Comment Britain has told the UN that international cyber law should allow zero-notice digital punishment directed at countries that attack others' infrastructure.
A statement made by UK diplomats to the UN's Group of Governmental Experts on Advancing Responsible State Behaviour in the Context of International Security (UN GGE) called for international law to permit retaliation for cyber attacks with no notice.
"The UK does not consider that States taking countermeasures are legally obliged to give prior notice (including by calling on the State responsible for the internationally wrongful act to comply with international law) in all circumstances," said the British submission to the UN GGE, made in advance of the G7 heads of government meeting in Cornwall this week.
The declaration marks a break with cautious British policy from just two years ago, when then-foreign secretary Jeremy Hunt warned against "cyber interference" becoming "commonplace". It is, however, in line with subtly aggressive rhetoric deployed by the Ministry of Defence in its Integrated Review earlier this year.
Government and policy sources have previously told The Register that UK policy is aimed at building international consensus around cyber norms, making it easier to confront Russia, China, Iran, and similar cyber-rogues.
Back in 2019 Hunt had said the UK should be "more emphatic about what we consider to be unacceptable behaviour and the consequences for any breach of international law" while tempering that with warnings about normalising international hacking, but under current foreign secretary Dominic Raab it appears UK policy officials are less worried about inflaming international tensions.
- The Roaring Twenties: Future foreign policy will rely on rejuvenated 'cyber' sector, UK government claims
- UK reveals new 'National Cyber Force', announces Space Command and mysterious AI agency
- Try to avoid thinking of the internet as a flashy new battlefield, warns former NCSC chief
- We'll hack back at Russians, declare UK ministers in cyber-Blitz blitz
"Any decision to resort to countermeasures without prior notice must be necessary and proportionate to the purpose of inducing compliance in the circumstances," added the UK GGE submission, in a nod to those wanting the world wide web to remain a safe (ish) place to do business and interact with others.
Coming as the western world staggers under the impact of ransomware attacks launched mainly from Russia and Russia-aligned countries, the call for digital retaliation to be launched without warning could be seen as an increasing of pressure against those countries. Britain has also been quietly boasting of initiatives such as the National Cyber Force, an offensive hacking unit supposedly dedicated to attacking online enemies of the government.
Support for increasing weaponisation of cyberspace from prominent UK figures has been lukewarm: last year ex-NCSC chief Ciaran Martin raised the notion that policy makers were "oddly deferential and therefore unquestioning" when presented with the weapon-like capabilities of the NCF.
"Prior notice may not be a legal obligation when responding to covert cyber intrusion with countermeasures or when resort is had to countermeasures which themselves depend on covert cyber capabilities." ®