Cybersecurity

The importance of cyber offense: Sanctions are a good start

On April 1, the Obama administration announced a new sanctions program to target "malicious cyber-enabled activities" -- the criminal hackers and government-backed spies who threaten America's security and prosperity with sophisticated online attacks.

The U.S. government did not issue sanctions against any of the individual hackers responsible for thousands of attacks on U.S. companies and government networks in the past two years. Nevertheless, by announcing the new program and creating the legal tools to freeze the assets of individual hackers in the future, the U.S. sent a clear message: After years of playing defense against cyberthreats, America is ready to play offense as well.

Cyberattacks are one of the most serious threats facing the U.S. today. In just the past two years, hackers have broken into computer systems at the White House, State Department and Pentagon; stolen millions of Americans' personal information from U.S. companies; and disrupted the computer networks of some of America's most important companies.

U.S. officials regularly express concern that cyberattacks could undermine the integrity of America's banking sector, power grids and other vital infrastructure, while corporate executives report increasing numbers of attacks, some of which appear to be backed by foreign governments and designed to steal sensitive corporate information.

A 2014 study by McAfee found that cybercrime costs the global economy $400 billion every year.

With the new sanctions, the United States is putting the criminal groups and foreign governments responsible for these cyberthreats on notice: If the attacks continue, the U.S. will begin to freeze their assets and cut them off from doing business in this country. Foreign companies that seek to benefit from cyberattacks on the U.S. -- like foreign companies seeking to purchase trade secrets stolen from their American competitors -- will face similar penalties.

Of course, the full impact of the new sanctions program will depend on how the government implements it. Effective implementation will require greater cooperation between the U.S. private sector and the U.S. government to identify the specific hackers who should be sanctioned, and the Obama administration should encourage our allies in Europe and elsewhere, who face similar cyberthreats, to develop similar sanctions tools.

Of course, sanctions are not a substitute for a broader cybersecurity strategy. Other steps are also critical, and the government and private sector must make investments to harden our defenses and improve our online security.

Individual Americans also need to become more aware of the steps we can all take to make sure that our own computers are not hacked. Indeed, a striking percentage of successful cyberattacks succeed in part because an individual opened a suspicious email message or downloaded an infected file. Such attacks could be prevented by better individual cybersecurity awareness.

In addition, we can't fight 21st-century threats within a 20th-century legal framework. Congress must act on proposals to modernize U.S. criminal laws to better enable federal prosecutors to arrest the individuals and companies that compromise American computer networks.

The sanctions announced by the administration are an important element of an overall strategy to contain growing cyberthreats. To succeed in protecting ourselves from such threats, the United States needs to play offense as well as defense. The president's announcement is a strong signal of U.S. intentions to do just that and to hold to account the hackers and governments breaking into America's networks.

About the Author

Peter Harrell is an adjunct senior fellow at the Center for a New American Security.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.