FireEye CEO calls for US to establish doctrine laying out consequences for cyberattacks

'Folks have to know the rules of the game,' CEO Peter Mandia says, after SolarWinds breach

Kevin Mandia, CEO of cybersecurity firm FireEye, called for the U.S. to establish a clear doctrine to put the world on notice that there will be consequences if foreign governments engage in cyberattacks.

Mandia spoke to CBS' "Face the Nation" Sunday after his company discovered that a highly sophisticated breach took place against SolarWinds, whose IT products he said are used by 300,000 companies. U.S. government agencies were also affected by the attack.

HACKERS' BROAD ATTACK SETS CYBER EXPERTS WORLDWIDE SCRAMBLING TO DEFEND NETWORKS

"Well I think you have doctrine," Mandia said when asked how future attacks can be prevented. "That's why we have doctrine for things like the use of chemical weapons. You saw what happened when somebody used chemical weapons in Syria, there was retaliation. Folks have to know the rules of the game, and the problem in cyber is we're not doing the work to come up with the doctrine. If you publish your doctrine -- we're uniquely vulnerable to cyberspace, we're the ones in the glasshouse -- these attacks will continue to escalate and to get worse if we do nothing."

WHAT IS SOLARWINDS? A LOOK AT THE HACKED SOFTWARE COMPANY IN CROSSHAIRS

"If you don't communicate the rules of the game: here's the doctrine and here's the penalty when you violate it, we're going to see the borders continue to be pushed outward in cyberattacks to the point where when do we finally do the work? When it's already intolerable? When it already got so bad that we have no choice but to respond."

In order for doctrine to be effective, Mandia noted, you need proper attribution of a cyberattack to determine where to respond.

Secretary of State Mike Pompeo has said that Russia was behind this attack. Mandia would not definitively say who he believes did it. He agreed that the attack was consistent with past efforts by Russian intelligence, but stressed the need to be 100% certain before speculating.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

CLICK HERE TO READ MORE ON FOX BUSINESS

Mandia discussed just how complex the attack was, noting that it appeared to have begun with a breach in October 2019 when SolarWinds code was changed. In March 2019, malicious code was then inserted.

"This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house," he said.