Obama unveils program to guard against hackers
President Barack Obama on Wednesday ordered a new sanctions program that could block assets of U.S. and foreign hackers and of companies that seek to profit from cyberattacks.
Obama said the threat from cyberattacks was a “national emergency” and that the sanctions could help strike back against those involved in attacks on U.S. targets.
“Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit,” Obama said in a blog post on the Medium website.
He added that cyber threats “pose one of the most serious economic and national security challenges to the United States,” and that the sanctions will take aim both at hackers and “against companies that knowingly use stolen trade secrets to undermine our nation’s economic health.”
Obama said in his statement that hackers in China, Russia and Iran were among those attacking U.S. targets and added that “it’s often hard to go after bad actors, in part because of weak or poorly enforced foreign laws, or because some governments are either unwilling or unable to crack down on those responsible.”
The announcement comes after an epidemic of incidents reported in recent months, including a devastating attack against Sony Pictures, and data breaches that stole credit card or health data on tens of millions of Americans.
Costing US Jobs
Under the order, the U.S. Treasury would be able to freeze or block assets of those involved in attacks on “critical” U.S. computer networks, such as banking systems or electric power, or the theft of data such as credit card information, and of companies that profit from such attacks.
“Cyber intrusions and attacks — many of them originating overseas — are targeting our businesses, stealing trade secrets, and costing American jobs. Iranian hackers have targeted American banks,” Obama said.
“The North Korean cyberattack on Sony Pictures destroyed data and disabled thousands of computers. In other recent breaches that have made headlines, more than 100 million Americans had their personal data compromised, including credit card and medical information.”
The executive order allows the Treasury and Attorney General’s office to impose sanctions on hackers posing “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
This could respond to so-called distributed denial-of-service attacks, theft of trade secrets or credit card numbers or other “sensitive information,” according to a White House statement.
Sanctions could also be imposed on companies that use trade secrets or other stolen data or assist hackers in their efforts.
Officials said there were no immediate plans to use these sanctions but that the additional tool would bolster U.S. efforts using law enforcement, diplomacy or military actions.
“We intend to use this tool judiciously and in extraordinary circumstances,” said John Smith of the Treasury’s Office of Foreign Assets Control, which administers sanctions.
Obama said the new sanctions would “in no way target the unwitting victims of cyberattacks,” such as people whose computers are hijacked, and that the program would not be used against cybersecurity researchers or to curb freedom of online expression.
The sanctions are “not a tool that we will use every day,” U.S. homeland security adviser Lisa Monaco said, adding that “lawabiding companies have absolutely nothing to worry about.”
Some privacy activists questioned the broad language in the order, saying it could have unforeseen impacts.
The order could be interpreted to target investigative reporters, said Marcy Wheeler on the privacy blog Empty Wheel.
“Does WikiLeaks’ publication of secret Trans-Pacific Partnership negotiations qualify? Does Guardian’s publication of contractors’ involvement in NSA hacking?” she wrote.