Today, US President Barack Obama issued an executive order authorising the US Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals and entities he believes to be responsible for malicious cyber-activities that form or are likely to form a serious threat to the security, foreign policy, or economy of the United States.
Speaking on Wednesday, Secretary of the Treasury Jack Lew stated that the government intended “to use this authority carefully and judiciously against the most serious cyber-threats to protect our nation’s critical infrastructure”.
The activity targeted by the Executive Order includes:
- harming or significantly compromising the provision of services by entities in a critical infrastructure sector;
- significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack;
- misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain;
- knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain;
- attempting, assisting, or providing material support for any of the harms listed above; and
- being owned or controlled by, or acting on behalf of, any person whose property or interests are blocked under the order.
Designated people and entities will have all of their assets in US jurisdiction frozen, and US citizens will generally be prohibited from engaging in transactions with them.