Rep. Jim Langevin, D-R.I., chairman of the House Armed Services Committee’s Subcommittee on Intelligence and Emerging Threats and Capabilities, voiced support at a July 30 subcommittee hearing for the European Union’s placement of sanctions on Russian, Chinese, and North Korean entities for their role in high-profile cyber attacks.
“I applaud the example set by our European partners in approaching cyber in novel and holistic ways as recently as today with the announcement of the first-ever sanctions issued through the European Union against six individuals and three entities responsible for the ‘WannaCry,’ ‘NotPetya,’ and ‘Operation Cloud Hopper’ attacks,” the congressman said.
The EU announced the sanctions on July 30 against four members of Russia’s military intelligence agency, and two Chinese nationals for separate attacks, which effected the EU or its member states. An additional entity from each China, Russia, and North Korea were also listed.
“We are getting better at attribution,” said Rep. Langevin, who co-founded the Congressional Cybersecurity Caucus in 2008, and who serves as a member of the Cyberspace Solarium Commission. “What we do need to do though is shorten the timeline between incident and our response,” he said.
The Operation Cloud Hopper attacks, which targeted information systems of multinational companies in six continents, were linked by the sanctions to individuals and an entity in China. The earliest of the “WannaCry” attacks, linked in the sanctions to a North Korea-based group, date back to 2016. The “NotPetya” attacks, linked to Russia’s military intelligence agency in the sanctions, and directed primarily against Ukraine, also date back several years.
“There’s such a long lag between action and consequence,” said Rep. Langevin. “The United States, Europeans, our partners, we need to work more quickly to close that gap between action and response.”
The first-ever EU sanctions against cyber attacks include a travel ban and asset freeze to the individuals, and an asset freeze to the entities, according to the EU’s foreign policy chief Josep Borrell. The sanctions prohibit making funds available to those listed in the sanctions.
“We will continue to strengthen our cooperation to advance international security and stability in cyberspace, increase global resilience and raise awareness on cyber threats and malicious cyber activities,” said Borrell, in a statement.
