‘National emergency’: Cyber attackers face new sanctions

(iStockphoto)

Share

Written by

President Barack Obama signed a new executive order Wednesday that declares foreign-based cyber attacks against U.S. networks “a national emergency,” freezes the assets of hackers involved in attacks against critical infrastructure and blocks their entry into the U.S.

The new order “declares a national emergency with respect to the unusual and extraordinary threat to the national security, foreign policy, and economy of the United States posed by the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by, persons located, in whole or in substantial part, outside the United States.”

Obama has authorized the Treasury Department to impose the sanctions on individuals or entities regardless of national origin. The order also covers foreign hackers responsible for, or complicit in, attacks that target corporate trade secrets or customer data belonging to U.S. companies, either for personal or commercial financial gain.

Special Assistant to the President and Cybersecurity Coordinator Michael Daniel told reporters the new order is part of the administration’s larger effort to confront the increasing number of cyber threats facing the U.S.

The order is designed to enable the U.S. to take action “against the worst of the worst … overseas actors” who often reside beyond the reach of U.S. legal authorities, Daniel said. “We will not certainly be using this to target free speech or going after the open Internet. It’s a very targeted and limited authority,” he said. However, it is broad enough to encompass any malicious cyber activity — regardless of country of origin — deemed to pose a significant threat to U.S. security.

And that could also mean foreign companies, Daniel said. “There are companies that hire hackers to steal intellectual property,” he said. But Daniel added that the administration would have to be able to “make the case” that any such attack rose to the level of posing a threat to the nation’s security or economic stability.

Department of the Treasury Acting Director for the Office of Foreign Assets Control John Smith said the order will allow the U.S. government to put a name to those hackers who have hidden behind their online anonymity, but it is not designed to police the Internet or stifle innovation.
“While this authority is powerful, it is a piece of the U.S. government response,” Smith said. “We intend to use this tool judiciously.”

Daniel said that the order has been in the works since the 2014 attack by North Korea against Sony Pictures Entertainment and that the administration’s proportional response to that attack assisted the administration in crafting the language of the order.

The order is the first of its kind that moves a sanctions regime beyond specific nations or foreign individuals, “allowing us to target the activity itself wherever it arises,” Smith said.

The order targets what the White House refers to as the most significant cyber threats the nation faces, “whether they are directed against our critical infrastructure, our companies, or our citizens.”

Specifically, the order takes aim at individuals or entities that engage in cyber attacks or activities designed to:

  • Harm or significantly compromise the provision of services by entities in a critical infrastructure sector.
  • Significantly disrupt the availability of a computer or network of computers (for example, through a distributed denial-of-service attack).
  • Cause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information, for commercial or competitive advantage, or private financial gain (for example, by stealing large quantities of credit card information, trade secrets or sensitive information).

Smith said the sanctions would freeze the assets of targeted individuals or entities, impose a Visa ban and prevent Americans from doing business with or supporting those individuals or entities.

Beyond imposing the sanctions, the order is also designed to provide a deterrent effect for those who might consider conducting such attacks in the future, Daniel said.

Daniel said the sanctions are likely to have a significant impact due to the size and reach of the U.S. financial system. “We also hope that some of our allies consider joining us,” he said.

-In this Story-

Cybersecurity, Government IT News, John Smith, Michael Daniel, Tech, White House
TwitterFacebookLinkedInRedditGoogle Gmail