[1]U.K. Outlines Position on Cyberattacks and International Law:

    […] a big process question is how the U.K. position might catalyze
    broader diplomatic endeavors to clarify or create rules for
    cyberspace. Efforts within the U.N. to reach global consensus on
    these issues [2]have so far failed, mostly because states' interests
    are poorly aligned. Expert processes like the one that produced the
    [3]Tallinn manuals can play useful roles, but they are no substitute
    for state practice and the articulation and defense of legal
    interpretations.

  (Via [4]Lawfare - Hard National Security Choices)

  UPDATE: Isa Qasim's take is deeper and describes eight key points from
  the speech:

  [5]United Kingdom Att'y General's Speech on International Law and
  Cyber: Key Highlights:

    First, it is important for states to publicly articulate their
    understanding of international law, especially in cyberspace. […]

    Second, cyber is not lawless. […]

    Third, cyber-operations that result in an "equivalent scale" of
    death and destruction as an armed attack trigger a state's right to
    self-defense under the UN Charter's Article 51. […]

    Fourth, the Article 2(7) prohibition on interference in "domestic
    affairs" (the principle of non-intervention) extends in the cyber
    context to "operations to manipulate the electoral system to alter
    the results of an election in another state, intervention in the
    fundamental operation of Parliament, or in the stability of our
    financial system." Wright acknowledges, however, that the exact
    boundary of this prohibition is not clear.

    Fifth, there is no cyber-specific rule prohibiting the "violation of
    territorial sovereignty" beyond the Article 2(7) prohibition
    described in the point above. […] This appears to be a rejection of
    the [6]Tallinn Manual's position on the issue, which had articulated
    an independent international legal rule prohibiting certain cyber
    operations as a violation of sovereignty.

    Sixth, states are not bound to give prior notification of
    countermeasures when "responding to covert cyber intrusion." […]

    Seventh, there is no legal obligation to publicly disclose the
    information underlying a state's attribution of hostile
    cyber-activity to a particular actor or state. Similarly, there is
    no universal obligation to publicly attribute hostile cyber activity
    suffered.

    Eighth, a victim state does not have free rein to determine
    attribution for a malicious cyber operation before taking a
    countermeasure. Wright stated that "the victim state must be
    confident in its attribution," and he added later, "Without clearly
    identifying who is responsible for hostile cyber activity, it is
    impossible to take responsible action in response." This view
    contrasts with other writings in this field (see Sean Watts'
    [7]article at Just Security).

  (Via [8]Just Security)
  Also on:

  [9]Twitter
    __________________________________________________________________

  My original entry is here: [10]U.K. Outlines Position on Cyberattacks
  and International Law. It posted Thu, 24 May 2018 01:46:57 +0000.
  Filed under: business,

References

  1. https://www.lawfareblog.com/uk-outlines-position-cyberattacks-and-international-law
  2. https://www.cfr.org/blog/year-review-death-un-gge-process
  3. https://ccdcoe.org/tallinn-manual.html
  4. https://www.lawfareblog.com/recent
  5. https://www.justsecurity.org/56853/united-kingdom-atty-generals-speech-international-law-cyber-key-highlights/
  6. https://www.justsecurity.org/55876/defense-sovereignty-cyberspace/
  7. https://www.justsecurity.org/33558/international-law-proposed-u-s-responses-d-n-c-hack/
  8. https://www.justsecurity.org/
  9. https://twitter.com/TokyoGringo/status/999467685472886784
 10. https://www.prjorgensen.com/?p=1112