President’s Executive Order Tackles Cyber with Sanctions, AML Tools
Yesterday, President Obama issued an Executive Order
entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” that focuses on sanctioning individuals and groups participating in cybersecurity attacks on the United States, its government, people, companies, and industries. Clearly, the focus on “cyber’ has reached the big time. It’s not an everyday occurrence for a US President to issue a national emergency as he does in the second sentence of the Executive Order. Whether you think about “The Interview” from Sony Pictures, the card theft of Home Depot and other retailers, or the ongoing accusations of attacks by China, President Obama’s Executive Order indicates that he and his administration are willing to leave no stone unturned when it comes to establishing strong cybersecurity policies, practices, and procedures.
After reading through the Order, the following items are prominent:
- This Cyber-Security Order Goes Way Beyond Financial Services: Justifiably so, President Obama has chosen to focus on all critical infrastructure and not merely on the financial services sector, despite the fact that the financial services sector is arguably the industry to have the most years of experience fighting off such issues. In an appropriately broad definition, the President categorizes four areas that he believes are important to highlight, mentioning any “significant threat to (1) national security, (2) foreign policy, or (3) economic health or (4) financial stability of the United States.” This demonstrates that energy firms, health providers, universities, transportation systems, local government, and more can all be included under one or more of these four umbrellas.
- The Executive Order Merges Cybersecurity & Money Laundering Rules: These two topics are generally not tightly coupled; however, this Order sets down specific anti-laundering sanctions “tools” and concepts that will be applied to cyber-criminals. So while this is perhaps not entirely unchartered territory at our financial institutions, it is something that one doesn’t see occur on a regular basis and certainly not as a focus from the Office of the US President.
- The Order Goes After Individual People: While we believe most cyber-attacks are created and executed by clusters of loosely-associated groups of people, there are indications that individual persons are also guilty of such crimes. This Order brings specific focus on the fact that individual persons can be targeted for sanctions and – through other preventive mechanisms such as travel bans under such ordinances as the International Emergency Economic Powers Act – can be thwarted. Jason Healey in the Christian Science Monitor posited that perhaps it was “denying visas to executives who support the theft of commercial secrets, as well as to their spouses and children who want to study in US universities.”
- Obama is Targeting the Big Fish: Don’t expect this Executive Order to help you with that $22 charge you and your credit card company are arguing about. The purpose of this executive action is not to deal with minor issues, but rather to focus on the big, serious players in cybercrime that continue to elude US and other law enforcement agencies even though they have been identified (and in some cases publicized by name).
Clearly our nation’s infrastructure and economic well-being are the target of a range of very serious-minded and organized cyber criminals; and it doesn’t appear these problems are going away any time soon. There’s more to this than hacked credit cards; fighting cybercrime takes new tools and sanctions and a well-orchestrated governmental prioritization such as that outlined in yesterday’s Executive Order to begin to thwart those nation-states and individuals out to do us harm. This is a battle on a new front. Hopefully this Order is an indication that we are arming ourselves to fight these unique enemies in a sophisticated and targeted manner.