lolloj - Fotolia

EU may struggle to prove cyber attack links, warns expert

EU governments are reportedly planning to respond to cyber attacks as an act of war, but a cyber security expert says links to nation states may be hard to prove

European Union governments are planning to sign a declaration that cyber attacks could be viewed as an act of war, potentially triggering a conventional arms attack in response.

The declaration has been drafted as a deterrent aimed at countries that carry out cyber attacks and cyber espionage against EU members, either directly or indirectly through non-state actors, according to the Telegraph.

The paper said the declaration is set to be agreed in the coming weeks by all EU member states, including the UK, and warns that cyber attacks could attract a response using conventional weapons in “grave instances”.

Despite the attribution of cyber attacks being notoriously difficult and usually against official policy, the UK government last week said it believed “quite strongly” that North Korea was behind the WannaCry malware that caused worldwide disruption and hit the UK’s National Health Service (NHS) particularly hard.

Officially titled The framework on a joint EU diplomatic response to malicious cyber activities, the draft declaration states that a country under attack can exercise its “inherent right of individual or collective self-defence” under international law.

According to commentators, the planned EU declaration will be a clear indication by member states of their willingness to invoke the mutual defence clause of the EU Treaty, which enables a member state to demand “aid and assistance” from its fellow EU governments. 

This stance is reflected in a  2014 update to Nato’s cyber defence policy, which  makes an explicit link between cyber attacks at a certain threshold and the invocation of a Nato article 5 collective defence as part of the treaty.

Article 5 of the North Atlantic treaty requires member states to come to the aid of any member state subject to an armed attack, which since 2014 has included cyber attacks.

Cyber threats are one of the most pressing priorities for Nato, according to Sorin Ducaru, the organisation’s assistant secretary general for emerging security challenges.

“Nato will not develop or acquire any other capabilities other than purely defensive, but, like the other domains, it can rely on voluntary contributions of a range of capabilities from allies to support operations and missions,” Ducaru told the CyberSec European Cybersecurity Forum in Krakow, hinting at potential retaliatory strikes using conventional arms or offensive cyber attacks.

Read more about cyber war

In the light of the WannaCry attacks and the hacking of presidential candidates in France and Germany in recent months, Raj Samani, chief scientist and fellow at McAfee, said it is not surprising that EU governments want to assert themselves over the way cyber attacks could be used by other nation states to steal secrets and cause damage.

“While it is important to define cyber attacks that are used for espionage or disruption as they would be when committed by physical actors, the greatest challenge that countries have will be in identifying and proving that the malicious actors that caused the cyber attack have direct links to governmental organisations – something that these groups will be even more keen to conceal going forward,” said Samani.

Read more on Hackers and cybercrime prevention