White House Cyberattacks Officially a National Emergency
It's not news to the majority of companies storing and transmitting sensitive information online that cyber defense is a major concern both on the level of individual operations and for the economy as a whole. Recent attention paid by both business leaders and the federal government to malicious hackers has raised the issue's profile in the public sphere, as have the many attacks on consumer-facing businesses. The cybersecurity bill that's currently pushing through Congress is yet another example of how this aspect of business security and operations is becoming a bigger concern in the eyes of everyone involved, from individual citizens to businesses and governmental organizations.
"The U.S. Secretary of the Treasury is now authorized to seize the funds of hackers in certain situations."
A national emergency
The state of affairs related to cybercrime received a major shakeup at the beginning of April, as President Obama officially declared attacks on electronic assets originating outside the U.S. a national emergency. This terminology isn't used lightly nor often, and it isn't simply a statement without any supporting action. With the declaration in place, the White House can now sanction foreign cybercriminals when they attack assets belonging to public and private institutions. Government technology news source FCW reported that the
sanction covers both unlawful virtual entries where data is stolen for use in crime such as identity theft and financial fraud, as well as the cyber espionage tactics more commonly used against governments and large, international businesses.
While the sanctions authorized by the declaration are only financial in nature - as opposed to the possibility of increased international law-enforcement operations - they are far from a light penalty. FCW said the U.S. Secretary of the Treasury's office is now authorized to freeze and seize funds that are identified to have come from individuals and groups engaged in hacking efforts. This broad range of power means that cybercriminals will have to significantly change how they operate when passing resources through the U.S.
Setting the level for action
Because the executive order isn't a blanket statement on all hacking, which includes everything from the benevolent actions of white-hat hackers to improve security systems all the way up to international cybercrime, not all malicious acts will qualify for the economic penalties. Political news site The Hill reported that the basic threshold for such efforts would involve "significant and malicious" actions taken against the U.S. One example noted as an impetus for the state of emergency was the hack of Sony Pictures, which left the president and his advisors at a loss for planning an appropriate, proportional response.
FCW provided an in-depth list of the standards, which include significant disruption of critical infrastructure, major distributed denial-of-service attacks, significant fraud related to finances and the unauthorized access or exchange of business secrets if used for illicit financial benefit. Because the word "significant" appears often in the declaration, it may actually be too limited and apply to too few of these security breaches. Without any precedent set in the matter, only time will tell if the wording behind the executive order will prove to be an unrealistically high standard.
Beyond the proposed cybersecurity bill from Congress, this action on the part of the president demonstrates the clear and present danger posed by cybercrime. Businesses shouldn't rely on the actions of the federal government to protect their valuable and vulnerable virtual assets. Implementing a cybersecurity platform helps businesses take the lead when it comes to defending against hackers.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.