Cybersercurity

Obama declares foreign cyber threats a 'national emergency'

President Barack Obama issued an executive order April 1 declaring foreign cyber threats to U.S. economic and national security a "national emergency." The order authorizes the Treasury secretary to levy sanctions on individuals or groups whose "significant, malicious cyber-enabled activities" threaten American national security, foreign policy, economic prosperity or financial stability.

Four categories of cyber behavior could trigger sanctions under the executive order, according to a White House summary:

  • "Harming or significantly compromising" critical infrastructure services.
  • "Significantly disrupting" a computer network via, for example, a distributed denial-of-service attack.
  • "Causing a significant misappropriation of funds or economic resources" by, for example, stealing credit card information or trade secrets.
  • Receiving or using such trade secrets for commercial gain.

The executive order is "both targeted in a sense [that] it has to be very significant and meet those four harms, but it's also very broad in that those harms cut across a wide swath of activity," top White House cybersecurity adviser Michael Daniel told reporters. 

The broad directive expands the administration's toolset to punish those it deems bad actors in cyberspace. The order is a more flexible tool than indicting alleged cyber criminals, as the Justice Department has done twice to Chinese nationals, in that the president can adjust sanctions already in place.

"This authority will be used in a targeted manner against the most significant cyber threats that we face, whether they are directed against our critical infrastructure, our companies, or our citizens," a White House statement said.

The executive order "is significant because you need to get penalties in here to make this work," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "You need to have it not be cost-free, which has been the case now since the dawn of the Internet."

But while Lewis praised the executive order as "an essential tool for better cybersecurity," he said he worried the administration might have set too high a threshold for malicious cyber behavior to trigger sanctions.

The high threshold was the result of considerable deliberation on the part of the White House. As the order was being prepared last week, advisers debated how high that threshold should be, dwelling on what a "significant" compromise of computer security would entail, according to an administration official. They ended up opting for a high bar. "The idea is to not use this tool willy-nilly," the official said.

Though Daniel declined to speculate on when the new sanctions tool might have been used in past cyberattacks on U.S. assets, he said his search for the "proportional response" that Obama called for after the November hack of Sony Pictures Entertainment "highlighted the need for us to have" the new sanctioning authority.

"We would also hope that some of our allies … would consider joining us in creating these kind of regimes," Daniel added. But it could be how non-U.S.-allies react to the new sanctions tool that determines its broader impact.

Assistant Attorney General for National Security John Carlin has argued that, though their extradition is unlikely, indicting Chinese hackers still serves some value in deterring future hacking. The Obama administration is banking on the new sanctions tool having greater deterrent value than the indictments, and Adam Segal, a senior fellow at the Council on Foreign Relations, said it very well could.

Were the administration to use the new authority to sanction the state-owned enterprises that China draws on for economic growth, "that, in China's view, [would] be a significant escalation," Segal said. 

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.