The U.S. wants to slap sanctions on cybercriminals. President Obama issued an executive order Wednesday creating the nation’s first sanctions program to combat “malicious” cyberattacks and cyberspying.
President Obama said cyberthreats pose one of “the most serious economic and national security challenge” to the U.S., and that the executive order offers a “targeted tool” for countering that threat.
The sanctions would apply to individuals and groups involved in cyberattacks that harm or compromise critical infrastructure, steal trade secrets and hobble computer systems, among other things.
Perpetrators within the U.S. as well as in countries such as China, Russia and Iran would be subject to sanctions.
Michael Daniel, special assistant to the president and cybersecurity coordinator, said the executive order is designed to go after individuals who launch significant malicious cyber activity in places that are “difficult for our diplomatic and law enforcement tools to reach.”
He adds that such individuals could be behind the borders of a country that has weak cyber security laws or the government is complicit in or turning a blind eye to the activity.
John Smith, acting director of the Treasury Department’s Office of Foreign Assets Control, says the administration will be able to freeze the assets of cybercriminals, deny them U.S. visas and ban them from the U.S. financial system.
Smith says the executive order also prevents U.S. citizens from engaging in any transaction with anyone named under the executive order. And it will also make it more difficult to launder proceeds from hacking.
But analysts say it’s difficult not only to identify an individual attacker, but to track down where they’re located. Often, hackers will use a series of computers and networks to hide their locations and identities.
Wednesday’s announcement comes in the wake of a string of serious cyberattacks on retailers, such as Target and Home Depot, and on companies such as Sony Pictures, which the administration blames on North Korea. The White House says more than 100 million people have had credit card numbers, medical records and other personal data compromised as a result of cybercrime.