The European Union has prepared a draft diplomatic document—"Framework on a joint EU diplomatic response to malicious cyber activities"—that would recognize cyberattacks, under some conditions, as acts of war. This is less path-breaking than some reports would have it: the framework aligns basically with existing NATO recognition of cyberspace as a domain of conflict within which states can legitimately exercise their right to self-defense. Observers have pointed out, of course, that attribution remains difficult and problematic.
While attribution may be hard, the UK's attribution to North Korea of the WannaCry infestation that troubled Britain's National Health Service earlier this year is offered with high confidence. It drew a foreseeable response from Pyongyang: denial of involvement and righteous promises of retaliation against the slanderers. This puts the UK in the same boat as much of the rest of the civilized world, so when it comes to DPRK retaliation, take a number, Whitehall.
China appears to be shifting rather than limiting its cyber espionage directed against American targets. WIRED reports signs that the Sino-American agreement to limit mutual hacking is being tested by Beijing's recent operations.
Social media companies will testify on Capitol Hill this week, answering questions about how Russian influence operations may have played out in last year's US elections. It appears the Russian efforts were cheap, their effect magnified by intelligent sharing (and "liking").
Oracle has an emergency patch out for its Identity Management product.
No fresh developments in either the BadRabbit ransomware or Reaper botnet stories.