UK will use offensive cyberattacks against ISIS

The United Kingdom is developing offensive cyber capabilities to counterattack terrorist groups, hackers and rogue states, finance minister George Osborne said on Tuesday. 


"The capacity to attack is also a form of defense," Osborne said. "If we are to tackle the asymmetry between attack and defense, then we need to establish deterrence in cyberspace. We need not just to defend ourselves against attacks, but rather to dissuade people and states from targetting us in the first place."

Osborne cited the risk from the Islamic State in Iraq and Syra (ISIS), which carried out the deadly attacks on Paris last week.

“[ISIS] are already using the Internet for hideous propaganda purposes; for radicalization, for operational planning too,” Osborne said. “They have not been able to use it to kill people yet by attacking our infrastructure through cyberattack. They do not yet have that capability. But we know they want it, and are doing their best to build it.”

In 2013, Britain’s then-defense secretary Philip Hammond said the U.K. was “developing a full spectrum military cyber capability, including a strike capability.”

Osborne’s arguments echo a similar debate in the United States, where lawmakers, intelligence and military officials and cyber policy experts are grappling with what constitutes and warrants an offensive action in cyberspace.

Many are calling for the U.S. to “strike back” in cyberspace against China and other nations accused of infiltrating American networks. Iran and Russia, in addition to China, are both suspected of having some form of access to the U.S. power grid.

The U.S. is widely known in 2010 to have launched the Stuxnet computer virus — one of the most ruinous known cyberattacks — that disabled almost 20 percent of Iran’s nuclear centrifuges, according to security experts.

Some lawmakers are urging the intelligence community to help create formal “rules of the road” in cyberspace, arguing that letting criminals and nation-state actors know how the U.S. will respond to redline cyber activity will create a deterrent.

“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” Rep. Jim Himes (D-Conn.) said during a September House Intelligence Committee hearing on global cyber threats.

“[It’s critical that] we commit ourselves as a country to lead the establishment of some rules of the road internationally on how warfare and crime is conducted in the cyber realm,” Himes added.

Critics claim that just because the U.S. says that some kinds of cyber activity are unacceptable doesn’t mean that either terrorists, individual hackers or state-based actors will follow the rules.

Director of National Intelligence James Clapper and National Security Agency Director Michael Rogers have pushed back on placing too much responsibility on the intelligence community to create national standards, characterizing such rulemaking as high-level policy decisions.

“The application of cyber in an offensive way is an application of force,” Rogers said during the same September hearing. “In the broad policy context we use as nations, that is a decision that is made at a broad policy level. That’s not a decision I unilaterally decide.”

Osborne also laid out a new plan for £1.9 billion in cyber investment, including a new national cyber center.