President Barack Obama on Wednesday signed an executive order that gives the Secretary of Treasury the authority to impose sanctions on entities found responsible for or complicit in carrying out a cyberattack harmful to U.S. interests. The Secretary of Treasury will have to consult with the Secretary of State and the Attorney General before enacting the powers granted under the order.
“Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit,” said Obama.
The Next World War
Last year saw the most devastating cybercrimes to date — ranging from wide-reaching hacks on civilians to attempts to pick the locks of the State Department’s front door. Major hacks included assaults on Apple’s iCloud, Sony Pictures Entertainment, the U.S. Postal Service, Home Depot, Paypal, and the U.S. State Department. A new type of hack — the dark hotel racket — preyed on traveling corporate officials.
Only two of the most high-profile cyberattacks had a direct impact on the U.S. government, but several compromised the business operations of some top companies. The effects of widespread attacks trickled down to all of the country’s citizens.
The president’s executive order provides new ways to punish those waging cyberwarfare with the U.S., but it doesn’t set forth an approach for classifying threats and addressing them systematically.
While some of the best and brightest U.S. security professionals have fingered foreign states as being behind certain attacks, the executive order doesn’t formalize how the administration will deal with bad actors funded by, say, the Chinese or Russian governments, noted Charles King, principal analyst at Pund-IT.
“There seems to a be general consensus that the next world war will be fought at least partially in cyberspace,” King told TechNewsWorld. “So creating a framework, with an executive order of this sort, can begin to create the framework for a formal governmental response to an attack.”
The president’s executive order is but the first step in laying out the U.S. government’s rules of engagement in response to cyberattacks, he said, but it’s critical to take that step.
“You don’t want to wait until the digital equivalent of Pearl Harbor happens before you plan how you will retaliate and create the legal framework for retaliation as well,” King explained.
Fleshing Out the Policy
With the president’s mandate in place, it’s now time to bring the public in on the discussion, according to Scott Borg, CEO and chief economist of the U.S. Cyber Consequences Unit.
“We really are functioning without an adequate policy here,” Borg told TechNewsWorld. “Without that policy, they can only do relatively limited things. They can only make relatively limited policy changes with any confidence that they’ll be used effectively.”
During the Cold War, U.S. officials engaged with citizens over policy issues, Borg recalled. Despite all of the worry over the nuclear arms race, the government opened up dialogue with its citizens.
Back then, the government identified the threats and outlined the consequences of aggressors acting on them. In recent years, however, the government and the public haven’t engaged in a similar discourse on the issue of cybersecurity as it pertains to national security, according to Borg.
“As a result, when our secret agencies are exposed as doing things, there’s all of this uproar over it,” he said. “Back in the Cold War, when a secret agency was exposed for doing something, there wasn’t a lot of uproar, because there was a consensus about what they’re supposed to be doing.”
Giving independent security experts and citizens places at the discussion table could help unify the country and strengthen the policies that emerge, suggested Borg, because “the general public right now has a better understanding of computers and the Internet than most of our political leaders.”