On 19 February 2018, Marietje Schaake submitted the following written questions to the Council on the attribution of the NotPetya attack:
Last week, Australia, New Zealand, Canada, Japan, the United States, Denmark and the United Kingdom formally attributed the NotPetya cyberattack to Russia. On the 17th June 2017 the Council adopted Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities, which affirmed that “restrictive measures (..) are suitable for a Framework for a joint EU diplomatic response to malicious cyber activities”
1. Given these determinations of two EU Member States, and five EU-allies, is the EU Council ready to publicly attribute this attack to Russia? If not, why not?
2. What should be the consequences for this attack according to the Council?