White House Issues New Executive Order on Cybercrime
On 1 April 2015, President Obama signed an executive order declaring certain malicious cyber activities to be a significant threat to the national and economic security of the United States. This follows the significant executive order issued by the White House at the Silicon Valley meeting in February which focused on public-private information sharing.
The 1 April order is significant in that it imposes financial penalties on cybercriminals outside of the United States through asset forfeiture and seizures via the U.S. Department of the Treasury. It allows the United States to take action against foreign interests by exerting sovereign power over funds that the U.S. can access even if they cannot get the individuals extradited or under U.S. control. The order allows for action in the following cases:
1. Attacks on critical infrastructure or the networks that support critical infrastructure. (See Brian Lozada’s article in National Cberysecurity Journal for background on cybercrime or NCI’s Protecting Our Future for information on critical infrastructure.)
2. Causes a significant disruption to computers or networks
3. Significant financial losses or theft of trade secrets for personal gain or competitive advantage.
The order also authorizes the prosecution of anyone who assists or supports others to carryout this malicious activity.
While it remains to be seen how effective the order will be, the order does give law enforcement a powerful new set of tools. Cybercrime is growing because it is relatively low risk and offers substantial rewards. This administration has taken a series of actions on cybersecurity and this is the latest step. Going after the money is great way to turn the tables on cyber crime.
Please join us on Twitter!