For the first time, President Obama is giving our country a new tool to combat the most significant cyber threats to our national security, foreign policy, or economy. It's an important step, and many people may be wondering how it will work. Take a look at a few answers to some questions you may have on how the President's latest Executive Order will bolster our cybersecurity:
We live in an information age – almost every aspect of our daily lives is entwined in some way with the Internet. Here’s the problem: The very networks that we rely on to enable many aspects of our increasingly digital lives are vulnerable to cyberattack. Every day, malicious actors are targeting our businesses, trade secrets and critical infrastructure, and sensitive information – and many of these attacks originate from outside our borders.
When it comes to the worst actors, one of the biggest challenges we currently face is developing tools that will allow us to respond appropriately, proportionately, and effectively to malicious cyber-enabled activities, and to deter others from engaging in similar activities. With this Order, President Obama is taking action to give America a new way to confront the growing threat posed by significant malicious cyber actors that may be beyond the reach of our existing capabilities.
This Executive Order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on those individuals and entities that he determines to be responsible for or complicit in malicious cyber-enabled activities that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.
The Executive Order is tailored to address and respond to the harms caused by significant malicious cyber-enabled activities. These activities include:
Our focus will be on the most significant cyber threats we face – namely, on actors whose malicious activities could pose a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.
This tool will be used to go after the worst of the worst of malicious cyber actors: Those whose cyber activities – whether directed against our critical infrastructure, our companies, or our citizens – could threaten the national security, foreign policy, economic health, or financial stability of the United States.
Malicious cyber actors often rely on U.S. infrastructure to commit the acts described in the Order, and they often use our financial institutions or partners to transfer their money. By sanctioning these actors, we can limit their access to the U.S. financial system and U.S. technology supply and infrastructure. Basically, sanctioning them can harm their ability to both commit these malicious acts and to profit from them.
The President signed an Executive Order in January 2015 authorizing additional sanctions on the Democratic People’s Republic of Korea (DPRK). That Executive Order was a response to the DPRK Government’s ongoing provocative, destabilizing, and repressive actions and policies, particularly its destructive and coercive cyber attack against Sony Pictures Entertainment and threats against movie theaters and moviegoers.
President Obama took the Sony attack seriously and you can read more about that Executive Order and his response here.
The President is using a broad range of tools – including diplomatic engagement, trade policy, and law enforcement mechanisms – to address cybersecurity threats like these. We are bolstering the government’s network defenses, sharing more information with the private sector, and standing up the Cyber Threat Intelligence Integration Center (CTIIC) to provide integrated analysis of foreign cyber threats within the federal government and help ensure that our government centers that are responsible for cybersecurity and network defense have access to the intelligence they need to perform their missions.
Moreover, we have sent Congress legislation to further enhance our cybersecurity by strengthening protections for victims of identity theft, modernizing law enforcement tools for investigating and deterring cybercrimes, and promoting increased cyber threat information-sharing among the private sector and government.
This authority will be used in a targeted and coordinated manner in response to the most significant cyber threats we face, whether they are directed against our critical infrastructure, our companies, or our citizens, when the activities could threaten the national security, foreign policy, the economic health, or financial stability of the United States.
In addition, it’s important to know who we are not targeting. These sanctions will in no way target the victims of cyberattacks, like people whose computers are unwittingly hijacked by botnets or hackers. Nor is this Order designed to prevent or interfere with the cybersecurity research community when they are working with companies to identify vulnerabilities so they can improve their cybersecurity. The targets of these sanctions are malicious actors whose actions undermine our national security.