A hack that shut down a major U.S. fuel pipeline will put pressure on global talks to set boundaries for acceptable behavior in cyberspace and hold countries accountable for cybercrimes that stem from their territory, according to the nation’s first cyber diplomat.
The U.S. and other countries have agreed as part of a United Nations effort that medical facilities, energy networks, and other critical infrastructure should be off limits to cyberattacks by governments. The challenge is enforcing such norms by calling out hackers and imposing consequences on them, such as sanctions.
“Unless we have a comprehensive, sustained approach, this is going to continue to happen,” said Christopher Painter, who was previously the top cyber diplomat in the U.S.
That approach should include disrupting hacking groups and going after ransom payment networks, as well as leaning on countries like Russia or China that act as safe havens for hackers, Painter said.
Colonial Pipeline Co., which operates the largest fuel pipeline in the U.S., paid a nearly $5 million ransom after hackers used a type of malware that locks up a victim’s files, according to reporting by Bloomberg News. The incident has caused fuel shortages and lines at gas stations along the East Coast.
Last year, the European Union issued its first sanctions in response to cyberattacks stemming from Russia, China, and North Korea, following similar actions from the U.S.
Acting collectively to punish hackers could help deter further attacks, Painter said.
“The reason this is happening so often is because this has been a cost-free enterprise,” said Painter, who now sits on the Global Commission on the Stability of Cyberspace.
A cyber-focused UN group issued a report earlier this year that sets the expectation that countries proactively protect their critical infrastructure from cyberattacks and help other countries when theirs is targeted.
“There are some institutions central to everyday life that should be protected from cyberattacks,” said Jim O’Brien, a former U.S. presidential envoy and State Department official. “That’s an issue on which the U.S. can lead.”
Another smaller UN cyber group that counts the U.S., China, and Russia as members is expected to issue its latest findings soon.
The pipeline ransomware attack should trigger a further UN focus on critical infrastructure, said Duncan Hollis, a professor at Temple University Beasley School of Law and a scholar with the Carnegie Endowment for International Peace.
The incident comes in the wake of large-scale cyberattacks on software from
It’s unclear whether a foreign government was involved in the Colonial Pipeline attack, though the hackers are believed to be located in Russia, Biden said Thursday.
Such attacks demonstrate a need for the U.S. government to emphasize diplomacy as a pillar of cybersecurity, according to Hollis, who previously worked at the State Department.
“It’s a defense issue. It’s a national security issue. It’s also diplomatic,” Hollis said. “Are we going to keep escalating? Or are there ways to cooperate or lower the temperature?”
Cyber has become an emphasis for the Biden administration following the back-to-back hacks.
But the administration also is under pressure to name a new cyber diplomat at the State Department to oversee international talks. Painter was the first to hold the role, which he did during the Obama administration. He left State toward the beginning of the Trump administration.
Rob Strayer took over a different version of the department’s cyber role before leaving for a technology trade association. Michele Markoff, a cyber policy veteran, has been leading State’s work with the UN.
The State Department spokesman didn’t comment on plans for the diplomat role.
It’s part of a larger push to reorient the way the department approaches cyberspace.
The House passed a bill last month, H.R.1251, that would establish a bureau at State to oversee cyber issues ranging from security to human rights online. The department established a more narrowly tailored cyber bureau as the Trump administration was ending.
The bill would also make the cyber diplomat a presidentially appointed and Senate-confirmed position, meaning it could stay in place across administrations.
“The bill shows Congress thinks the State Department should have a more prominent and permanent role in shaping behavior in cyberspace,” said Cristin Monahan, cyber vault fellow at George Washington University’s National Security Archive.
A cyber diplomat would be tasked with building alliances with other countries like the U.K., which joined the U.S. in blaming Russia for hacking that compromised software from Texas-based SolarWinds, and negotiating on issues such as China’s theft of intellectual property.
Diplomats are also responsible for setting “rules of the road,” like avoiding attacks on infrastructure, Painter said. Such nonbinding norms could eventually lead to international law that covers cyberspace, though there’s no global treaty today.
“That’s the long game,” he said.