President Barack Obama speaks at the dedication of the Edward M. Kennedy Institute for the United States Senate, Monday, March 30, 2015.

President Barack Obama speaks at the dedication of the Edward M. Kennedy Institute for the United States Senate, Monday, March 30, 2015. Susan Walsh/AP

Science & Tech

Obama Expands the US Response to Cyber Attacks

A new executive order will allow the government to impose financial sanctions against foreigners waging malicious cyberattacks against the US.

Dustin Volz,
National Journal

|
Dustin Volz
By Dustin Volz

President Obama on Wednesday signed an executive order expanding his administration's ability to respond to malicious cyberattacks by allowing financial penalties to be inflicted on foreign actors who engage in destructive hacking campaigns.

"Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them," Obama said in a statement. "As we have seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies, and our citizens. This executive order offers a targeted tool for countering the most significant cyberthreats that we face."

The order allows the secretary of the Treasury, in consultation with the attorney general and secretary of State, to impose financial sanctions—such as freezing of assets or prohibition of commercial trade—on individuals or groups responsible for malicious cyberattacks that "create a significant threat to U.S. national security, foreign policy, or economic health or financial stability of the United States," Obama said.

Administration officials have long indicated a desire to strengthen the government's ability to respond to and penalize those engaging in cyberattacks. The massive hit on Sony Pictures last Thanksgiving—which the White House publicly blamed on North Korea—increased the urgency to bolster the nation's cyberdefenses. 

In January, Obama signed a separate executive order allowing for further sanctions against designated North Korean targets, but that action was limited solely to government officials in that country and not tethered directly to the Sony cyberattack. Wednesday's order will broaden the government's authority to permit the levying of sanctions against those directly responsible for hacking activities—and officials will not need to acquire a discrete order to respond to each attack.

Data breaches in recent years at places like Target, Home Depot, and Anthem Insurance have resulted in the heist of the personal data of millions of consumers, ranging from credit-card information to Social Security numbers and health information. But hundreds if not thousands of cyberattacks are waged daily against the United States, officials have said, and many of them originate overseas. China and Russia have been identified as particularly aggressive and adept at cyberintrusion and cyberespionage.

The order limits the government's authority to impose sanctions to attacks deemed significant enough to merit such a response. The types of attacks fit for a counterpunch include those that harm or compromise a critical infrastructure sector, disrupt the availability of a computer or network or computers (such as a distributed denial-of-service attack), or cause "significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain," according to a White House fact sheet.

In addition, sanctions can be imposed on those that knowingly receive or use trade secrets acquired via cybertheft, when the theft is "reasonably likely to result" in a threat to the nation's security or economic health. 

The order also allows for sanctions against actors even if the cyberattack is not successful. Those hit with sanctions would be barred from entering the United States.

White House cybersecurity coordinator Michael Daniel told reporters the powers under the order were intended to "fill in a gap" that exists between the law-enforcement and diplomatic means currently available to pursue malicious hackers. The new authority was vital but "not one that we are expected to use every day," Daniel said.

But at least some privacy advocates—who have been leery of Obama's overall cybersecurity push in recent months—were skeptical that Wednesday's order is necessary.

"This order raises more questions than it answers," said Amie Stepanovich, senior policy counsel with the digital-rights group Access. "We already have strong rules to address criminal activity while protecting human rights. The Obama administration is inventing new authorities to solve these problems rather than using the tools it already has. To further complicate matters, the administration's executive order is incredibly broad, addressing attacks against any entity from nuclear reactors to shopping websites."

Obama, in a post published Wednesday on Medium, attempted to dispel privacy and civil-liberties concerns about the new executive order.

"Sanctions will in no way target the unwitting victims of cyberattacks, like people whose computers are hijacked by botnets," Obama wrote. "Nor does this executive order target the legitimate cybersecurity research community or professionals who help companies improve their cybersecurity. And unlike some other countries, we will never try to silence free expression online or curb Internet freedom."

NEXT STORY: Why the Pentagon's Cybersecurity Dollars Don't Add Up

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.