The framework on a joint EU diplomatic response to malicious cyber activities would seem to raise the stakes significantly on state-sponsored attacks, especially those focused on critical infrastructure.
Security minister Ben Wallace claimed last week that the UK government is “as sure as possible” that North Korea was behind the WannaCry ransomware attacks in May that crippled over a third of NHS England, forcing the cancellation of thousands of operations and appointments.
The suspected state-sponsored group known as Dragonfly has also been active of late probing US energy facilities.
That said, definitive attribution in cyberspace is very difficult, making the framework appear largely symbolic.
It brings the EU in line with Nato moves in the past establishing cyber as a legitimate military domain, meaning an online attack could theoretically trigger Article 5, the part of its treaty related to collective defense.
That states that an attack on one member is an attack on all 29 allies.
McAfee chief scientist, Raj Samani, claimed the move was unsurprising considering WannaCry and the likely state-backed attacks on French and German elections.
“While it is important to define cyber-attacks that are used for espionage or disruption as they would be when committed by physical actors, the greatest challenge that countries have will be in identifying and proving that the malicious actors that caused the cyber-attack have direct links to governmental organizations – something that these groups will be even more keen to conceal going forward,” he added."
I'm expecting the USA to follow with a similar statement, to function as an additional deterrent against the recent spate of Russian and North Korean
The vast majority of Russia's attacks start with social engineering and spear phishing attacks.