Cyber-attacks against the U.S. have become so bad that President Obama today declared it a “national emergency” and announced the first ever sanctions program designed specifically to go after foreign hackers.
In an executive order signed today and released by the White House, Obama said the “the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”
The order calls for a sanctions program not unlike those used in counter-proliferation or counter-terrorism programs that can target “individuals or entities that engage in significant malicious cyber-enabled activities” that harm the U.S. – including attacks on critical infrastructure, denial of service attacks or cyber espionage, according to the White House.
“This new executive order is specifically designed to be used to go after the most significant malicious cyber actors we face,” Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, wrote on the White House website. “It is not a tool that we will use every day.”
Some cyber security experts have long lobbied for sanctions to be added to America’s tools to counter prolific cyber-attacks –- in addition to public condemnation and the filing of criminal charges. As Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator told reporters today, the sanctions program is meant to "fill a gap" and reach malicious actors who are "difficult for diplomatic and law enforcement tools to reach."
In January Obama did use sanctions in response to a cyber-attack for the first time, according to U.S. officials at the time, but that one specifically targeted North Korea for its alleged hacking of Sony Pictures Entertainment – an accusation North Korea denied. The new executive order would broaden the U.S.’s ability to freeze hackers’ assets virtually anywhere.
The Sony hack, Daniel said, "highlighted the need" for the executive order.
The executive order also allows the U.S. to go after those working behind the scenes, not just the people with their "fingers on the keyboard," Daniel noted.
Dmitri Alperovitch, co-founder and CTO of the cyber security firm Crowdstrike, said on Twitter the new program was a “very big deal.”
“Today the White House is making yet another huge leap forward in the effort to raise the cost to our cyber adversaries and establish a more effective deterrent framework to punish actors engaged in serious intentional destructive or disruptive attacks that present a threat to national or economic security, as well as anyone engaged in economic espionage for commercial benefit or theft of financial information on a massive scale,” Alperovitch wrote on the company’s blog.
While the U.S. government and military reportedly have been the target of seemingly unending cyber-attacks on a daily basis, the U.S. is also suspected of having played a role in some of the most high-profile cyber-attacks in recent history, including the Stuxnet worm that targeted an Iranian nuclear facility. Documents from the National Security Agency revealed by former contractor Edward Snowden also the American government’s alleged aggressive, relentless efforts to use its own cyber capabilities to electronically spy the world over.
Editor’s Note: This report has been updated to properly attribute the line including the phrase “fingers on the keyboard” to Michael Daniel, not John Smith as originally reported.