On December 29, 2016, the Obama administration imposed sanctions on eleven Russian individuals and entities in response to their alleged participation in cyber activities supporting Russian interference in the 2016 U.S. presidential election.1 The implementation of these sanctions marks the first use of existing authority to impose sanctions in response to attributed malicious cyber activity.2
Executive Order (“E.O.”) 13694, promulgated in April 2015 in response to North Korea’s hack of Sony Pictures Studios, authorized the use of sanctions against persons engaged in cyber activities that threatened U.S. national security, foreign policy, and economic security.3 Responding to recent hacks and releases of sensitive information attributed to Russian intelligence services, President Obama amended E.O. 13694 to also authorize the imposition of sanctions against those that engage in malicious cyber activities that tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.4
Pursuant to this newly broadened authority, President Obama added to the Specially Designated Nationals (“SDN”) List two Russian intelligence agencies--the Federal Security Service (“FSB”) and the Main Intelligence Directorate (“GRU”)--for their role in the recent hacks. President Obama and the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) also designated five entities and four individuals for their cyber activities against the United States.5 The inclusion of these Russian intelligence agencies, companies, and individuals on the SDN List requires U.S. persons freeze their U.S. assets and prohibits U.S. persons from dealing with any of their property. Though the authority to sanction individuals in response to malicious cyber activity has existed for almost two years and the U.S. has since been targeted by state-sponsored malicious cyber activity, the Obama administration had not deployed this authority until now.6
In addition to the implementation of these sanctions, the U.S. Government prohibited Russian diplomats from accessing two Russian recreational compounds in the U.S. and declared 35 Russian diplomats persona non grata, revoking their diplomatic status and visas in the United States. Separately, the FBI and the U.S. Department of Homeland Security released a joint analysis report, providing technical details about the spear-phishing methods used by hackers to compromise email accounts of prominent Democratic Party officials.7 U.S. Department of Commerce’s Bureau of Industry and Security also added the two Russian intelligence agencies and three Russia-based entities to the Entity List, imposing licensing restrictions for exports, re-exports, and in-country transfers under the Export Administration Regulations (“EAR”).
The future of these and other U.S. sanctions against Russia is uncertain in advance of President-elect Donald Trump’s inauguration. Congressional hearings have evinced support for maintaining existing sanctions against the Putin government or strengthening these, while an advisor to the President-elect has publicly questioned whether these most recent sanctions represent a proportional response to Russia’s alleged actions.8 As these sanctions were authorized by and implemented through executive orders, they may be removed or amended by the president, without the advice or approval of Congress.