Editor's Note: This blog post was first published at whitehouse.gov.
Michael Daniel is special assistant to the president and cybersecurity coordinator.
Starting today, we're giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit." -- President Obama
For the first time, President Obama is giving our country a new tool to combat the most significant cyber threats to our national security, foreign policy, or economy. It's an important step, and many people may be wondering how it will work. Take a look at a few answers to some questions you may have on how the President's latest Executive Order will bolster our cybersecurity:
1. Why is President Obama issuing an Executive Order?
We live in an information age – almost every aspect of our daily lives is entwined in some way with the Internet. Here's the problem: The very networks that we rely on to enable many aspects of our increasingly digital lives are vulnerable to cyberattack. Every day, malicious actors are targeting our businesses, trade secrets and critical infrastructure, and sensitive information – and many of these attacks originate from outside our borders.
See also: Obama signs order authorizing sanctions against cyber criminals
When it comes to the worst actors, one of the biggest challenges we currently face is developing tools that will allow us to respond appropriately, proportionately, and effectively to malicious cyber-enabled activities, and to deter others from engaging in similar activities. With this Order, President Obama is taking action to give America a new way to confront the growing threat posed by significant malicious cyber actors that may be beyond the reach of our existing capabilities.
2. What does the Executive Order do exactly?
This Executive Order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on those individuals and entities that he determines to be responsible for or complicit in malicious cyber-enabled activities that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.
3. What kinds of malicious cyber-enabled activities does this Executive Order cover?
The Executive Order is tailored to address and respond to the harms caused by significant malicious cyber-enabled activities. These activities include:
- Harming or significantly compromising the provision of services by entities in a critical infrastructure sector
- Significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack
- Misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain
- Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain
- Attempting, assisting, or providing material support for any of the harms listed above
Our focus will be on the most significant cyber threats we face – namely, on actors whose malicious activities could pose a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.
4. Who will we target with this new tool?
This tool will be used to go after the worst of the worst of malicious cyber actors: Those whose cyber activities – whether directed against our critical infrastructure, our companies, or our citizens – could threaten the national security, foreign policy, economic health, or financial stability of the United States.
5. How effective will sanctions really be?
Malicious cyber actors often rely on U.S. infrastructure to commit the acts described in the Order, and they often use our financial institutions or partners to transfer their money. By sanctioning these actors, we can limit their access to the U.S. financial system and U.S. technology supply and infrastructure. Basically, sanctioning them can harm their ability to both commit these malicious acts and to profit from them.
6. What about the Sony Pictures hack? Could this Executive Order have been used then?
The President signed an Executive Order in January 2015 authorizing additional sanctions on the Democratic People's Republic of Korea (DPRK). That Executive Order was a response to the DPRK Government's ongoing provocative, destabilizing, and repressive actions and policies, particularly its destructive and coercive cyber attack against Sony Pictures Entertainment and threats against movie theaters and moviegoers.
President Obama took the Sony attack seriously and you can read more about that Executive Order and his response here.
7. If this is just one tool, what are the other ways we can respond to cyber threats?
The President is using a broad range of tools – including diplomatic engagement, trade policy, and law enforcement mechanisms – to address cybersecurity threats like these. We are bolstering the government's network defenses, sharing more information with the private sector, and standing up the Cyber Threat Intelligence Integration Center (CTIIC) to provide integrated analysis of foreign cyber threats within the federal government and help ensure that our government centers that are responsible for cybersecurity and network defense have access to the intelligence they need to perform their missions.
Moreover, we have sent Congress legislation to further enhance our cybersecurity by strengthening protections for victims of identity theft, modernizing law enforcement tools for investigating and deterring cybercrimes, and promoting increased cyber threat information-sharing among the private sector and government.
8. So when and how will the U.S. government decide to actually use these sanctions?
This authority will be used in a targeted and coordinated manner in response to the most significant cyber threats we face, whether they are directed against our critical infrastructure, our companies, or our citizens, when the activities could threaten the national security, foreign policy, the economic health, or financial stability of the United States.
In addition, it's important to know who we are not targeting. These sanctions will in no way target the victims of cyberattacks, like people whose computers are unwittingly hijacked by botnets or hackers. Nor is this Order designed to prevent or interfere with the cybersecurity research community when they are working with companies to identify vulnerabilities so they can improve their cybersecurity. The targets of these sanctions are malicious actors whose actions undermine our national security.