An Executive Order signed by President Barack Obama on April 1 is the latest in a series of moves by the U.S. government to help impede cyber-criminal activity aimed at the United States.
The order gives the Treasury Department, working with the Attorney General and the State Department, the power to block the transfer of funds between entities inside and outside the U.S. that attack computers or networks to steal money, trade secrets, personal information or other data to the detriment of the government and its citizens.
The order officially declares an emergency and includes other broad powers, such as the ability to block travel to the U.S. by people involved in such attacks. The order specifically includes the ability to block donations to groups that carry out such activities.
The action is clearly aimed at providing greater consequences for people or organizations that break into U.S. computers in an attempt to profit from the activity. This would include groups that steal credit card numbers or other personal information in cyber-attacks, such as those launched again Home Depot or Target.
The order also covers attempts to steal corporate information, such as the endless attacks by the Chinese army against U.S. defense contractors and it would even include Distributed Denial of Service attacks against Websites and networks in the U.S.
The order's specific goals are described in a sort of FAQ published by the White House along with the order. In that document, the White House explains that the new order would limit the ability of organizations involved in such attacks to do business with U.S. companies in addition to their ability to transfer money out of the U.S.
While the activities of ransomware operations are not specifically mentioned, this order would allow the Secretary of the Treasury to target Bitcoin exchanges that are used as a way to pay those ransoms.
For the most part, however, the attention of the government will be aimed at cyber-attacks against critical infrastructure, major networks and Websites. It's worth noting that the order specifically protects people who are innocent participants, such as those who have computers that are used by botnets, and extends protection to security researchers.
In a statement issued in conjunction with the EO, Lisa Monaco, the President's assistant for cyber-security and counterterrorism, said that the order was first and foremost intended to hurt criminals in the pocketbook.
"Malicious cyber activity—whether it be stealing sensitive information, including personal identifiers, or trade secrets—is often profit-motivated," Monaco said in a prepared statement. "Because those responsible want to enjoy the ill-gotten proceeds of their activities, sanctions can have a significant impact. By freezing assets of those subject to sanctions and making it more difficult for them to do business with U.S. entities, we can remove a powerful economic motivation for committing these acts in the first place."