Cybersercurity

Obama declares foreign cyber threats a 'national emergency'

President Barack Obama issued an executive order April 1 declaring foreign cyber threats to U.S. economic and national security a "national emergency." The order authorizes the Treasury secretary to levy sanctions on individuals or groups whose "significant, malicious cyber-enabled activities" threaten American national security, foreign policy, economic prosperity or financial stability.

Four categories of cyber behavior could trigger sanctions under the executive order, according to a White House summary:

  • "Harming or significantly compromising" critical infrastructure services.
  • "Significantly disrupting" a computer network via, for example, a distributed denial-of-service attack.
  • "Causing a significant misappropriation of funds or economic resources" by, for example, stealing credit card information or trade secrets.
  • Receiving or using such trade secrets for commercial gain.

The executive order is "both targeted in a sense [that] it has to be very significant and meet those four harms, but it's also very broad in that those harms cut across a wide swath of activity," top White House cybersecurity adviser Michael Daniel told reporters. 

The broad directive expands the administration's toolset to punish those it deems bad actors in cyberspace. The order is a more flexible tool than indicting alleged cyber criminals, as the Justice Department has done twice to Chinese nationals, in that the president can adjust sanctions already in place.

"This authority will be used in a targeted manner against the most significant cyber threats that we face, whether they are directed against our critical infrastructure, our companies, or our citizens," a White House statement said.

The executive order "is significant because you need to get penalties in here to make this work," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "You need to have it not be cost-free, which has been the case now since the dawn of the Internet."

But while Lewis praised the executive order as "an essential tool for better cybersecurity," he said he worried the administration might have set too high a threshold for malicious cyber behavior to trigger sanctions.

The high threshold was the result of considerable deliberation on the part of the White House. As the order was being prepared last week, advisers debated how high that threshold should be, dwelling on what a "significant" compromise of computer security would entail, according to an administration official. They ended up opting for a high bar. "The idea is to not use this tool willy-nilly," the official said.

Though Daniel declined to speculate on when the new sanctions tool might have been used in past cyberattacks on U.S. assets, he said his search for the "proportional response" that Obama called for after the November hack of Sony Pictures Entertainment "highlighted the need for us to have" the new sanctioning authority.

"We would also hope that some of our allies … would consider joining us in creating these kind of regimes," Daniel added. But it could be how non-U.S.-allies react to the new sanctions tool that determines its broader impact.

Assistant Attorney General for National Security John Carlin has argued that, though their extradition is unlikely, indicting Chinese hackers still serves some value in deterring future hacking. The Obama administration is banking on the new sanctions tool having greater deterrent value than the indictments, and Adam Segal, a senior fellow at the Council on Foreign Relations, said it very well could.

Were the administration to use the new authority to sanction the state-owned enterprises that China draws on for economic growth, "that, in China's view, [would] be a significant escalation," Segal said. 

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.