Last year, the U.S. government and several private U.S. companies suffered a devastating cyberattack, likely conducted by Russia. It took place through SolarWinds, a U.S. information technology firm, and went undetected for almost nine months. Up to 18,000 SolarWinds customers installed an update that created a backdoor, allowing hackers to install malware and spy. U.S. national security agencies deem the breach significant and ongoing, and the Biden administration has talked about imposing sanctions against Russia.

Sanctions may seem appropriate, but we risk a cycle of escalation. We need a more comprehensive approach. The United States needs to take the lead in creating a cybersecurity convention – a convention to encourage cyber peace, and to set specific internationally agreed consequences for cyberattacks.

It is time for the United States and its allies to clearly define a “cyberattack.” There must be regulations that explain how all countries involved will sanction any country that conducts a cyberattack. An international convention is the best response for minimizing attacks and stabilizing cyberspace for several reasons.

First, a multilateral approach is necessary to mitigate cybersecurity threats. The cybersphere transcends state borders; no country can face cyber threats alone. If countries agree to stand down from cyberattacks, the international community can then shift its focus to non-state actor criminal activity that also needs urgent attention.

Second, the creation of international norms would enable NATO and other multilateral organizations to reach a consensus on what constitutes an attack. An international standard would offer consistency and measured responses.

Finally, a convention serves as an ongoing effort. Creating a convention means that other nations can choose to sign after initial members agree on the terms. Since not all signatories have to be involved in the creation stage, negotiations on definitions and redlines will be more likely to succeed, without limiting who can join after.

An international convention on cybersecurity would not directly counter Russia’s SolarWinds hack but would offer stability and decrease the chance of a U.S.-Russia cyberwar. If the United States imposes sanctions, Russia will likely respond either in kind or by escalation – putting civilian lives at risk. The United States must look ahead and establish regulations for any future attacks.

Additionally, a successful convention will strengthen the global economy, by reducing the number of damaging cyberattacks. Cybercrimes cost the global economy over $1 trillion, more than 1% of global GDP. This figure is up 50% since 2018. If the international community prioritizes working together, it can mitigate this financial loss.

A convention on cybersecurity will promote international stability and sets clear redlines and consequences for those who conduct cyberattacks. The United States should take the lead in its creation. An eye for an eye response to aggression means that all of us will be blind. A far better response is an international cyber convention that contributes to lasting peace.