The long-rumored cybersecurity executive order seems to have disappeared, but President Donald Trump did extend...
a cyber executive order allowing for sanctions against malicious actors who attack the U.S.
The cyber executive order was first issued by former President Barack Obama in 2015 and was set to expire on April 1. Trump wrote to Congress saying he planned to extend it.
"Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Trump wrote. "Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities."
The cyber executive order allows the government to block "all property and interests in property that are in the United States" ... from being "transferred, paid, exported, withdrawn or otherwise dealt in" of someone who perpetrates a significant cyberattack on the U.S.
What the experts say
Tom Kellermann, CEO of Strategic Cyber Ventures in Washington, D.C., said "sanctions are a necessary instrument of soft power."
"Following the money and freezing the accounts of cybercriminals is paramount to civilizing cyberspace," Kellerman told SearchSecurity. "These sanctions and correspondent forfeiture laws must be expanded to include digital currencies and alternative payments."
However, Chris Pogue, CISO at Nuix in Herndon, Va., said the effects of the sanctions may be limited.
"If somebody violates the terms and conditions laid out in the executive order, [the government] can block financial interests or prevent them from entry into the country. Or, as was the case with the Russian officials, [the government can] politely ask them to leave. That's all fine and dandy, but what percentage of attackers will this cover, and how much of a deterrent will it actually be?" Pogue told SearchSecurity. "In my opinion, the sections as outlined in the EO [executive order] are not going to be very impactful. This is EO is great in theory, and shows that the president is doing something, but I think the impact is going to be negligible at best."
Eddie Habibi, CEO of PAS, based in Houston, said the ability to apply sanctions is good, but renewing this cyber executive order is "only one step in the right direction."
"Sanctions absolutely work and must have a place in our cyber arsenal. Unfortunately, at the governmental level, we have lacked for many years an effective and coherent deterrence policy," Habibi told SearchSecurity. "This is, in part, why we see headlines daily on successful cyberattacks -- the benefits of an attack far exceed any costs to the attackers."
Jim Reavis, CEO of Cloud Security Alliance, agreed the cyber executive order was just one piece of the puzzle.
"As all forms of criminal activity, warfare and terrorism have an increasingly larger cyber component, I believe that there is consensus that responsible governments need to have a broad set of tools to combat these threats," Reavis told SearchSecurity. "While this executive order is one of the tools, providing accurate attribution to malicious attacks on the internet and ensuring that sanctions are timely and impact negative behaviors [are] extremely difficult, and this executive order will ultimately only be a small part of the solutions for the ongoing cyberwarfare occurring today and in the future."
Learn what CIOs should watch for in President Trump's tech policy.
Find out if indictments can be an effective hacker deterrent.
Get info on the sanctions included in the cyber executive order.