Obama declares cyberattacks a ‘national emergency’
President Obama declared Wednesday that the rising number of cyberattacks against the United States is a national emergency and issued an executive order that would sanction those behind the attacks.
“Targeted sanctions, used judiciously, will give us a new and powerful way to go after the worst of the worst,” he said in a post on Medium.
The president’s order will give the Treasury Department the authority to impose sanctions on individuals or entities behind cyberattacks and cyber espionage. In effect, it would freeze targets’ assets when they pass through the U.S. financial system and prohibit them from transacting with American companies.
The move by the White House responds to mounting cyber threats to U.S. companies, government agencies and critical infrastructure.
The number of data breaches in the headlines attests to the need for stronger countermeasures against hackers, said White House cybersecurity coordinator Michael Daniel.
“We very much need the full range of tools across the spectrum in order to actually confront the cyber threats that we face,” said Daniel, a special assistant to Obama, on a call with reporters.
Daniel argued that the sanctions regime will discourage hackers worldwide and those who hire them to do harm.
“Keep in mind that some of our view here is that we want to have this tool available as a deterrent to some of those who would consider carrying out these activities,” he said.
“We would also hope that some of our allies and aligned countries would join us,” raising the financial stakes for bad actors, he added.
To be designated for sanctions, an individual or entity would have to carry out significant and malicious cyber activity against the United States.
Foreign governments have been suspected in many recent high-profile hacks across the public and private sector. The FBI accused North Korea of organizing an attack on Sony Pictures in retaliation for “The Interview,” which depicts the assassination of Kim Jong Un.
In response, the White House imposed a new round of economic sanctions on North Korea, mostly targeting weapons companies selling to the reclusive East Asian nation.
The new executive order gives the Treasury Department authority to impose sanctions outside of country-specific frameworks.
“This joins the ranks of our counterterrorism authorities and our narcotics authorities that allow us to go after activity that threatens the United States,” said John Smith, acting director for the Office of Foreign Assets Control.
Treasury Secretary Jack Lew said the executive order would allow his department to “financially isolate those who hide in the shadows of the Internet.”
“This authority is a powerful new tool to help protect our security and economy against those who would exploit the free, open, and global nature of the Internet to cause harm,” Lew said.
The White House said the order applies to several types of cyber crimes that have ravaged the U.S. over the last two years, though Daniels declined to give examples.
“Speculating how we would have used this tool in the past is very difficult,” he said.
Treasury will have the authority to impose sanctions against those who pilfer large troves of credit card data or sensitive information, for example.
“Our primary focus will be on cyber threats from overseas,” Obama said on Medium.
The Treasury Department will have the authority to impose sanctions against those who pilfer large troves of credit card data or sensitive information, for example.
Major hacks at retailers like Home Depot and Target exposed more than 100 million Americans’ credit card data in the last 18 months, while a data breach at JPMorgan Chase last fall compromised 76 million households’ personal information.
The administration also clarified that the order will cover cyberattacks that “significantly disrupt” the availability of a computer network.
That includes distributed denial-of-service attacks (DDOS), the calling card of hacktivist groups like Anonymous and many foreign countries like Iran and China.
Just in the last two weeks, Internet free speech activists have accused China of waging a major DDOS campaign against the popular U.S. coding site GitHub.
Whether the Treasury Department will use its new authority to respond to these type of attacks remains to be seen.
“We intend to use this authority carefully and judiciously against the most serious cyber threats to protect our nation’s critical infrastructure,” Lew said.
Wednesday’s move is the next phase of the White House’s 2015 cybersecurity agenda.
The administration in January unveiled a series of legislative proposals meant to enhance public-private cybersecurity information sharing. Obama traveled to Silicon Valley in February to promote his platform at an all-day cyber summit. During the event, he signed an executive order to encourage Congress to take up his proposals.
In his Medium post, Obama vowed that this new tool would not lie dormant.
“We will use it,” he said.
Officials declined to give a timetable for when they will announce the first round of sanctions.
—Updated at 11:38 a.m.