WASHINGTON — President Barack Obama launched a new sanctions program on Wednesday to target individuals and groups outside the United States that use “malicious” cyber attacks to threaten U.S. foreign policy, national security or economic stability.
In an executive order, Obama declared such activities a “national emergency” and allowed the U.S. Treasury Department to freeze the assets and bar other financial transactions of entities engaged in destructive cyber attacks.
The executive order gives the administration the same sanctions tools it now deploys to address other threats – including crises in the Middle East and Russia’s aggression in Ukraine – and makes them available for less visible cyber threats.
It is the Obama administration’s latest effort to get tough with hackers, following indictments of five Chinese military officers and the decision to “name and shame” North Korea for a high-profile attack on Sony.
Obama said in a statement that harming critical infrastructure, misappropriating funds, using trade secrets for competitive advantage and disrupting computer networks would trigger the penalties.
Companies that knowingly use stolen trade secrets to undermine the U.S. economy would also be targeted.
“From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds,” Obama said of those targeted by the order.
The program was designed to fill a gap in U.S. cybersecurity efforts where diplomatic or law enforcement means were insufficient, Michael Daniel, Obama’s cybersecurity adviser, told reporters. He said there was not a timeline for determining an initial round of targets.
Under the program cyber attackers or those who conduct commercial espionage in cyberspace can be listed on the official sanctions list of specially designated nationals, a deterrent long-sought by the cyber community.
“This sends a signal that the days of free-range hacking are over,” said James Lewis, a cyber expert with the Center for Strategic and International Studies.
Subjecting cyber criminals, companies that benefit from commercial espionage and even foreign intelligence operatives to tough financial sanctions could have a “momentous” effect in deterring the growing number of cyber attacks seen daily on U.S. networks, said Dmitri Alperovitch, chief technology officer of Crowdstrike, a cybersecurity firm.
The program could prompt a strong reaction from China. Cybersecurity has been a significant irritant in U.S.-China ties, with U.S. investigators saying hackers backed by the Chinese government have been behind attacks on U.S. companies, and China rejecting the charges.
Senior administration officials said the new program was not directed at specific countries or regions, but instead was focused on specific activities. The order was intended to serve both as a deterrent and a punishment, Daniel said, adding that Washington hoped its allies would join in the effort.
Obama has moved cybersecurity toward the top of his 2015 agenda after recent breaches, and last month, the Central Intelligence Agency announced a major overhaul aimed in part at sharpening its focus on cyber operations.