Strategy includes travel bans and asset freezing
The European Council is to extend certain sanctions for three more years, with the aim of deterring cyber-attacks.
The council says that the move will improve the EU’s ability to “prevent, discourage, deter, and respond to” malicious cyber activity. This extension is a departure from previous policy, which required annual renewals.
The sanctions regime currently applies to four “entities” and eight individuals with measures including travel bans and asset freezing. The framework was set up in 2019 and forms part of the EU’s “cyber diplomacy toolbox”.
In 2020, the EU sanctioned two individuals and an entity for their part in a 2015 cyber-attack against Germany’s parliament, the Bundestag.
Security bodies have so far welcomed the sanction move.
“The commitment to a sanctions regime shows that the EU continues to recognize the combined importance of cybersecurity and enabling technologies within the bloc,” Jon France, CISO at (ISC)2 told The Daily Swig.
“In the face of the continued conflict in Ukraine, which involves a cybersecurity/cyber-attack element, it is unsurprising that the bloc wishes to retain sensible sanctions and measures, not only to deter escalation towards the EU and its member countries but also to encourage others to continue to protect their own cyber assets.”
However, observers’ views on the effectiveness of sanctions against cybercriminals are mixed. Identifying attackers to the standards required by criminal law remains difficult.
A 2021 report by the Stiftung Wissenschaft und Politik, the German Institute for International and Security Affairs, found that attribution is time consuming; relies on intelligence, including from NATO partners; and is make more difficult by the varying technical and intelligence capabilities across member states.
According to security expert, Mike Jones, aka the ‘h4unt3d hacker’, relatively few governments apply sanctions against cybercriminals – these include the US and UN as well as the EU. Even where countries do have a sanctions regime, the process for identifying targets is often kept secret, he says.
“The various intelligence agencies do a lot of this work in secret hidden from the public until the operation is complete,” Jones told The Daily Swig.
And sanctions themselves might only have a limited impact.
“Sanctioning an actor’s finances and ability to travel can make things difficult, however, criminals do not follow the law and will find other means,” he notes. This includes using cryptocurrencies.
“It may hinder movement or financial operations for a short period but they will assume new identities, find other ways to carry out transactions, and recruit new individuals that are not on the sanctioning radar to carry out their operations.”
Jones suggests that as well as sanctions, governments need to take a more active approach.
“By destroying network infrastructure, infiltrating their communications, and planting moles in the various groups this will cause distrust among the actors and eliminate the operations and force the groups to recollect and build new infrastructure,” he said.