President Obama on Wednesday issued an executive order allowing the government to impose penalties on foreign individuals or entities that engage in cyberattacks that threaten U.S. national security or the economy.
The executive action deems the recent onslaught of cyberattacks a “national emergency” and authorizes the U.S. Treasury, in consultation with the attorney general and secretary of state, to impose sanctions on individuals that engage in “significant malicious cyberenabled activities” against the U.S. government or American businesses.
Penalties for the illicit cyberactivity could include freezing their assets or barring commercial transactions between the U.S. government and American businesses and the individuals or entities.
“Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Obama said in a statement.
“As we’ve seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies, and our citizens,” he continued. “This executive order offers a targeted tool for countering the most significant cyberthreats that we face.”
The move gives the administration more legal leverage to punish and try to prevent the avalanche of credit card data theft, corporate espionage and cyberattacks on critical government computer systems.
“This executive order supports the administration’s broader strategy by adding a new authority to combat the most serious malicious cyberthreats that we face,” Obama said.
The U.S. already had the power to sanction governments they deem responsible for engaging in cyberattacks or crime.
After U.S. intelligence officials blamed North Korea for the attack on Sony, the U.S. government placed sanctions on Pyongyang and 10 individuals they believe were involved in the hack.
It was the first time the U.S. has moved to punish any country for cyberattacks on a U.S. company.
After that attack, in January Obama called on Congress to pass new cybersecurity legislation that would require companies to inform clients when they have suffered a data breach and also share information with the government about hacking threats — an issue that security officials believe is essential but has stirred fears over online privacy.
