Democrats on the House Intelligence Committee on Thursday urged intelligence community leaders to help create international rules of engagement, similar to the Geneva Conventions, for cyber warfare.
“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” Rep. Jim Himes (D-Conn.) said at a Thursday committee hearing on global cyber threats.
While Himes put the onus on Congress to push for such international norms, he suggested that the intelligence community has so far neglected to help create clear set of standards.
Rep. Adam SchiffAdam Bennett SchiffJan. 6 panel faces new test as first witness pleads the Fifth Jan. 6 panel releases contempt report on Trump DOJ official ahead of censure vote The Hill's Morning Report - Presented by Facebook - Biden to update Americans on omicron; Congress back MORE (Calif.), the ranking Democrat on the committee, and Himes said a number of high-level policy questions about how the U.S. treats cyberspace are still unanswered.
Experts say there are three distinct kinds of cyber intrusions: corporate espionage intended to financially benefit foreign companies, hacks intended to do damage to infrastructure and traditional intelligence-gathering efforts performed by nation-states.
“For many of our adversaries in this realm, like the Chinese, there’s a benefit to blurring the distinctions here,” Schiff said. “If they can blur the distinctions, they can justify anything they do. It seems to me it’s in our best interest to draw a line between economic espionage and intelligence gathering. Shouldn’t we make clear what the rules of the road are?”
The congressmen asked how the U.S. should treat those kinds of cyber activity differently — whether, for example, stealing classified information would constitute an act of war and at what point a cyberattack would result in a response beyond cyberspace.
Director of National Intelligence James Clapper and National Security Agency Director Michael Rogers pushed back on placing too much responsibility on the intelligence community to create international standards, characterizing such rulemaking as high-level policy decisions.
“The application of cyber in an offensive way is an application of force,” Rogers said. “In the broad policy context we use as nations, that is a decision that is made at a broad policy level. That’s not a decision I unilaterally decide.”
Himes indicated that on a policy level, the creation of international standards is achievable because it benefits other countries to have some understanding of how the U.S. will respond to cyber intrusions.
“[It’s critical that] we commit ourselves as a country to lead the establishment of some rules of the road internationally on how warfare and crime is conducted in the cyber realm,” Himes said.
Clapper and Rogers both suggested that such norms will evolve over time.