Obama Signs Executive Order for Cyber-security Sanctions

The U.S. government is now set to use sanctions as yet another tool to defend American interests against cyber-attacks.

U.S. cyber-security sanctions

President Obama today announced a new sanctions program to take action against cyber-atttackers that threaten the United States. The move is intended to provide another tool for the government to help protect American interests.

In a White House blog post, Lisa Monaco, assistant to the president for Homeland Security and Counterterrorism, explained that the new executive order signed by President Obama, "authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States."

The new executive order follows an order signed in February, to expand information sharing.

Monaco wrote that malicious cyber-activity is often profit-motivated and the new sanctions program takes aim at limiting the ability of threat actors to profit from their activities.

"By freezing assets of those subject to sanctions and making it more difficult for them to do business with U.S. entities, we can remove a powerful economic motivation for committing these acts in the first place," Monaco wrote. "With this new tool, malicious cyber actors who would target our critical infrastructure or seek to take down Internet services would be subject to these costs when designated for sanctions."

Just because the U.S government now has the ability to issue economic sanctions doesn't mean that it is an action that will be taken often. The goal of the new sanctions is to use them only against the worst offenders and threats. Monaco emphasized that sanctions will not be used to limit freedom of expression online or to penalize legitimate cyber-security researchers.

"It is designed to be used in conjunction with our other authorities—including law enforcement and diplomatic efforts—to help deter and disrupt the worst of the cyber-threats that we face," Monaco said.

The U.S. Department of Justice has made use of legal tools to go after alleged cyber-attackers in the past. In May 2014, the Justice Department filed a legal indictment against five officers attached to the Chinese People's Liberation Army (PLA) Unit 61398. To date, however, none of the alleged Chinese attackers has been brought to justice in the United States.

In an email statement sent to eWEEK, Corey Thomas, CEO at security specialist Rapid7, applauded the new executive order for providing a means for the U.S. government to penalize and deter criminal acts that can't easily be meaningfully addressed otherwise.

"Only time will tell whether it's able to do this successfully, but at first blush, the framework looks pretty reasonable," Thomas stated. "It includes thresholds for the harm that must be caused in order to pursue this kind of penalty, as well as details on the process for vetting perpetrators."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.