Last week, Australia, New Zealand, Canada, Japan, the United States, Denmark and the United Kingdom formally attributed the NotPetya cyberattack to Russia. On 17 June 2017, the Council adopted conclusions on a framework for a joint EU diplomatic response to malicious cyber activities, which affirmed that restrictive measures ‘are suitable for a Framework for a joint EU diplomatic response to malicious cyber activities’.
1. Given the above declaration by two EU Member States and five EU allies, is the EU Council ready to publicly attribute this attack to Russia? If not, why not?
2. In the Council’s view, what should be the consequences of this attack?