The President made the following statement about the Executive Order “Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit.”  The Executive Order was entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” and the same day Michael Daniel (Special Assistant to the President and the Cybersecurity Coordinator) posted a blog “Our Latest Tool to Combat Cyber Attacks: What You Need to Know” which described what the Executive Order covered:

  • Harming or significantly compromising the provision of services by entities in a critical infrastructure sector
  • Significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack
  • Misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain
  • Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain
  • Attempting, assisting, or providing material support for any of the harms listed above

However my friend Nick Akerman at Dorsey and Whitney in New York (an expert on cybersecurity and privacy) was interviewed by PCWorld and asked:

What standard of proof are agencies going to use?…It’s not always clear who the hackers are.

The PCWorld article went to say that Nick Akerman:

…praised the Obama administration for calling cyberattacks a “national emergency,” saying such recognition is long overdue, but he questioned how targeted groups will challenge the sanctions.

He also questioned how the Treasury Department and other agencies involved would determine an attack was serious enough to impose sanctions. “Are we just taking the word of the company that was hacked, or are they just going after a competitor overseas?” he said.

Although the Executive Order looks pretty good and well-targeted, and hopefully it will reduce cyberintrusions and cyberattacks.  But signing the Executive Order on April 1 date does not sound like the ideal date to issue such an Executive Order particularly given the comments from Nick Akerman…so maybe it will be an April Fools’ Joke after all. But time will tell!