Sanctions for Cyber Attacks: New EU Powers

Does warning cybercriminals of consequences deter them from attacking?

The European Union's EU Council believes that concept is worth a shot.

It just declared a list of sanctions hackers will face if they launch a cyberattack, or attempt to launch one, against the EU and Member States.

Cyberattack specific sanctions

The new cyberattack sanctions aim to hit attackers and "entities" where it hurts, especially the pocketbook.

Restrictive measures include:

•  a ban on persons traveling to the EU
• an asset freeze on persons and entities
• EU persons and entities are also forbidden from making funds available to those listed under sanctions.

EU sanctions focus on outsiders

The cyberattacks must meet the following criteria for attackers to face sanctions:

• originate or are carried out from outside the EU; or
• use infrastructure outside the EU; or
• are carried out by persons or entities established or operating outside the EU; or
• are carried out with the support of person or entities operating outside the EU

Cyberattack targets most likely to lead to sanctions

The sanctions document paints broad brush strokes of industry verticals and sectors that are definite no-nos for a cyberattack:

1. Critical infrastructure, including submarine cables and objects launched into outer space, which is essential for the maintenance of vital functions of society, or the health, safety, security, and economic or social well-being of people
2. Services necessary for the maintenance of essential social and/or economic activities, in particular in the sectors of: energy (electricity, oil and gas); transport (air, rail, water and road); banking; financial market infrastructures; health (healthcare providers, hospitals and private clinics); drinking water supply and distribution; digital infrastructure; and any other sector which is essential to the Member State concerned
3. Critical State functions, in particular in the areas of defense, governance and the functioning of institutions, including for public elections or the voting process, the functioning of economic and civil infrastructure, internal security, and external relations, including through diplomatic missions
4. The storage or processing of classified information
5. Government emergency response teams

If you've got time, you can read the restrictive measures against cyber-attacks threatening the European Union for yourself.

Governments around world getting more aggressive on cybersecurity

The EU's move to sanctions over cyberattacks is part of a global shift we've been writing about. This includes 5 Cyber Changes at U.S. Homeland Security and a Warning to Digital Foes, and many cybercrime indictments in the U.S. since that time.

And nation-states are forming cybersecurity partnerships on a more frequent basis to help each other in the battle against cybercrime.

This includes the recent cybersecurity agreement between Canada and Singapore. Singapore already had agreements with Australia, France, India, the Netherlands, UK, the United States, Germany, and  Japan.

And when 19 Countries Take on the Dark Web, Here's What Happens.

Top 3 cyber threats to the United States

Who are the biggest cyber adversaries of the United States? They are China, Russia, and North Korea. 

And they each want different things from the U.S. and Western nations, according to Major General (Ret.) Brett Williams. 

Watch our interview with the former Director of Ops at U.S. Cyber Command as he explains. We interviewed him at SecureWorld Detroit. 

[RESOURCE: SecureWorld web conferences for CPE credits]