The Obama administration just opened a new 'weaponization of finance' front
By declaring "significant malicious cyber-enabled activities" a "national emergency," the executive order will allow the treasury to freeze the assets and bank accounts of overseas cyber criminals that attempt to attack critical infrastructure, steal intellectual property, benefit from that stolen property, or disrupt major computer networks, according to the Post.
The executive order gives the administration the same sanctions tools it now deploys to address other threats - including crises in the Middle East and Russia's aggression in Ukraine - and makes them available for less visible cyber threats.The strategy is known as "weaponization of finance," which Ian Bremmer defined as the "systematic use of carrots (access to capital markets) and sticks (varied types of sanctions) as tools of coercive diplomacy."
Subjecting cyber criminals, companies that benefit from commercial espionage and even foreign intelligence operatives, to tough financial sanctions could have a "momentous" effect in deterring the growing number of cyber attacks seen daily on U.S. networks, said Dmitri Alperovitch, chief technology officer of Crowdstrike, a cybersecurity firm.
"Today, the White House is making yet another huge leap forward in the effort to raise the cost to our cyber adversaries and establish a more effective deterrent framework to punish actors engaged in serious intentional destructive or disruptive attacks," Alperovitch wrote in a blog posted on the company's website.
The program could prompt a strong reaction from China. Cybersecurity has been a significant irritant in U.S.-China ties, with U.S. investigators saying hackers backed by the Chinese government have been behind attacks on U.S. companies, and China rejecting the charges.
Obama issued an executive order in January allowing the government to sanction North Korea for its alleged role in hacking Sony last December. The sanctions authority differed from the executive order due to be signed today, however, in that it was not specific to cyberactivity and didn't target specific individuals.
The malicious cyber activity must constitute a threat to national security before sanctions can be imposed.
"You can't use it to go after Joe Schmo the petty criminal," a senior administration official told the Washington Post. "You've got to be able to demonstrate [the activity] is on a scale that's harmful to the United States as a whole."
Will it deter nation states?
The order - which has reportedly been in the works for two years - is partly a response to past attacks on critical US infrastructure by foreign hackers.
In 2012, Iran attacked the websites of major US banks including JPMorgan Chase and Bank of America, likely in retaliation for Western sanctions aimed at stalling the country's nuclear program. In February 2014, Iranian hackers launched another attack on billionaire Sheldon Adelson's Las Vegas Sand Corp., wiping the corporation's hard drives clean and stealing some customers' Social Security and driver's license numbers in the process.
Whereas Iranian hackers typically aim to completely destroy the infrastructure they manage to infiltrate, Russian hackers act more as cyber spies for the Kremlin.
In July 2014, researchers discovered that a sophisticated cyber weapon similar to the powerful Stuxnet virus had infected the industrial control systems of hundreds of European and U.S. energy companies over the course of 18 months. In March, the State Department revealed that it had yet to fully purge suspected Russian hackers from its email system after suffering its "worst ever" cyber attack in November 2014.
It remains to be seen if nation states - which can often hide their traces - will be deterred. Many of those same nation-states are acting to undermine other tactics of the US "weaponization of finance" strategy.
(Reuters reporting by Andrea Shalal, Jeff Mason and Susan Heavey; Editing by Bernadette Baum)