31 OCT 2017
European Union member states have drafted a diplomatic document which states serious cyber-attacks by a foreign nation could be construed as an act of war.
The document, said to have been developed as a deterrent to provocations by the likes of Russia and North Korea, will state that member states may respond to online attacks with conventional weapons “in the gravest circumstances.”
The framework on a joint EU diplomatic response to malicious cyber activities would seem to raise the stakes significantly on state-sponsored attacks, especially those focused on critical infrastructure.
Security minister Ben Wallace claimed last week that the UK government is “as sure as possible” that North Korea was behind the WannaCry ransomware attacks in May that crippled over a third of NHS England, forcing the cancellation of thousands of operations and appointments.
The suspected state-sponsored group known as Dragonfly has also been active of late probing US energy facilities.
That said, definitive attribution in cyberspace is very difficult, making the framework appear largely symbolic.
It brings the EU in line with Nato moves in the past establishing cyber as a legitimate military domain, meaning an online attack could theoretically trigger Article 5, the part of its treaty related to collective defense.
That states that an attack on one member is an attack on all 29 allies.