U.S. Targets Foreign Hackers with Sanctions


President Barack Obama yesterday signed an executive order authorizing the U.S. Secretary of the Treasury, in coordination with the U.S. Attorney General and Secretary of State, to impose sanctions on anyone involved in cyber attacks that present significant threats to the national security, foreign policy, economic health or financial stability of the U.S.

In a statement citing last year's cyber attack on Sony Pictures, President Obama wrote, "Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit."

"From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds," he added.

"By freezing assets of those subject to sanctions and making it more difficult for them to do business with U.S. entities, we can remove a powerful economic motivation for committing these acts in the first place," homeland security advisor Lisa Monica wrote in a blog post. "With this new tool, malicious cyber actors who would target our critical infrastructure or seek to take down Internet services would be subject to these costs when designated for sanctions."

American Bankers Association president and CEO Frank Keating said in a statement that the executive order sends a strong signal that the U.S. is committed to fighting the growing threat of cyber attacks. "U.S. businesses are committed to working with the government to help protect our critical infrastructure and the economic security of our country," he said. "We will continue to work closely with the White House to protect the U.S. banking industry and the customers we serve."

And ESET senior security researcher Stephen Cobb told eSecurity Planet by email that he applauds the move. "Many companies in the U.S. are spending a lot of money to improve their IT security and the security awareness of their employees in response to the seemingly relentless tide of cybercrime; but it is clear that these private sector efforts alone will not solve the cybercrime problem," he said.

"Coordinated government action, both nationally and internationally, is urgently needed to attack those elements of the global cybercrime infrastructure that only persist due to the complicity of corrupt officials and unscrupulous businesses that turn a blind eye to cybercrime," Cobb added.

Still, Caspida CEO Muddu Sudhakar said by email that reliable attribution of cyber attacks like these will continue to present a significant challenge. "Figuring out exactly who executed an attack is difficult given ability of hackers to cover their tracks and disguise the origin of an attack," he said.

"Enterprises may find these sanctions will deter the odd attacker over time, but they still need to have proactive strategies to find bad actors or advanced threats that have already penetrated existing information security defenses," Sudhakar added. "In spite of sanctions, the bad guys will be inside the perimeter and enterprises need strategies to quickly detect them and stamp them out."