CYBERATTACK SANCTIONS:
Obama orders financial repercussions for malicious overseas hackers.
President Barack Obama on Wednesday authorized a new U.S. government approach to deterring cyberattacks: financial sanctions against malicious overseas hackers and companies that knowingly benefit from the fruits of cyberespionage.
The latter category could include state-owned corporations in Russia, China and elsewhere, setting the stage for major diplo- matic friction if the sanctions are employed in that way.
“Cyberthreats pose one of the most serious economic and national security challenges to the United States,” Obama said in a statement after signing an executive order creating the first sanctions program aimed at cyberattacks.
The order was the latest attempt by his administration to come up with options short of direct retaliation to deal with a growing cyberthreat from nations and criminal groups. It gives the U. S. the authority to levy sanctions on individuals and companies, though no specific penalties were announced.
“We are excited about this new tool that will allow us to expose and isolate those behind malicious cyberactivity,” said John Smith, who directs the Treasury Department division that will administer the sanctions.
Obama sa id t he sa nctions would apply to those engaged in malicious cyberactivity that aims to harm critical infrastructure, damage computer systems and steal trade secrets or sensitive information. To be subject to sanctions, the hacking would have to be deemed to have harmed the national security or the economic
health of the U.S.
The sanctions, which would name the targets, seize their U.S. funds and ban them from the American financial system, would also apply to “a corporation that knowingly profits from stolen trade secrets,” the White House said. U. S. intelligence and law enforcement off icials have long possessed evidence state-owned companies in China and elsewhere are complicit in economic cyberespionage that targets the intellectual property of Western companies, but they have largely been unable to act on it.
The administration has “really thought about how to make this painful to the beneficiaries,” of cyberspying, said James Lewis, an expert with the Center for Strategic and International Studies. “They’ve gotten away with this for a long time, so making them suffer a little for stealing is a good idea.”
The announcement follows the Obama administration’s allegations that North Korea was behind last year’s cyberattack on Sony Pictures. The U.S. did sanction several North Korean individuals in retaliation for the Sony hack, but they were not targeted for their role in that incident.
In February, James Clapper, the director of national intelligence, listed cyberattacks as the most pressing danger facing the country, and he said the cyberthreat from Russia “is more severe than we had previously assessed.”
U.S. officials have been warning of cyberthreats for years. Major U.S. companies, including Target and Home Depot, have been the target of criminal hacking that put consumer information at risk.
Foreign intelligence services are probing and penetrating critical infrastructure, including U. S. power grids, so that they can inflict damage in the event of a conflict, American intelligence officials have said publicly.
They have also alleged that hackers based in Russia and China are engaging in a widespread pillaging of corporate trade secrets. Former National Security Agency director Keith Alexander has called that the greatest illicit transfer of wealth in history. China and Russia deny any role in the cyberthefts.
Last May, the Justice Department issued criminal indictments against five Chinese military hackers it accused of cyberespionage against U.S. corporations. FBI director James Comey said at the time the spying was to benefit Chinese companies, but he neither named the companies nor took formal action.
U. S. officials say they have gotten better at tracing cyberattacks, a notoriously difficult thing to do, given that their origins can easily be disguised.
The sanctions are “a new powerful tool that we intend to use,” said John Carlin, assistant attorney general for national security, who said the government is applying lessons “learned in our battle against terrorists and proliferators.”