President Barack Obama issued an executive order that would allow the government to impose financial sanctions against cyberattackers, treating malicious cyberattacks in a similar way as physical attacks. Under the order, the US Treasury Department could impose financial and travel sanctions against hackers who threaten national security.
"This Executive Order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities that engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the United States," Obama said in a statement.
According to Reuters, the order gives Obama the same tools to address cyber threats as other threats, "including crises in the Middle East and Russia's aggression in Ukraine."
The sanctions target cyberattacks that originate from outside the country. The New York Times reports that actions that "target critical infrastructure; steal money, trade secrets or personal information; or disrupt computer networks through what are called denial-of-service attacks" would fall under the scope of cyberattacks covered under the executive order. Additionally, foreign companies that knowingly use trade secrets to harm the US economy would also be targeted.
"From now on, we have the power to freeze their assets, make it harder for them to do business with US companies, and limit their ability to profit from their misdeeds," Obama said of the order.
More power for retaliation
The executive order comes just after the Obama administration blamed North Korea in December for a cyberattack discovered in the previous month that crippled Sony Pictures. The attack is believed to be in response to Sony's involvement in "The Interview," a film mocking North Korea leader Kim Jong-un. In January, Obama imposed economic sanctions against North Korea.
The new executive order would give the president additional powers for retaliation in an event of a cyberattack. Rather than focusing on specific countries, the executive order allows the US to focus its efforts on the malicious activity and the individuals, regardless of where the attack originated.
"This allows us to have an executive order that focuses directly on the activities of concern whether they arise in North Korea or another jurisdiction," said White House Cybersecurity coordinator Michael Daniel in a report on CNN. "Obviously cyber incidents tend to flow very easily across international boundaries, so trying to tie that to a particular location just didn't make sense."
Daniel said that the program fills the cybersecurity gap where current means are insufficient, noting that the order will serve as both punishment and deterrent.
The publication reported that Obama will also leverage existing authorities, "including diplomatic engagement, trade policy tools, and law enforcement mechanisms" to fight threats.
- Read our report on what businesses could learn from major data breaches