NCSC chief executive says that, while the creation of new international standards is not imminent, the UK would not rule out assisting their creation in the longer term

Charles Édouard Armand-Dumaresq’s painting of the signing of the first Geneva Convention in 1864   Credit: Public domain

The chief executive of the National Cyber Security Centre Ciaran Martin has claimed that, under the right circumstances, “the UK would be up for” discussions about the creation of international law akin to a Geneva convention for cyberspace.

However, Martin said that it is unlikely that such a document could materialise in the near future – nor does the UK consider it a priority.

The Geneva conventions – the most recent versions of which have endured since 1949 – are a group of treaties that outline international standards for the humanitarian treatment of both civilians and military personnel during wartime, and the rights that should be extended to enemy combatants and citizens.

As cyberattacks have increased in their sophistication and impact – including the dawn of coordinated nation-state assaults on critical national infrastructure – some onlookers have argued that the digital world requires similar internationally ratified standards of acceptable conduct.

Related content

• UK and US authorities unite to ‘hold Russia to account’ for sustained cyber offensive
• NHS cyber attack a ‘wake-up call’ for government
• NCA cybercrime unit looks to deepen ties with Russia’s neighbours

NCSC is this week hosting in Glasgow its annual CyberUK conference, including a world-first public discussion involving cyber-specialist representatives of all members of the Five Eyes intelligence alliance: the UK; New Zealand; Australia, Canada; and the US.

The on-stage conversation touched on the challenges of trying to perpetuate recognised standards of behaviour and create deterrents to breaking them – chiefly via attributing attacks.

Shortly after the discussion, PublicTechnology asked Martin if he thought a digital Geneva convention is required to do this – or if creating such a thing is even feasible.

“I think you heard in the Five Eyes panel that there are countries that, by and large, behave towards some form of internationally acceptable norms and behaviour – and countries that don’t,” he said. “I think that the prospects of that sort of process (a digital Geneva Convention) taking off at large-scale, intergovernmental level in the short term aren’t very high – that is an assessment, rather than a view. Who knows? I think it is probably a long-term issue.”

The NCSC chief added that, while the UK would be willing to take part in discussions about the creation of international standards, the cyber agency has other priorities at the moment.

“For an organisation like us, it is a question of where do we focus our efforts? And I think there are two [areas],” he said. “One is informal alliances of like-minded countries trying to do things… [such as] standards and so forth. Then, secondly, just trying to do a global effort to make technology a bit safer.”

On top of which, cyberspace is not outside the jurisdiction of existing international law, Martin said.

“I wouldn’t rule anything out in the long run,” he added. But… the now-digital secretary [Jeremy Wright], when he was attorney general – if you look at his speech last year about the applicability of international law in cyberspace – that is the starting point: international law applies in cyberspace. The question is how, not if. I think that’s a starting point for our approach. And if, over time, the conditions are right and something happens [along the lines of a new digital convention], I’m sure the UK would be up for that sort of discussion.”