lolloj - Fotolia
European Union governments are planning to sign a declaration that cyber attacks could be viewed as an act of war, potentially triggering a conventional arms attack in response.
The declaration has been drafted as a deterrent aimed at countries that carry out cyber attacks and cyber espionage against EU members, either directly or indirectly through non-state actors, according to the Telegraph.
The paper said the declaration is set to be agreed in the coming weeks by all EU member states, including the UK, and warns that cyber attacks could attract a response using conventional weapons in “grave instances”.
Despite the attribution of cyber attacks being notoriously difficult and usually against official policy, the UK government last week said it believed “quite strongly” that North Korea was behind the WannaCry malware that caused worldwide disruption and hit the UK’s National Health Service (NHS) particularly hard.
Officially titled The framework on a joint EU diplomatic response to malicious cyber activities, the draft declaration states that a country under attack can exercise its “inherent right of individual or collective self-defence” under international law.
According to commentators, the planned EU declaration will be a clear indication by member states of their willingness to invoke the mutual defence clause of the EU Treaty, which enables a member state to demand “aid and assistance” from its fellow EU governments.
This stance is reflected in a 2014 update to Nato’s cyber defence policy, which makes an explicit link between cyber attacks at a certain threshold and the invocation of a Nato article 5 collective defence as part of the treaty.
Read more about Nato and cyber attacks
Article 5 of the North Atlantic treaty requires member states to come to the aid of any member state subject to an armed attack, which since 2014 has included cyber attacks.
“Nato will not develop or acquire any other capabilities other than purely defensive, but, like the other domains, it can rely on voluntary contributions of a range of capabilities from allies to support operations and missions,” Ducaru told the CyberSec European Cybersecurity Forum in Krakow, hinting at potential retaliatory strikes using conventional arms or offensive cyber attacks.
Read more about cyber war
- Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief.
- Veteran investigative reporter Ted Koppel says a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch.
- There is a lot of “fog” surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen.
- Armed forces minister Nick Harvey has revealed the UK is working on a cyber weapon programme with offensive capabilities to counter cyber warfare threats to national security.
In the light of the WannaCry attacks and the hacking of presidential candidates in France and Germany in recent months, Raj Samani, chief scientist and fellow at McAfee, said it is not surprising that EU governments want to assert themselves over the way cyber attacks could be used by other nation states to steal secrets and cause damage.
“While it is important to define cyber attacks that are used for espionage or disruption as they would be when committed by physical actors, the greatest challenge that countries have will be in identifying and proving that the malicious actors that caused the cyber attack have direct links to governmental organisations – something that these groups will be even more keen to conceal going forward,” said Samani.