OFAC has issued regulations to implement sanctions introduced by President Obama in April 2015 under Executive Order 13694 that target people and entities responsible for malicious cyber-activities (see previous blog). In its notice, the US Treasury states that it intends to supplement the new regulations with a more comprehensive set in the future, which may include additional guidance, general licences, and statements of licensing policy.
The activity targeted by the Executive Order includes:
- harming or significantly compromising the provision of services by entities in a critical infrastructure sector;
- significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack;
- misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain;
- knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain;
- attempting, assisting, or providing material support for any of the harms listed above; and
- being owned or controlled by, or acting on behalf of, any person whose property or interests are blocked under the order.