Focusing on overseas cyber threats, President Obama issued an Executive Order on April 1, 2015, which grants authorization to impose sanctions on individuals and entities engaged "in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the United States." According to President Obama, these "targeted sanctions, used judiciously, will give [the U.S. government] a new and powerful way to go after the worst of the worst."
In a statement made during the signing of the new Executive Order, President Obama specifically identified recent cyber threats from Russia, China, North Korea, and Iran as providing the urgency behind the White House’s latest action. While the Obama Administration has – as was the case with North Korea for its attack on Sony in 2014 – sanctioned individuals as a way of punishing foreign regimes, the new Executive Order, for the first time, provides the U.S. government with the ability to freeze the assets of any individual responsible or complicit in cyberattacksthat pose a significant threat to U.S. national security, foreign policy and economic stability.
While the new Executive Order does not require companies to adopt any specific new protocols, it underscores the need for any entity subject to the Treasury Department’s Office of Foreign Assets Control (OFAC) to adopt and keep up-to-date tailored, risk-based OFAC compliance programs. Specifically, businesses engaged in online transactions must do their due diligence with respect to screening OFAC’s Specially Designated Nations (SDN) list, which is updated on a regular basis.