Andrea Danti - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Obama-era cyber executive order extended by Trump

A cyber executive order from the Obama era has been extended by President Trump to allow sanctions placed on cybercriminals who attack the U.S.

The long-rumored cybersecurity executive order seems to have disappeared, but President Donald Trump did extend a cyber executive order allowing for sanctions against malicious actors who attack the U.S.

The cyber executive order was first issued by former President Barack Obama in 2015 and was set to expire on April 1. Trump wrote to Congress saying he planned to extend it.

"Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Trump wrote. "Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities."

The cyber executive order allows the government to block "all property and interests in property that are in the United States" ... from being "transferred, paid, exported, withdrawn or otherwise dealt in" of someone who perpetrates a significant cyberattack on the U.S.

What the experts say

Tom Kellermann, CEO of Strategic Cyber Ventures in Washington, D.C., said "sanctions are a necessary instrument of soft power."

"Following the money and freezing the accounts of cybercriminals is paramount to civilizing cyberspace," Kellerman told SearchSecurity. "These sanctions and correspondent forfeiture laws must be expanded to include digital currencies and alternative payments."

However, Chris Pogue, CISO at Nuix in Herndon, Va., said the effects of the sanctions may be limited.

"If somebody violates the terms and conditions laid out in the executive order, [the government] can block financial interests or prevent them from entry into the country. Or, as was the case with the Russian officials, [the government can] politely ask them to leave. That's all fine and dandy, but what percentage of attackers will this cover, and how much of a deterrent will it actually be?" Pogue told SearchSecurity. "In my opinion, the sections as outlined in the EO [executive order] are not going to be very impactful. This is EO is great in theory, and shows that the president is doing something, but I think the impact is going to be negligible at best."

Eddie Habibi, CEO of PAS, based in Houston, said the ability to apply sanctions is good, but renewing this cyber executive order is "only one step in the right direction."

"Sanctions absolutely work and must have a place in our cyber arsenal. Unfortunately, at the governmental level, we have lacked for many years an effective and coherent deterrence policy," Habibi told SearchSecurity. "This is, in part, why we see headlines daily on successful cyberattacks -- the benefits of an attack far exceed any costs to the attackers."

Jim Reavis, CEO of Cloud Security Alliance, agreed the cyber executive order was just one piece of the puzzle.

"As all forms of criminal activity, warfare and terrorism have an increasingly larger cyber component, I believe that there is consensus that responsible governments need to have a broad set of tools to combat these threats," Reavis told SearchSecurity. "While this executive order is one of the tools, providing accurate attribution to malicious attacks on the internet and ensuring that sanctions are timely and impact negative behaviors [are] extremely difficult, and this executive order will ultimately only be a small part of the solutions for the ongoing cyberwarfare occurring today and in the future."

Next Steps

Learn what CIOs should watch for in President Trump's tech policy.

Find out if indictments can be an effective hacker deterrent.

Get info on the sanctions included in the cyber executive order.

Dig Deeper on Government information security management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you think sanctions will deter cybercriminals? Why or why not?
Until a method of location is developed to unhide IP Addresses and origin of the hack, there will be no way for these sanctions to deter cybercriminals or attacks. The time and expense required to locate or track where the hack originates, for example, in the case of ransomware, or any other botnet activity is futile. President Trump needs to be educated in this area by the best professional white hacktivist so he completely understands why this is next to impossible. This task is worse that eradicating the groups he seeks to eliminate in the middle east. How does one locate the root cause of all hacking? That's the question to answer, it is a money making business and it's difficult to sanction what can't be seen, discovered, or found. The crazy thing is that the Russians are only an alleged hacker the attack may not be from Russia, but it may have its origin from here in the United States and the hacker might be using a VPN server that is located in Russia, China, or any other country or several countries. The truth is we don't know where the hack's origin is without the use of expensive time and resources. Currently, the US tax dollars used for the alleged Russian interference (hack) regarding the US election has racked up a lot of money. The election is long over; we are still paying for it. Provided Russia is behind it, and they might not be, it could be some random hacker here in the US or Russia that caused it, we might never know, look at the damage this has cost the US at this point. In any event, sanctions are not the answer and cybercriminals won't stop hacking. The origin of the hack won't matter, it only serves to confuse. They will continue because they can and because in some cases it causes unrest as seen with our US government. Also, hacking provides an income. The hackers are paid well for their services. Sanctions won't work, something stronger is necessary. Hackers will continue to evolve and write nastier and harder to break code for breaching infrastructure.
The difficulties in cyber attribution definitely cause a lot of problems for law enforcement, though there have been some cases where hackers have been identified. Technological investigations alone can't accurately find hackers, but having human investigation to get in hacker circles can bridge the gap. I'm not sure any law agency has the manpower to follow all of those trails though.