President Obama last week signed an Executive Order allowing the U.S. to impose sanctions on people and organizations that threaten the U.S. in cyber space, ratcheting up pressure on allies and adversaries alike to police their cyber citizens.
“Cyberthreats pose one of the most serious economic and national security challenges to the United States,” Obama said in a statement posted on the Website Medium. “That’s why … I’m for the first time authorizing targeted sanctions against individuals or entities whose actions in cyberspace result in significant threats to the national security, foreign policy, or economic health or financial stability of the United States.”
The order empowers the Secretary of the Treasury – in tandem with the U.S. Attorney General and Secretary of State – to freeze financial assets, bar cyber attackers from trading goods and technology, and cancel or bar individuals from gaining travel visas.
Why it Will Work
1. The Executive Order provides more tools to deter cyber-terrorism in the future.
To meet the threshold for sanctions, attacks would need to meet four “harms,” writes Ellen Nakashima in the Washington Post: “attacking critical infrastructure such as a power grid; disrupting major computer networks; stealing intellectual property or trade secrets; or benefiting from the stolen secrets and property.”
Michael Daniel, Obama’s cyber security adviser, said the law acts as a deterrent and punishment, filling a gap in U.S. cybersecurity efforts where diplomatic or law enforcement means are insufficient, according to a report in from the Reuters newswire.
Elias Groll, an assistant editor at Foreign Policy, supports the sanctions, writing “when such transactions are ‘dollarized,’ U.S. officials have a prime opportunity to strike back at foreign hackers and their backers by seizing their funds as it transits through a U.S. bank.”
While the executive order gives the administration broader authority to act, Daniel said it will be narrowly targeted to specific malicious activities. But even if sparsely used, the threat of sanctions could discourage cyberattackers from going after the U.S.
2. It will serve as a catalyst to bolster cybersecurity measures around the globe.
Fear of sanctions could make other countries more vigilant policing cyber crime from within their borders. The order applies to anyone who steals American trade secrets or defrauds citizens’ personal information, and can apply not only to rogue entities, but also state sponsors.
By setting a baseline for all nations to safeguard their cyber activity, it aims to force countries to pay attention to cybercrime within its borders.
The North Korea attack “highlighted the need for us to have this capability,” Daniel said, according toForeign Policy.
Shannon Tiezzi at The Diplomat, wrote that the order gives the president new ammunition. “The U.S. government has already proven willing to publicly charge Chinese citizens with hacking,” Tiezzi wrote. But “the new executive order could mean crippling sanctions for Chinese firms,” something that wasn’t possible before.
Why the Order Won’t Work
It will be too hard to enforce.
It’s not that the executive order exceeds the president’s authority, as some suggested. The International Emergency Economic Powers Act empowers the president to impose sanctions beyond U.S. borders. But whether the administration can enforce the rules is another matter.
John Reed Stark, a former head of Internet Enforcement for the Securities and Exchange Commission, cited the high number of state-sponsored cyberattacks and the difficulty identifying hackers, according to Reuters.
Peter Baker reported in the New York Times that unilateral sanctions are useless for non-state actors that operate globally.
“In contrast to states like North Korea or Russia that are sanctioned for traditional violations of international norms, hackers dwell in a murky digital world cloaked in ways that make them difficult to catch,” he wrote.
The power of the sanctions, therefore, relies on the United States’ ability to raise the bar of foreign governments and press them to police their own citizens. That will work well enough with American allies. It may be harder with those operating apart from U.S. influence.
Join the conversation. Post a comment below or email me at adoggett@300brand.com.