Official: US Readying Hacking-Related Sanctions
U.S. government eager to wield new weapon in cyber deterrence.
SAN FRANCISO -- The U.S. government is preparing to order the first round of sanctions against foreign entities or individuals involved in hacking, according to a senior Department of Justice official, in what will be the first test of the government's newest tool in cyber deterrence.
The presidential authorization for cyber-specific economic sanctions, announced at the start of the month, is still "hot of the presses" in government time, but Deputy Assistant Attorney General for National Security Luke Dembosky told ABC News he "wouldn't expect it to take too long" before it's put to use.
Dembosky said that though certain potential targets were in mind even before the new sanctions were authorized, the government is being very deliberate about who it chooses to go after and when, with his department working with the State Department, Treasury and others, each providing input.
As announced April 1, the sanctions are designed to go beyond the hackers themselves to target customers "downstream" -- the individuals and entities that buy or use information or capabilities they know or suspect to have been stolen by hackers. The sanctions could freeze economic assets and make it more difficult for companies involved to do business in the U.S., according to the White House.
"This is about leveling the playing field," Dembosky said today at the RSA cyber security conference in San Francisco.
In announcing the new sanction capability, President Obama wrote in an Executive Order that the cyber threats facing the nation constituted a "national emergency."
"The increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Obama said.
Some cyber security experts had long lobbied for sanctions to be added to America’s tools to counter prolific cyber-attacks –- in addition to public condemnation and the filing of criminal charges. As Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator told reporters when the sanction program was announced, it is meant to "fill a gap" and reach malicious actors who are "difficult for diplomatic and law enforcement tools to reach."
Dembosky declined to elaborate on who the first round of sanctions could target, but U.S. officials have publicly bemoaned cyber attacks attributed to Chinese actors both against the U.S. government and major American corporations.
Speaking alongside Dumbosky, Sean Kanuck, the National Intelligence Officer for Cyber Issues at the Office of the Director of National Intelligence, told the RSA audience Friday that China is "leading the way" in economic espionage.
Last May the Department of Justice indicted five Chinese military officers with hacking U.S. companies to steal industry secrets about nuclear and solar power.
More recently U.S. officials blamed Russian hackers for infiltrating both the State Department and the White House's unclassified email systems.