Langevin Statement on First European Union Cyber Sanctions

Jul 30, 2020 Issues: Cybersecurity

Warwick, R.I. – Congressman Jim Langevin (D-RI), a member of the United States Cyberspace Solarium Commission and a senior member of the House Armed Services and Homeland Security Committees, released the following statement regarding the Council of the European Union’s announcement that it will be sanctioning three entities and six individuals in connection with malicious cyber activity, including the targeting of the Organisation for the Prohibition of Chemical Weapons and WannaCry, NotPetya, and Operation Cloud Hopper:

“Global stability in cyberspace is contingent upon responsible state actors following appropriate norms of behavior and taking action against countries that flout those norms. The EU Council’s first-ever use of its “cyber diplomacy toolbox” is an historic step in ensuring a norms-based international order applies in cyberspace, and I commend the Council for its action. China, Russia, and North Korea have all consistently shown a blatant disregard for principles of restraint in cyberspace endorsed by the United Nations. The cyber intrusions cited by the Council today resulted in billions of dollars in damages to corporate and government networks. NotPetya, the most damaging cyber incident in history, cost European companies like Maersk and Mondelez hundreds of millions of dollars each, and Operation Cloud Hopper resulted in the loss of untold quantities of intellectual property. Rogue actors in cyberspace must be held to account, and the Council’s decision represents Europe’s unified commitment to doing so.

“However, I must also register my disappointment in the delay it took for the Council to use the restrictive measures authorized under the cyber toolbox’s legal framework. The WannaCry and NotPetya malware, for instance, were both released in the first half of 2017, and we have known the culprits were the North Koreans and the Russians, respectively, for almost as long. Like-minded nations that believe that cyberspace is not the “Wild West” must work together to take swift and decisive action in the face of continued belligerence from countries seeking to benefit from “gray zone” conflict in cyberspace. I urge the Council to publicly commit to working to reduce the time between incident and response.

“The Cyberspace Solarium Commission report highlights that international diplomacy is key to deterrence. The United States and the European Union must continue to work together to use all instruments of national power to enforce cyber norms and shape our adversaries’ behavior in this new domain. Today’s sanctions are an important milestone, but much work remains to be done.”