On Dec. 29, 2016, in response to the Russian government’s “aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election,” President Obama issued an Executive Order Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities. This Executive Order amended Executive Order 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” issued on April 2, 2015 to address the threat posed by malicious cyber actors.

Amended and Additional Authority

By way of background, Executive Order 13694 authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities that engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, economic health or financial stability of the United States. The malicious cyber-enabled activity must have the purpose or effect of significantly harming or compromising critical infrastructure; misappropriating funds or economic resources, trade secrets, personal identifiers or financial information for commercial or competitive advantage or private financial gain; knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain; disrupting the availability of a computer or network of computers; and attempting, assisting or providing material support for any of the above activities.

By his action on Dec. 29, 2016, President Obama amended Executive Order 13694 to additionally allow for the imposition of sanctions on those determined to be responsible for

tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.

The authority also provides the Secretary of the Treasury with the ability, in consultation with the Attorney General and the Secretary of State, to determine when circumstances no longer warrant the blocking of property and interests in property of a person designated under Executive Order 13694, as amended.

Immediate Effects

The aforementioned new authority has had immediate consequences. First, the Obama Administration sanctioned the following four individual officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (aka Glavnoe Razvedyvatel’noe Upravlenie, or GRU), Russia’s largest foreign intelligence agency:

  • Vladimir Stepanovich Alexseyev, First Deputy Chief of the GRU;
  • Sergey Gizunov, Deputy Chief of the GRU;
  • Igor Korobov, Chief of the GRU; and
  • Igor Kostyukov, First Deputy Chief of the GRU.

The Administration also designated the following two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information:

  • Aleksey Alekseyevich Belan; and
  • Evgeniy Mikhaylovich Bogachev.

The Administration further sanctioned two Russian intelligence services:

  • Federal Security Service (aka Federalnaya Sluzhba Bezopasnosti, or FSB); and
  • Main Intelligence Directorate (aka GRU).

Finally, the Administration sanctioned the three companies listed below that provided material support to the GRU’s cyber operations:

  • Autonomous Noncommercial Organization Professional Association of Designers of Data Processing Systems (aka Ano Po Ksi);
  • Special Technology Center (aka STC, Ltd.); and
  • Zorsecurity (aka Tsor Security).

In addition, on Jan. 4, the Commerce Department’s Bureau of Industry and Security (BIS) added the two Russian intelligence services and three companies noted above to its Entity List for acting contrary to the national security or foreign policy interests of the United States. By adding these entities to the Entity List, BIS imposed a license requirement and a prohibition against the use of any license exceptions for exports, re-exports or transfers (in-country) of all items subject to the Export Administration Regulations (EAR) to the entities, as well as a license review policy of presumption of denial.

These actions followed a Dec. 27, 2016 BIS revision to its regulations clarifying that it will review license applications to export or re-export to Russia items subject to the EAR and controlled for chemical and biological weapons proliferation (CB), nuclear nonproliferation (NP) or national security (NS) reasons under a presumption of denial, if the items proposed for export or re-export would make a direct and significant contribution to Russia’s military capabilities. This new review policy was instituted in order to protect U.S. national security interests and to ensure the efficacy of existing sanctions on Russia for violating international law and fueling the conflict in eastern Ukraine.

Finally, the State Department shut down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes and declared 35 Russian intelligence operatives as “persona non grata,” indicating that such operatives are no longer welcome by the U.S. government and must therefore leave the United States. In order to aid network defenders in the United States and abroad to identify, detect and disrupt Russia’s malicious cyber activities, the Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information regarding Russian civilian and military intelligence service cyber activity.

Next Steps

In the coming days, the Obama Administration plans to provide Congress with a report regarding Russia’s efforts to interfere in the U.S. election and malicious cyber activity related to the U.S. election cycle in previous elections. The Administration has warned that the aforementioned sanctions are “not the sum total of [the Administration’s] response to Russia’s aggressive activities,” as the Administration will continue to take various actions at its discretion, “some of which will not be publicized.” The Administration hopes that the United States and its friends and allies will work together to oppose any further Russian efforts to undermine established norms and interfere with democratic governance. It remains to be seen how President-elect Trump will address this matter once he takes office on Jan. 20.

The Obama Administration’s most recent imposition of increased sanctions on Russia highlights the importance of carefully screening existing and proposed transactions against U.S. restricted parties lists, and otherwise vetting transactions for compliance with U.S. sanction and export control programs, whether involving Russia or other countries. In particular, care should be exercised with respect to Russia-related transactions in light of sanctions previously imposed by the U.S. in response to Russia’s annexation of the Crimea Region of Ukraine and the new Commerce Department licensing policy. For additional information on the Crimea sanctions, see U.S. Enacts New Russia Sanctions Law; President Obama Imposes Trade/Investment Embargo on Crimea.