According to a final rule published in the Federal Register on the last day of 2015 (Dec. 31, 2015), US can now apply economic sanctions in response to cyber attacks.
The US Government assigned to the Department of the Treasury’s Office of Foreign Assets Control the authorities to apply economic sanctions against foreign governments and individuals that launch a cyber attack against the infrastructure of the US Government.
The rule titled “Cyber-Related Sanctions Regulations” implements the directives introduced in the Executive Order 13694 signed by the US President in 2015.
“The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing regulations to implement Executive Order 13694 of April 1, 2015 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”). OFAC intends to supplement this part 578 with a more comprehensive set of regulations, which may include additional interpretive and definitional guidance and additional general licenses and statements of licensing policy.” states the rule.
But what this exactly means? Every time the US authorities identify an entity (a person or a group) that is threatening the US infrastructure and which is responsible for a security breach, then they can freeze all its assets, including bank accounts if these assets are located in the US soil.
“Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit,” said the president Obama. “From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds.”
The Executive Order 13694 explicitly refers the following case regarding possible activities that represent a threat for the Homeland Security:
The Executive Order 13694 is efficient only if the alleged attackers have assets inside America, or do business with American companies.
The idea behind the executive order is aligned with previous orders signed Obama to punish hacking activities against US systems. President Obama already anticipated the use of economic sanctions as a deterrent against cyber attacks in the Sony Pictures case. in January 2015, Obama announced economic sanctions against North Korea in the wake of the hacks against Sony Pictures.
The regulation posted to the Federal Register will be integrated with a further set of regulations that will likely cover “additional interpretive and definitional guidance, including regarding ‘cyber-enabled’ activities, and additional general licenses and statements of licensing policy,” said the notice.
It it important to highlight that there isn’t a public comment period, which is usually required before the issuance of a final rule, a circumstance that demonstrates the approach and intention of the US Government.
The members of the US Government were urging an action against the increasing cyber threats that hit the national systems,
In November, Chairman of the Senate Armed Services Committee John McCain (R-Ariz.) sent letters to several representatives of the Obama’s administration urging the adoption of economic sanctions against the Chinese government.
McCain said “most would agree” that sanctions are a “more powerful tool than the symbolic steps this administration has taken to date,” to deter cyber espionage and hacking campaigns.
(Security Affairs – Executive Order 13694, Information Warfare)