The European Union’s 28-nation bloc is in agreement on how to punish hackers.
On Monday, the European Council announced a joint framework, dubbed the “cyber diplomacy toolbox,” to guide how member countries should uniformly respond to malicious cyber-activity, which includes steps to cooperatively impose economic sanctions, travel bans, asset freezes and blanket bans against responsible parties.
“The key principle here is proportionality,” an EU official told CyberScoop. “It is EU member states who would decide what measure should be used depending on the case they would face … This work aims to promote enhanced shared situational awareness, information sharing and efficient decision-making, and should see the development of a procedure for the attribution of cyberattacks in the context of the cyber diplomacy toolbox.”
Use of the “toolbox” is voluntary in nature and any collective response would require unanimous EU member support.
In short, the framework represents an ambitious effort by alliance partners to essentially standardize future response plans, which could be leveraged to isolate a group, country or specific criminal.
“The potential impact is the important factor, both for allies and adversaries. Allies want more security, adversaries will fear isolation and action, whether diplomatic, economic, or military,” explained Comodo Senior Research Scientist Kenneth Geers. “Cybersecurity is fundamentally an international problem, so it requires an international solution. Unanimity is good and bad: hard to achieve, but worth the wait.”
Current international law stipulates that attribution of cyberattacks against EU countries — including those which could be applicable for a response under the aforementioned framework — would be separately pursued by victim countries and other relevant partners. In these cases, however, attribution is especially important because a unanimous assessment would be necessary before collective action can occur.
“A State is free to make its own determination with respect to attribution of a cyber-activity to an actor as long as the attribution is performed in accordance with international law,” an EU official told CyberScoop.
The move comes as Germany prepares for a national election later this year amid reports that Russian intelligence services remain actively involved in influencing domestic affairs.
The recent French election also reportedly included some Russian hacking attempts aimed at relevant political organizations, based on a testimony by National Security Agency Director Adm. Michael Rogers.
The U.S. intelligence community concluded last year that hackers backed by the Russian state broke into and leaked Democratic Party emails as part of an effort to undermine Hillary Clinton’s presidential bid. Russian government officials, including Vladimir Putin, have denied the report’s finding.