law in cyberspace and the right of a country to take cyber active countermeasures when necessary. Her words come amid ongoing real world and cyber-warfare activity emanating from the Russia-Ukraine conflict.

International law must be shaped into cyber context

Braverman said that international law must be shaped into cyber context, and if it is not, the effects are likely to be felt in more often and disruptive ways. “Cyber activity is now part of how some disputes or tensions between countries play out. Events over the last 10 years have demonstrated the vulnerability of critical sectors to disruptive state cyber activity,” she stated. Ongoing physical and cyber conflict by Russia in Ukraine has demonstrated a disregard for established international rules, whilst a united global response in support of Ukraine has shown the value of having a framework that makes clear when state action is unlawful.

“Cyber is very much part of this conflict,” Braverman added. Cyberspace is not a lawless, grey zone, and international law governs and plays a fundamental role in regulating it, she continued. “In the same way a country can lawfully respond when attacked militarily, there is also a basis to respond and options available in the face of hostile cyber operations in peacetime.”

UK government’s stance on international law in cyberspace

The UK government continues to explore the application of international law in cyberspace and state the importance of moving beyond discussions of general concepts and principles to create clarity of what constitutes unlawful cyber conduct, Braverman said. “The [UK’s] National Cyber Strategy priorities include promoting a free, open, peaceful, and secure cyberspace, and international leadership and partners will be essential in shaping and strengthening international cyber governance frameworks to deliver those objectives.”

The UK’s aim is to ensure that future frontiers evolve in a way that reflects democratic values, and this includes ensuring a legal framework is properly applied to protect the exercise of powers derived from the principle of state sovereignty from external coercion by other states,” Braverman added. “Setting out more detail on what constitutes unlawful activity by states will bring greater clarity about when certain types of robust measures are justified in response.” It is important that democratic states can lawfully draw on the capabilities of offensive cyber, and this goes to the heart of how the UK operates as a responsible cyber power, she said.

The rule of non-intervention in cyberspace

One of the rules of customary international law is the rule of non-intervention, Braverman said. “A well-known formulation of the rule of non-intervention comes from the International Court of Justice in its military and paramilitary activities judgement. According to the court, all states or groups of states are forbidden from intervening directly or indirectly in internal or external affairs of other states.”

The UK’s position is that the rule on non-intervention provides a clearly established basis in international law for assessing the legality of state conduct in cyberspace and serves as a benchmark by which to hold those responsible to account and to calibrate responses, Braverman stated. “When taken in collaboration with other efforts – improving resilience, promoting cybersecurity, international cooperation, and having the operational capability to respond effectively to those seeking to harm us – international law can help us all to realise this vision of a free, open, peaceful, and secure cyberspace.”