WASHINGTON — The international community needs to quicken its attribution of malicious cyber activity to enforce norms in cyberspace, Rep. Jim Langevin said Wednesday at CyberCon.
“If you wait two or three years before you can take action, it loses its effectiveness,” Langevin said at the event hosted by C4ISRNET. “The message needs to move quickly if you want it to be heard.”
The Democrat from Rhode Island serves as the chairman of the Subcommittee on Intelligence and Emerging Threats and Capabilities, and he is a commissioner on the Cyberspace Solarium Commission.
The commission, a bipartisan organization created by Congress in 2019 to develop a multipronged U.S. cyber strategy, adopted the approach of “layered deterrence.” The first layer seeks to shape behavior, calling for America to work with other nations to promote responsible behavior in cyberspace.
Langevin explained that speedy naming and shaming hasn’t been standard because attribution has proved difficult. However, nations, including the United States, have gotten better and more detailed at attributing action.
But going forward, Langevin said, nations should be more willing to go public with less confident attribution. He said nations have resources at their disposal beyond cyber forensics, such as signals and human intelligence, to aid in attributing a particular cyber incident.
As an example of this approach, Langevin cited the quick attribution to Russia for the poisoning of Sergei Skripal, a former Russian military officer and double agent, in the United Kingdom.
“We didn’t have perfect intelligence there, but countries were able to connect enough of the dots, had high enough confidence that you went from chemical weapons attack to major international response over the course of just a couple of weeks,” he said. “That’s what I’m talking about in terms of dealing with agility in moving decisively.”
Langevin also addressed what he’d like to see from a Joe Biden administration, should the Democratic contender win the presidential election Nov. 3. First and foremost, he’d like to see a potential Biden administration give greater attention to cyberthreats facing the nation.
“I really also hope that a Biden administration will leverage the State Department and [be] more forward-leaning [in] working with our international partners and allies in establishing rules of the road,” he said. “Beyond that, I also hope that a new bureau of cyberspace security and emerging technologies headed by an assistant secretary at the State Department will be created.”
He’d also like to see more pressure on nations like Russia that continue to achieve “wins,” as he put it, on the international stage. As examples, he pointed to Russia’s push for a cyber treaty and its creation of the Open-ended Working Group at the United Nations, which rivals the Group of Governmental Experts that was established in 2019 and sought to develop global norms for cyberspace.
Some actions by the Trump administration, such as removing the cyber coordinator position on the National Security Council and demoting the coordinator for cyber issues at the State Department, “hinders our ability to influence international conversations that have suffered as a result,” he said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.