President Barack Obama signed an executive order on Wednesday that creates a new way for the U.S. government to better respond to the “most significant” cybersecurity threats, particularly in situations where “malicious cyber actors” may operate beyond the reach of existing authorities.
“The Treasury Department is committed to protecting the U.S. financial system from a range of state and non-state actors,” Treasury Secretary Jacob Lew said in a statement.
The order, Lew says, allows the U.S. to “expose and financially isolate those who hide in the shadows of the Internet to conduct malicious cyber activities that threaten the national security, foreign policy, or economic health or financial stability” of the United States. This authority is a powerful new tool to help protect our security and economy against those who would exploit the free, open, and global nature of the Internet to cause harm. We intend to use this authority carefully and judiciously against the most serious cyber-threats to protect our nation’s critical infrastructure.”
The executive order authorizes the secretary of the Treasury, in consultation with the attorney general and the secretary of state, to impose sanctions on individuals or entities that engage in significant malicious cyber-enabled activities that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose or effect of:
Harming or significantly compromising the provision of services by entities in a critical infrastructure sector;
Significantly disrupting the availability of a computer or network of computers (for example, through a distributed denial-of-service [DDoS] attack); or
Causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information).
The executive order also authorizes these individuals to impose sanctions on certain individuals or entities that knowingly receive or use trade secrets stolen by cyber-enabled means for commercial or competitive advantage or private financial gain, where the underlying theft of the trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the nation.
Lew said the authority will be used in a “targeted manner” against the most significant cyber threats, “whether they are directed against our critical infrastructure, our companies, or our citizens.”