Defence against cyber warfare should be considered and assessed as a traditional attack

News by Dan Raywood

It is only a matter of time before terrorists start to use cyber space more systematically as a method of attack, according to the Armed Forces Minister.

It is only a matter of time before terrorists start to use cyber space more systematically as a method of attack, according to the Armed Forces Minister.

Giving a speech this week to Chatham House about cyber threats to Britain's security, Armed Forces Minister and Lib Dem MP for North Devon, Nick Harvey, claimed that he was ‘excited about the capacity of the internet and digital technology to increase the freedom and opportunity available to our citizens'.

Looking at the recent National Security Strategy Review, Harvey said: “This will overhaul not only our approach to tackling cyber crime, but also how we can improve the UK's ability to defend itself from cyber attack, whether from terrorists, states, or other hostile actors [and] including the capability to exploit the weaknesses of our opponents.

“Cyber capabilities may provide the kind of precise and tailored effects which a conventional attack cannot. If, for example, we were able to switch off the lights for a window of opportunity, then this would provide decision makers with greater options.”

He also acknowledged that there is ‘much discussion on the legal frameworks' which apply to acts of aggression or force in cyber space or during armed conflict. “I would argue that the established law governing the use of force and the law governing the conduct of hostilities are equally applicable to cyber space as they are to traditional domains,” he said.

“When applying the law relating to the use of force, one of the difficult issues will be interpreting or determining whether an action or effect constitutes a use of force or an armed attack.

“For traditional domains, we assess an action and make a determination based on the act, its effects and the context to determine whether it constitutes a prohibited use of force and/or potentially an armed attack. We then judge what an appropriate, necessary, proportionate and targeted response should be, applying well established legal principles.

“Why should assessing and responding to a cyber attack be different? Of course the issue of attribution in cyber space will be difficult, as will the issue of intent. But as I said earlier, just because it will be difficult it does not mean it will be impossible.”

Pamela Cawthorn, Dell Services innovation lead for cyber security, said: “Governments and private industry need to work collaboratively to develop the appropriate international framework to secure themselves against these attacks. Collaboration is needed to do this in a way that keeps our global information central nervous system intact and secure.

“For decades, the attitude toward cyber security has been one of naivety as well as an unnecessary expense.  It has essentially been an afterthought for many organisations. As a result, much of the technologies in place are almost indefensible without extensive upgrades or replacement.

“There is a need to have more global participation on the future planning of the next generation infrastructure required to address the changes that will affect the internet usage in years to come. As more and more developing world economies connect to this central nervous system, we need to ensure that the existing users and consumers as well as the new participates do so without the risk of losing personal assets.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews