Capitol Hill is increasingly concerned about the lack of international laws governing cyber war.
In the last week, a bipartisan group of lawmakers sent the State Department a letter urging greater attention to the issue and one House leader introduced a bill that would require the department to produce a comprehensive cyberspace strategy.
The letter and bill could actually lead to action. The Senate’s recently-passed cybersecurity bill included a companion amendment to the House bill that would mandate a cyberspace strategy from the State Department.
The much-discussed hacks last year on Sony Pictures Entertainment, blamed on North Korea, forced Congress and the government to confront a number of tough questions: How do you classify different types of cyberattacks? How and when should the government respond?
The lack of a playbook in these scenarios quickly became a common topic on Capitol Hill.
The catastrophic intrusions at the Office of Personnel Management (OPM) this summer, which exposed over 20 million federal workers’ most sensitive information, only got more lawmakers talking about the issue.
It’s believed Chinese cyber spies were behind the OPM hit, thought to be the largest government data breach of all time.
Now, lawmakers are stepping up the pressure on the administration.
House HomelandSECURITY Committee Chairman Michael McCaul (R-Texas) last week introduced the International Cyber Policy Act. The bill would mandate a publicly-available State Department strategy on international cyberspace policy.
The measure mirrors a clause that Sens. Cory Gardner (R-Colo.) and Ben Cardin (D-Md.) were able to get into a major Senate cybersecurity bill, the so-called Cybersecurity InformationSHARING Act (CISA), which passed in October by a wide margin.
CISA encourages businesses toSHARE more data on hacking threats with the government. It’s expected to head to President Obama’s desk after being conferenced with two companion House bills that passed in April.
Lawmakers further pressed the State Department on the same issue later last week, in a letter from the top-ranking members of the House Subcommittee on the National Security Agency (NSA) and Cybersecurity, Chairman Lynn Westmoreland (R-Ga.) and ranking member Jim Himes (D-Conn.).
“Nonproliferation agreements were negotiated to curtail the exponential growth of nuclear weaponry during the second half of the 20th Century. Now is the time for the international community to seriously respond again with a binding set of international rules for cyberwarfare: an E-Neva Convention,” said the letter, referencing the long-standing Geneva Convention treaties laying out the rules of war.
All the other Democratic members of the subcommittee — Reps. Patrick Murphy (Fla.), Mike Quigley (Ill.) and Jackie Speier (Calif.) — also signed the letter.
As the missive acknowledges, the White House has not been ignoring the issue.
Administration officials and President Obama himself have repeatedly spoken about the need to establish international cyberspace norms. The administration has also taken some tangible steps.
During a September state visit from Chinese President Xi Jinping, the White House announced an agreement to eliminate corporate hacking for commercial gain.
U.S. officials this summer also strongly pushed for a group of United Nations countries, including cyber adversaries China and Russia, to reaffirm that the UN Charter applies to cyberspace.
But lawmakers insist the administration has to move quickly.
“As we stand now, neither the U.S. nor the global community has clear guidance on how we should differentiate between these various threat levels and how we should appropriately and legally defend ourselves,” said Himes in a statement. “It’s time to create a binding set of international rules to provide that guidance.”