Obama Opens New Front in Cyberwar With Fresh Sanctions Framework

On Wednesday, President Barack Obama unveiled a sweeping new executive order handing himself power to sanction individuals and entities responsible for carrying out cyber attacks against U.S. targets. And on a conference call with reporters, one of his key lieutenants admitted that it was the cyberattack allegedly carried by North Korea on Sony that convinced the White House of the need for such a measure.

That attack “highlighted the need for us to have this capability,” Michael Daniel, a special assistant to the president and cybersecurity coordinator, told reporters on a conference call Wednesday.

In the runup to last year’s Christmas holiday, North Korean hackers — according to the U.S. government — released a trove of internal Sony emails and documents and threatened attacks on theaters that showed the film. Theaters balked, and Sony very nearly killed the film entirely. (Suddenly, the threat posed by cyberattacks on both businesses and freedom of speech had two unlikely poster boys — actors James Franco and Seth Rogen.)

In a shot across the bow of hackers and their sponsors, the White House announced measures to authorize freezing assets and preventing entry into the United States by individuals or groups believed responsible for attacks on infrastructure, computer networks, or the theft of intellectual property. The move, a vast expansion of the U.S. government’s ability to strike back at hackers, also targets the sponsors of cyberattacks by providing the president with authority to sanction individuals who receive intellectual property that has been obtained through cyberattacks or who have sponsored such attacks in the first place.

In a statement, Obama emphasized that this new framework allows him to tackle both the “supply” and the “demand” side of the problem: “As of today, there’s a new deterrent because I’m also authorizing sanctions against companies that knowingly use stolen trade secrets to undermine our nation’s economic health.”

John Smith, the acting director of the Treasury Department’s Office of Foreign Assets Control, compared during the conference call the new order to similar sanctions regimes already in place to combat international terrorism and transnational crime. According to Smith, the ease with which attacks in cyberspace can cross international borders has strained the ability of existing sanctions to combat cybercrime. The new measures, he said, allow the United States to combat such threats, regardless of their origins.

In recent years, the United States has expanded its use of sanctions to more aggressively target the financial assets of its perceived enemies, such as Iran and North Korea and terror groups. Wednesday’s executive order applies a similar framework to cyberspace, allowing U.S. officials to blackball the sponsors and perpetrators of cybercrime from the U.S. financial system.

The dominant role of the U.S. economy and dollar in the world financial system can make American financial sanctions enormously powerful. While hackers and their sponsors often work in jurisdictions that are hostile to U.S. law enforcement, financial transactions that underwrite their work often pass through the U.S. financial system, Smith said. When such transactions are “dollarized,” U.S. officials have a prime opportunity to strike back at foreign hackers and their backers by seizing their funds as it transits through a U.S. bank.

Wednesday’s executive order does not slap any individuals or groups with sanctions but sets up a framework applying such measures in the future.

In the aftermath of the Sony attack, the United States retaliated with additional sanctions against North Korea, but those measures, Smith said, were not directly in response to the cyberattack because the existing sanctions regime against North Korea did not apply.

In that sense, Wednesday’s executive order represents Washington’s latest gambit in attempting to impose order on cyberspace and to deter its adversaries from launching such attacks.

But to do that the White House still faces enormous obstacles. Countries such as North Korea, China, Iran, and the United States have embraced the use of cyberwarfare because they offer a compelling alternative to traditional military methods. The infrastructure of the global Internet provides these countries with abundant opportunities to hide their efforts, and determining who is responsible for a given attack remains a vexing problem for officials trying to constrain the use of cyberwarfare.

And in applying highly specific financial sanctions such as travel bans and asset freezes that so-called “attribution problem” will likely pose a significant hurdle to officials seeking targets for future U.S. sanctions. On Wednesday’s conference call, Smith acknowledged these difficulties: “Our ability to do attribution has improved, but it continues to be a challenge.”

Marcus Ingram/Getty Images