Bloomberg Law
May 14, 2021, 9:00 AM

Pipeline Attack Raising Pressure for Global Cybersecurity Talks

Andrea Vittorio
Andrea Vittorio

A hack that shut down a major U.S. fuel pipeline will put pressure on global talks to set boundaries for acceptable behavior in cyberspace and hold countries accountable for cybercrimes that stem from their territory, according to the nation’s first cyber diplomat.

The U.S. and other countries have agreed as part of a United Nations effort that medical facilities, energy networks, and other critical infrastructure should be off limits to cyberattacks by governments. The challenge is enforcing such norms by calling out hackers and imposing consequences on them, such as sanctions.

“Unless we have a comprehensive, sustained approach, this is going to continue to happen,” said Christopher Painter, who was previously the top cyber diplomat in the U.S.

That approach should include disrupting hacking groups and going after ransom payment networks, as well as leaning on countries like Russia or China that act as safe havens for hackers, Painter said.

Colonial Pipeline Co., which operates the largest fuel pipeline in the U.S., paid a nearly $5 million ransom after hackers used a type of malware that locks up a victim’s files, according to reporting by Bloomberg News. The incident has caused fuel shortages and lines at gas stations along the East Coast.

President Joe Biden suggested in remarks Thursday that there should be an international standard for governments to act when they know cybercrimes are happening from their territory. That’s where the work of cyber diplomacy comes in, to rally nations around responding to hacks.

Last year, the European Union issued its first sanctions in response to cyberattacks stemming from Russia, China, and North Korea, following similar actions from the U.S.

Acting collectively to punish hackers could help deter further attacks, Painter said.

“The reason this is happening so often is because this has been a cost-free enterprise,” said Painter, who now sits on the Global Commission on the Stability of Cyberspace.

Infrastructure Focus

A cyber-focused UN group issued a report earlier this year that sets the expectation that countries proactively protect their critical infrastructure from cyberattacks and help other countries when theirs is targeted.

“There are some institutions central to everyday life that should be protected from cyberattacks,” said Jim O’Brien, a former U.S. presidential envoy and State Department official. “That’s an issue on which the U.S. can lead.”

Another smaller UN cyber group that counts the U.S., China, and Russia as members is expected to issue its latest findings soon.

The pipeline ransomware attack should trigger a further UN focus on critical infrastructure, said Duncan Hollis, a professor at Temple University Beasley School of Law and a scholar with the Carnegie Endowment for International Peace.

The incident comes in the wake of large-scale cyberattacks on software from Microsoft Corp. and SolarWinds Corp. that impacted government agencies. Those events were blamed on Chinese and Russian hackers. The U.S. imposed sanctions on Russia in response to the SolarWinds hack.

It’s unclear whether a foreign government was involved in the Colonial Pipeline attack, though the hackers are believed to be located in Russia, Biden said Thursday.

Such attacks demonstrate a need for the U.S. government to emphasize diplomacy as a pillar of cybersecurity, according to Hollis, who previously worked at the State Department.

“It’s a defense issue. It’s a national security issue. It’s also diplomatic,” Hollis said. “Are we going to keep escalating? Or are there ways to cooperate or lower the temperature?”

Cyber has become an emphasis for the Biden administration following the back-to-back hacks.

The White House last month named a first-of-its-kind national cyber director and issued an executive order Wednesday aimed at shoring up the security of the government’s software supply chain.

Overseeing Cyberspace

But the administration also is under pressure to name a new cyber diplomat at the State Department to oversee international talks. Painter was the first to hold the role, which he did during the Obama administration. He left State toward the beginning of the Trump administration.

Rob Strayer took over a different version of the department’s cyber role before leaving for a technology trade association. Michele Markoff, a cyber policy veteran, has been leading State’s work with the UN.

The State Department spokesman didn’t comment on plans for the diplomat role.

It’s part of a larger push to reorient the way the department approaches cyberspace.

The House passed a bill last month, H.R.1251, that would establish a bureau at State to oversee cyber issues ranging from security to human rights online. The department established a more narrowly tailored cyber bureau as the Trump administration was ending.

The bill would also make the cyber diplomat a presidentially appointed and Senate-confirmed position, meaning it could stay in place across administrations.

“The bill shows Congress thinks the State Department should have a more prominent and permanent role in shaping behavior in cyberspace,” said Cristin Monahan, cyber vault fellow at George Washington University’s National Security Archive.

A cyber diplomat would be tasked with building alliances with other countries like the U.K., which joined the U.S. in blaming Russia for hacking that compromised software from Texas-based SolarWinds, and negotiating on issues such as China’s theft of intellectual property.

Diplomats are also responsible for setting “rules of the road,” like avoiding attacks on infrastructure, Painter said. Such nonbinding norms could eventually lead to international law that covers cyberspace, though there’s no global treaty today.

“That’s the long game,” he said.

To contact the reporter on this story: Andrea Vittorio in Washington at

To contact the editors responsible for this story: Gregory Henderson at; Kibkabe Araya at