Cyber threats present some of the most dangerous scenarios that can be endured by any person, or by any nation. Why? Because the threats not only render some of our greatest tools—like computers or mobile devices—useless, but these threats also use the very tools we depend on against us, turning our devices into unauthorized listening posts, blackmail repositories or even outright cash machines for criminals. A new move from President Barack Obama suggests that there may be some help on the way.
Obama reportedly signed a new executive order reflecting what was called “a national emergency”, drawing on powers afforded his office by several points of law, including the International Emergency Economic Powers Act, the National Emergencies Act, and section 212(f) of the Immigration and Nationality Act of 1952. Obama's latest executive order authorizes what are called “targeted sanctions against individuals or entities whose actions in cyberspace result in significant threats to the national security, foreign policy, economic health or financial stability of the United States.”
When discussing the order, Obama noted that it's sometimes difficult to pursue those who would stage such attacks, owing to a combination of weak laws in other countries or a general unwillingness to pursue such events. But the impact on other countries may not be as profound as expected; with the new executive order, the United States now has the power to freeze assets held within the country, as well as impede the ability to do business with United States firms, essentially going after what's known as the “supply side” of cyberspace crime. There will also be provision made for the “demand side”, as it's called, with sanctions also made ready for use against companies who profit by using stolen information.
Those concerned about the existence of botnets need not be, as Obama's discussion specifically exempts those who run afoul of such tools. Sanctions will, according to Obama, “in no way target the unwitting victims of cyberattacks, like people whose computers are hijacked by botnets.” Also exempted are “...the legitimate cybersecurity research community,” as well as “professionals who help companies improve their cybersecurity.” Obama's remarks on the order then concluded with a statement of support for net neutrality principles and an “open and free” Internet.
Obama's latest executive order may prove to be a mixed bag here; while some may suggest that this administration has been particularly focused on the executive orders of late, and may well be overstepping its bounds by telling other countries that the laws they have in place regarding cybercrime are weak and insufficient, there's another way to look at this. Obama's executive order acts feasibly by focusing on freezing assets held domestically for crimes committed against the various systems found therein. For some situations, this may be insufficient—a foreign government, for example, attacking the banking system or the power grid might better be dubbed an act of war than an offense deserving sanctions—while for others this may be entirely too much of a response, such as freezing assets over attacks that may not have actually happened in the first place.
Still, with the slew of data breaches recently taking place in the United States, it's not surprising that a government response would be desirable on at least some level. How well this actually works out is a matter best told by time; it will be a development worth following.