New Executive Order Authorizes Sanctions on Cyber Attackers
To address the increasing and damaging tide of what the Administration considers "malicious cyber-enabled activities" originating from abroad, the President issued an Executive Order on April 1 authorizing the imposition of broad economic sanctions on individuals and entities deemed responsible for or complicit in cyber attacks.
The Executive Order empowers the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to sanction individuals and entities responsible for cyber-enabled activities that are reasonably likely to result in or have materially contributed to a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. The Order addresses harm to critical infrastructure, as well as significant disruptions to computers or their networks and the misappropriation of funds or economic resources, personal or financial information, and trade secrets, among others.
While the jurisdiction of the President's Executive Order will likely be reserved for the most significant cyber attacks, the issuance of the Order represents an important expansion of the enforcement tools available to the U.S. government in pursuing the perpetrators of malicious cyber-enabled activities. The Order gives the Administration greater flexibility to deal with harmful cyber attacks, such as the now infamous Sony Pictures hacking incident and also certain state-sponsored cyber attacks, such as the infiltrations of Westinghouse, U.S. Steel, Alcoa, SolarWorld, and the United Steelworkers, which led to the May 2014 Department of Justice indictment of several military officers from China's People's Liberation Army.
Once designated pursuant to the Executive Order, sanctioned parties will appear on the U.S. Department of the Treasury's Office of Foreign Assets Control's (OFAC) Specially Designated Nationals (SDN) List, which features entities whose assets have been frozen and are barred from engaging in commercial transactions with U.S. companies. While no entities have yet been designated under these new sanctions, U.S. persons should continue to monitor the U.S. government prohibited parties lists and remain vigilant in conducting due diligence research and compliance checks.
The text of the President's Executive Order can be found here.