-- Cyber-attacks against the U.S. have become so bad that President Obama today declared it a “national emergency” and announced the first ever sanctions program designed specifically to go after foreign hackers.
The order calls for a sanctions program not unlike those used in counter-proliferation or counter-terrorism programs that can target “individuals or entities that engage in significant malicious cyber-enabled activities” that harm the U.S. – including attacks on critical infrastructure, denial of service attacks or cyber espionage, according to the White House.
“This new executive order is specifically designed to be used to go after the most significant malicious cyber actors we face,” Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, wrote on the White House website. “It is not a tool that we will use every day.”
Some cyber security experts have long lobbied for sanctions to be added to America’s tools to counter prolific cyber-attacks –- in addition to public condemnation and the filing of criminal charges. As Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator told reporters today, the sanctions program is meant to "fill a gap" and reach malicious actors who are "difficult for diplomatic and law enforcement tools to reach."
The Sony hack, Daniel said, "highlighted the need" for the executive order.
The executive order also allows the U.S. to go after those working behind the scenes, not just the people with their "fingers on the keyboard," Daniel noted.
Dmitri Alperovitch, co-founder and CTO of the cyber security firm Crowdstrike, said on Twitter the new program was a “very big deal.”
“Today the White House is making yet another huge leap forward in the effort to raise the cost to our cyber adversaries and establish a more effective deterrent framework to punish actors engaged in serious intentional destructive or disruptive attacks that present a threat to national or economic security, as well as anyone engaged in economic espionage for commercial benefit or theft of financial information on a massive scale,” Alperovitch wrote on the company’s blog.
Editor’s Note: This report has been updated to properly attribute the line including the phrase “fingers on the keyboard” to Michael Daniel, not John Smith as originally reported.