Britain can retaliate against cyber attacks in the same way as if it is bombed because they are both 'acts of war', Attorney General says

• e-mail

Britain can legally retaliate against a cyber attack in the same way as if the country is bombed because both are acts of war, the Attorney General declared today.

Jeremy Wright said responsibility for hostile interventions - which could include digital interference in elections - could not be swerved just because they are online.

In a major speech, the Government's top lawyer said Britain was entitled to retaliate without announcing its action or to name and shame her enemies. 

Mr Wright said attempts to bring down critical infrastructure such as nuclear reactors and air traffic control towers through online attacks should be treated under international law in the same way as if they were targeted in bombing raids.

Britain can legally retaliate against a cyber attack in the same as if the country is bombed because both are acts of war, Attorney General Jeremy Wright (pictured today at Chatham House) said 

Cyber attacks against critical infrastructure which caused or threatened 'death and destruction' equivalent to an armed attack would result in self-defence actions, he added, saying defensive measures did not have to be 'symmetrical' to the threat.

The major speech at the Chatham House foreign affairs think tank on Wednesday set out on the record for the first time the Government's position on applying international law to cyberspace.

Mr Wright said there was an established principle that countries should be free to choose their own 'political, social economic and cultural system'.

He added: 'The practical applications of the principle in this context would be the use by a hostile state of cyber operations to manipulate the electoral system to alter the results of an election in another state, intervention in the fundamental operation of parliament, or in the stability of our financial system.

'Such acts must surely be a breach of the prohibition on intervention in the domestic affairs of states.

'A breach of this principle of non-intervention provides victim states with the ability to take action in response that would otherwise be considered unlawful, but which is permissible if it is aimed at returning relations between a hostile state and the victim state to one of lawfulness and bringing an end to the prior unlawful act.'

The Government's name and shame approach has already seen North Korean-linked hackers blamed for the WannaCry ransomware attack which hit NHS computers last year (pictured is a memo to staff after the attack last year) 

The Government's name and shame approach has already seen North Korean-linked hackers blamed for the WannaCry ransomware attack which hit NHS computers last year.

In February, the Government blamed Russia for the June 2017 NotPetya attack.

Russia was also blamed for the hack of Democratic National Committee emails in the run-up to the 2016 US presidential elections.

Mr Wright added: 'International law is clear: states cannot escape accountability under the law simply by the involvement of such proxy actors, acting under their direction and control.

'But the challenge, as ever, is not simply about the law - as with other forms of hostile activity there are technical, political and diplomatic considerations in publicly attributing hostile cyber activity to a state in addition to whether the legal test is met.'

He said the UK was not always 'legally obliged' to warn countries that it was retaliating against a cyber attack, if it would 'expose highly sensitive capabilities in defending our country in the cyber arena'.

National Cyber Security Centre chief executive Ciaran Martin (file image)  is charged with defending the United Kingdom from digital assaults