Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Obama Signs Executive Order Authorizing Sanctions to Combat Cyberattacks

Executive Order: Cyber Attack Response

President Obama on Wednesday signed a new executive order which authorizes the U.S. government to block the financial assets of malicious actors involved in cyber attacks against US targets.

Executive Order: Cyber Attack Response

President Obama on Wednesday signed a new executive order which authorizes the U.S. government to block the financial assets of malicious actors involved in cyber attacks against US targets.

According to the White House, the new program authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to “sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States.”  

“Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit,” President Obama wrote in a blog post.  

“From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds.”

According to the White House, the new executive order is specifically designed to be used to go after the “most significant malicious cyber actors” and something that would not be used use every day.

“Law-abiding companies have absolutely nothing to worry about; for them, it’s business as usual. We will never use it to try to silence free expression online or curb Internet freedom,” Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, wrote in a blog post on the White House web site. “Nor will this authority be used to go after legitimate cybersecurity researchers or innocent victims whose computers are compromised. It is designed to be used in conjunction with our other authorities — including law enforcement and diplomatic efforts — to help deter and disrupt the worst of the cyber threats that we face.”

The Executive Order will help address and respond to significant cyber attacks, which could include:

• Harming or significantly compromising the provision of services by entities in a critical infrastructure sector

• Significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack

• Misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain

• Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain

• Attempting, assisting, or providing material support for any of the harms listed above

“The President’s Executive Order is intended to provide a means for the US Government to penalize and deter criminal acts that can’t easily be meaningfully addressed otherwise. Only time will tell whether it’s able to do this successfully, but at first blush the framework looks pretty reasonable,” Corey Thomas, CEO of Rapid7, told SecurityWeek. “It includes thresholds for the harm that must be caused in order to pursue this kind of penalty, as well as details on the process for vetting perpetrators.”  

Thomas also explained the importance that the Department of Treasury said it doesn’t intend to pursue security researchers under this order.   

“Security research is essential for understanding how cyber attackers operate, and identifying issues that provide them with opportunities for exploitation,” Thomas said. “The findings help businesses and consumers protect themselves, yet in order to do this, researchers have to behave like attackers, and this can lead to legal complications and uncertainty.

“It’s challenging to create policy that protects researchers without providing a ‘backdoor’ for criminals, so it’s a positive step to see the Government clearly distinguishing between types of actors and committing upfront to not pursue researchers,” Thomas said.

While the executive order gives the government a new tool to deter malicious attacks, the challenge lies in knowing who to punish, security experts warned.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Privacy

A top U.S. intelligence official on Thursday urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying...