Cyberattacks Are 'Acts Of War'? EU's Cyberattack Framework Says So

After a number of widespread cyberattacks hit individuals and organizations throughout the region, a number of nations in the European Union have signed on to a diplomatic document that would declare cyberattacks an act of war, the Telegraph reported.

The proposed document, known as the Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities, is intended to not only give members of the EU the formalized ability to respond to an attack but also to serve as a deterrent against such attacks in the first place.

Under the framework, if a member of the EU suffers from a cyberattack, that nation not only have the legal right to defend itself, it also is entitled to assistance from other EU member states. Countries will be able to operate in coordinated efforts to apply diplomatic pressure, issue public condemnation and enact sanctions against attacking countries.

The proposal stops short of allowing the EU to wage war against an attacker but will reportedly refrain from providing firm limitations on how member states can respond and coordinate operations after an attack.

Nation-state attackers operating out of countries like Russia and North Korea are the primary targets of the proposed framework. Government-backed attackers may be forced to back off or rethink attacks if the government fears retribution of some form, including economic sanctions and other policies that may cause hardships.

The EU has been kicking around the idea for such a framework since earlier this summer. The EU's European Council first announced its intention to create the framework in June. At the time, the council said the EU "is concerned by the increased ability and willingness of state and non-state actors to pursue their objectives through malicious cyber-activities."

"Such activities may constitute wrongful acts under international law and could give rise to a joint EU response," a press release from the European Council stated. “The framework is expected to encourage cooperation, facilitate mitigation of immediate and long-term threats, and influence the behavior of potential aggressors in the long term.”

The emergence of the framework for an EU response to a cyberattack comes just days after United Kingdom Security Minister Ben Wallace claimed the UK government is “as sure as possible” that North Korea was behind the WannaCry ransomware attack that spread through the EU and to more than one million computer systems around the world.

The UK specifically felt the full impact of the WannaCry campaign. The nation was one of the early victims to the widespread attack and had a number of critical organizations including hospitals run by the National Health Service knocked offline by the spread of the ransomware.

Just one month after WannaCry, nations in the region again were hit by a cyberattack—this time a wiper known as Petya. While Ukraine took the brunt of the damage during Petya, a number of EU members were also hit by the attack that flat out destroyed computers that it came in contact with, wiping them clean of any information they may have stored.

The attack forced FedEx subsidiary company TNT Express, located in the Netherlands, to temporarily stop operations. The attack resulted in significant delays in services and did millions of dollars of damage to organizations it hit.