President Obama signed an executive order enabling the administration to mete out harsh penalties against foreigners who perpetuate malicious cyberattacks that significantly threaten the national security, foreign policy, economic health or financial stability of the United States.
After a marked increase in the frequency and sophistication of high-profile foreign cyberattacks targeting U.S. businesses, companies have requested the U.S. government to strengthen its deterrents for cyberattacks, especially for those that are state-sponsored. The order expands the set of tools available to the government by declaring “significant malicious cyber-enabled activities” a “national emergency” and empowering the Treasury Department to freeze assets and impose other sanctions on foreigners participating in cyberattacks. These sanctions are calculated to deter cyberattacks by removing attackers’ economic incentives.
Additionally, the order empowers the Treasury Department to sanction those who knowingly receive or use information that was stolen through a cyberattack, or provide any assistance in an attempted cyberattack.
The broad description of the sanctions program suggests it potentially may apply to any cyberattack by overseas hackers, as they often target economic resources, trade secrets, personal identifiers, and financial information—all of which may significantly threaten U.S. interests. While the order expands the tools available to combat cyberattacks, it does not create any new civil causes of action.
A copy of the executive order is available here.