Obama authorizes sanctions against "malicious cyber actors"

President Obama declared a "national emergency" Wednesday, signing an executive order to authorize sanctions against criminals who engage in "significant malicious" cyber attacks against the United States.

"Cyber threats pose one of the most serious economic and national security challenges to the United States," the president said in a statement addressing his executive order. "And my Administration is pursuing a comprehensive strategy to confront them."

Cybersecurity a top priority for President Obama

By declaring certain malicious cyber activity a national emergency in this executive order, President Obama is creating a kind of sanctions shortcut that could speed up the Treasury Department's ability to freeze assets and impose other sanctions when malicious cyber attacks are deemed to pose a significant threat to "national security, foreign policy, or economy or financial stability" of the U.S., according to a fact sheet released by the White House.The White House cited as examples cyber attacks that compromise critical infrastructure, cause significant disruptions to computer networks, or the steal "large quantities of credit card information or trade secrets."

China suspected in massive data breach at Anthem

The measures, announced after recent cyber assaults on health insurance companies like Anthem, Premera Blue Cross and entertainment giant Sony, would apply to overseas actors engaging in a wide swath of cyber criminal activity: from hacks stealing trade secrets or other financial information to widespread distributed denial of service (DDoS) attacks -- along with anyone attempting to assist or provide material support for such offenses.

The U.S. would be able to freeze assets and prevent any transactions with U.S. financial systems. The State Department will also deny visas to those engaging in such activities.

White House Cybersecurity Coordinator Michael Daniel said on a conference call with reporters that the order is "designed to fill in a gap that we have identified."

Some cybersecurity experts say the new program could be "staggering" for countries like China, where the attacks on insurance giant Anthem are believed to have originated.

For foreign actors suspected of cyberhacking U.S. companies, "this is practically an economic death sentence," Stewart Baker, a former assistant secretary of policy at the Department of Homeland Security, told CBS News.

"In the end, almost any economic transactions goes through New York, and the banks in New York won't handle transactions with people who have sanctions imposed on them," Baker said. "The potential ripple effect will be enormous."

A closer look at the cyber security summit

"People still have to be prosecuted, sentenced," the cyber security expert explained. "This just creates a framework in which individuals can be identified... And the government is a lot better at attribution than they used to be."

But some remain cautious about what such sanctions authority could do.

"The president's emergency economic authority is exceptionally broad, and has been used to violate basic due process rights in other contexts," ACLU policy adviser Gabe Rottman warned in a statement to CBS News. "Cyberthreats are real and must be addressed, but they often transcend brick-and-mortar transnational conflicts. That creates the potential for serious unintended consequences here."

Daniel said the Sony hack - which the U.S. traced to North Korea - "informed" the administration's development of this executive order, and "highlighted the need to have this capability."

"We know that in many cases that in any country... there are companies that hire hackers to steal intellectual property and we don't want to only deter those with their "fingers on the keyboard," Daniel said. "We wanted to deter those paying for [those activities]."

Though the United States imposed new sanctions on North Korea following the uproar over Sony's hack, the White House says this new order augments its power to deal with malicious cyber actors.

Earlier this year, the president signed an order to promote information sharing between affected parties in the private sector and government agencies. The president also held a cybersecurity summit in February in the heart of Silicon Valley to recruit tech giants for the White House's efforts.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.