President Barack Obama on Wednesday authorized a new U.S. government approach to deterring cyberattacks: financial sanctions against malicious overseas hackers and companies that knowingly benefit from the fruits of cyberespionage.
The latter category could include state-owned corporations in Russia, China and elsewhere, setting the stage for major diplomatic friction if the sanctions are employed in that way.
“Cyberthreats pose one of the most serious economic and national security challenges to the United States,” Obama said in a statement after signing an executive order creating the first sanctions program aimed at cyberattacks.
The order was the latest attempt by his administration to come up with options short of direct retaliation to deal with a growing cyberthreat coming from both nations and criminal groups. It gives the U.S. the authority to levy sanctions on individuals and companies, though no specific penalties were announced.
“We are excited about this new tool that will allow us to expose and isolate those behind malicious cyberactivity,” said John Smith, who directs the Treasury Department division that will administer the sanctions.
Obama said the sanctions would apply to those engaged in malicious cyberactivity that aims to harm critical infrastructure, damage computer systems and steal trade secrets or sensitive information. To be subject to sanctions, the hacking would have to be deemed to have harmed the national security or the economic health of the U.S.
The sanctions, which would name the targets, seize their U.S. funds and ban them from the American financial system, would also apply to any corporation “that knowingly profits from stolen trade secrets,” the White House said. U.S. intelligence and law enforcement officials have long possessed evidence that state-owned companies in China and elsewhere are complicit in economic cyberespionage that targets the intellectual property of Western companies, but they have largely been unable to act on it.
The administration has “really thought about how to make this painful to the beneficiaries,” of cyberspying, said James Lewis, a cyber expert with the Center for Strategic and International Studies. “They’ve gotten away with this for a long time, so making them suffer a little for stealing is a good idea.”
The announcement follows the Obama administration’s allegations that North Korea was behind last year’s cyberattack on Sony Pictures. The U.S. sanctioned several North Korean individuals in retaliation for the Sony hack, but they were not targeted specifically for their role in that incident.
In February, James Clapper, the director of national intelligence, listed cyberattacks as the most pressing danger facing the country, and he said the cyberthreat from Russia “is more severe than we had previously assessed.”
U.S. officials have been warning of a growing cyberthreats for years. Major U.S. companies, including Target and Home Depot, have been the target of criminal hacking that put consumer information at risk.
About the Author
