Cybersecurity

Lawmakers grill Mnuchin on Treasury's cyber sanctions

Treasury Secretary Steve Mnuchin (Photo by photocosmos1/Shutterstock) 

Lawmakers pressed Treasury Secretary Steven Mnuchin at a Mar. 4 House Appropriations Committee hearing about how effective the department's financial sanctions against other nations for conducting cyberattacks were in deterring future behavior and how it was defining their success.

"If a sanction is enforced upon another foreign entity, how does that restore or make whole the U.S. entity?" asked Rep. Tom Graves (R-Ga.) at the hearing. He also asked Mnuchin if he's noticed "any sizable positive impact on the reduction of breach attempts on U.S. companies" as a result.

Mnuchin said sanctions are "just one of the many tools" the U.S. government uses to help protect federal and private IT infrastructure.

Rep. Mike Quigley (D-Ill.) brought up sanctions implemented by both the Obama and Trump administrations against Russian entities and individuals for interfering in the 2016 U.S. presidential election, noting that Russia's covert campaign to influence the U.S. electorate "seem to be continuing" and that former Director of National Intelligence Dan Coats warned that "the lights are blinking red" before stepping down last year.

"What are we missing? Are we sanctioning the right people or should we be sanctioning people higher to the top that are making these decisions?" Quigley asked. "I don't think that's a political question. The fact is both administrations put these sanctions in place for a reason and the efforts continue. All I'm suggesting is that maybe it's not working because we're sanctioning the wrong people or the enforcement isn't strong enough, or in some manners they're overcoming those sanctions by alternative means."

Mnuchin said Treasury has hired "a significant number of people" to oversee its sanctions program are properly staffed to handle the workload. He also said he is actively overseeing the sanctions process and believes it has enough people and money to carry out its mission effectively.

"This is like a factory that we have, and there are always things that are being researched, intelligence that's being driven to us and future things that are being worked on," Mnuchin said. "So I'm not going to make any comments just as a matter of policy on future sanctions, but the answer is yes, I do think our sanctions programs work, and I do think we're sanctioning the right people, and I do believe we have proper resources."

Quigley was not satisfied with that answer.

"To continue this assuming that behavior will change based on our current efforts is probably optimistic and that we have to look at this from a different vein," Quigley said. "The fact that you are involved in this, as you say, and so much of your time, your input into what else we can do, given that this isn't stopping, would be appreciated."

The question of how effective sanctions are in deterring foreign governments or connected individuals from committing future attacks is a hotly debated topic in cybersecurity policymaking. U.S. officials often argue they are one component in a multi-layered "name and shame" strategy, often paired with criminal indictments and travel restrictions and designed to marshal international support and make it harder for hackers to move around or conduct business.

North Korea and Iran are already under heavy international sanctions and have economies that are largely isolated from international trade with the U.S.-Western financial system. The FBI has stated that name-and-shame tactics have no effect on North Korean behavior, and sanctions might actually lead to increased activity as ransomware attacks and other cyber-enabled theft is leveraged to make up for lost revenue elsewhere.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Workforce
    coronavirus molecule (creativeneko/Shutterstock.com)

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

  • Acquisition
    Shutterstock ID: 1993681 By Jurgen Ziewe

    Spinning up telework presents procurement challenges

    As concerns over the coronavirus outbreak drives more agencies towards expanding employee telework, federal acquisition contracts can help ease some of the pain.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.