A regime for “cyber sanctions” is taking shape — and it could already hit mischievous election hackers in May. The European Union is closing in on a procedure that would allow it to sanction foreign hacker groups when they target the upcoming EU election. A plan drafted by the EU’s diplomatic service has been presented to national cyber experts and will be forwarded to foreign affairs attachés later this month, three officials briefed on the plan told POLITICO, asking not to be named because of the sensitivity of the ongoing talks. The measures would not only allow EU countries to slap sanctions on hacker groups that succeed in intruding into IT systems, but also those attempting to get in, like the suspected Russian intelligence officers who allegedly plotted but failed to hack into the Hague-based Organisation for the Prohibition of Chemical Weapons last year, the officials said.
Once operational, the EU measures would target individual hackers as well as state-linked groups with commercial bans and financial restrictions, like freezing assets. It would allow the EU to finally flex its economic muscle against a rising threat of foreign cybersecurity attacks.
“Having sanctions as one of the tools in the toolbox is important. We need to have a variety of tools,” said Chris Painter, a former U.S. State Department official who shaped a similar American regime under Barack Obama’s presidency. “You have law enforcement tools, you have diplomatic tools. But you have to have economic tools too.”