The recent ransomware attacks on U.S. industries have sparked renewed talk of an international cyber agreement that could set rules for what's permissible, and spell out sanctions for violators.