The new Executive Order signed by President Barack Obama gives the U.S. the authority to sanction, for the first time, those individuals and other entities located outside the country once they are suspected of committing cyber spying and cyber attacks. These activities are believed to be carried out for the purpose of stealing trade secrets or sensitive data, damaging computer systems and harming critical infrastructure.
The order primarily targets state-sponsored participants and other hackers who seemed not to be covered by U.S. diplomatic or law enforcement channels. Through the new order, the U.S. can execute an action outside the national boundary level against individuals who may have carried out operations that were supported or financed by another nation.
"We don't want to just deter those with their fingers on the keyboard but those who are funding and enabling those groups to carry out their activity," said Michael Daniel, Obama's special adviser on cybersecurity and a member of the National Security Council. "We want to deter those who are paying for it."
The move is the administration's latest response to the recent wave of cyber attacks launched abroad, which targeted a number of companies in the U.S. These include last year's cyber attacks on Sony Pictures Entertainment, Target and Home Depot. The attacks caused damages that reached up to hundreds of millions of dollars.
Prior to the signing of the order, law enforcement officials would nab hackers who have executed cyber attacks from non-U.S. allied nations, such as Ukraine or Russia, by waiting for them to leave their countries and go on a vacation to other places. These officials would often wait until the suspected hacker gets spotted in a country that is willing to cooperate and work with the U.S. to help them in carrying out an arrest. The newly signed order will allow officials to apprehend and punish suspects who usually avoid traveling to countries that support the U.S. government.
"This allows us to target the activity itself wherever it arises," said John Smith, head of the Treasury Department's sanctions programs.
Under the new executive order, sanctioned individuals would be barred from doing business with U.S. banks and companies. Identified hackers would be denied U.S. entry, with their U.S. assets also frozen. Likewise, Treasury investigators would have the power to pursue cyber criminals and treat them the same way they would treat terrorist networks, drug cartels and international criminal groups.
By collaborating with the State Department and the Attorney General, the Treasury Department will have the power to block fund transfer activities between actors located within and outside the U.S. whose attacks have caused damages to the government and its citizens. Lastly, the order will allow the Secretary of the Treasury to address the so-called ransomware operations by targeting payment exchanges that use Bitcoin.
"Malicious cyber activity - whether it be stealing sensitive information, including personal identifiers, or trade secrets - is often profit-motivated," said Lisa Monaco, the President's assistant for cybersecurity and counterterrorism. "By freezing assets of those subject to sanctions and making it more difficult for them to do business with U.S. entities, we can remove a powerful economic motivation for committing these acts in the first place."
Photo: The U.S. Army | Flickr