The importance of cyber offense: Sanctions are a good start

On April 1, the Obama administration announced a new sanctions program to target "malicious cyber-enabled activities" -- the criminal hackers and government-backed spies who threaten America's security and prosperity with sophisticated online attacks.

The U.S. government did not issue sanctions against any of the individual hackers responsible for thousands of attacks on U.S. companies and government networks in the past two years. Nevertheless, by announcing the new program and creating the legal tools to freeze the assets of individual hackers in the future, the U.S. sent a clear message: After years of playing defense against cyberthreats, America is ready to play offense as well.

Cyberattacks are one of the most serious threats facing the U.S. today. In just the past two years, hackers have broken into computer systems at the White House, State Department and Pentagon; stolen millions of Americans' personal information from U.S. companies; and disrupted the computer networks of some of America's most important companies.

U.S. officials regularly express concern that cyberattacks could undermine the integrity of America's banking sector, power grids and other vital infrastructure, while corporate executives report increasing numbers of attacks, some of which appear to be backed by foreign governments and designed to steal sensitive corporate information.

A 2014 study by McAfee found that cybercrime costs the global economy $400 billion every year.

With the new sanctions, the United States is putting the criminal groups and foreign governments responsible for these cyberthreats on notice: If the attacks continue, the U.S. will begin to freeze their assets and cut them off from doing business in this country. Foreign companies that seek to benefit from cyberattacks on the U.S. -- like foreign companies seeking to purchase trade secrets stolen from their American competitors -- will face similar penalties.

Of course, the full impact of the new sanctions program will depend on how the government implements it. Effective implementation will require greater cooperation between the U.S. private sector and the U.S. government to identify the specific hackers who should be sanctioned, and the Obama administration should encourage our allies in Europe and elsewhere, who face similar cyberthreats, to develop similar sanctions tools.

Of course, sanctions are not a substitute for a broader cybersecurity strategy. Other steps are also critical, and the government and private sector must make investments to harden our defenses and improve our online security.

Individual Americans also need to become more aware of the steps we can all take to make sure that our own computers are not hacked. Indeed, a striking percentage of successful cyberattacks succeed in part because an individual opened a suspicious email message or downloaded an infected file. Such attacks could be prevented by better individual cybersecurity awareness.

In addition, we can't fight 21st-century threats within a 20th-century legal framework. Congress must act on proposals to modernize U.S. criminal laws to better enable federal prosecutors to arrest the individuals and companies that compromise American computer networks.

The sanctions announced by the administration are an important element of an overall strategy to contain growing cyberthreats. To succeed in protecting ourselves from such threats, the United States needs to play offense as well as defense. The president's announcement is a strong signal of U.S. intentions to do just that and to hold to account the hackers and governments breaking into America's networks.

About the Author

Peter Harrell is an adjunct senior fellow at the Center for a New American Security.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.