Trending
26protests had been filed against GSA’s
HCaTS contract at press time, with more still possible
Obama’s cyber ‘state of emergency’ yields no quick sanctions
In April 2015, President Barack Obama declared foreign cyberthreats to be a national emergency and gave the Trea- sury Department enhanced powers to target adversaries in cyberspace. Yet in the first five months of that greater authority, Treasury had yet to use it, according to a newly released report.
“No entities or individuals have been designated pursuant to” Obama’s exec- utive order, Treasury Secretary Jacob Lew wrote in an update to Congress that covered the period of April 1
to Sept. 9, 2015. Steven Aftergood, director of the Federation of Ameri- can Scientists’ Project on Govern- ment Secrecy, obtained the report via a Freedom of Information Act request.
Obama’s executive order authorized Lew to levy sanctions on individuals or groups whose “significant, malicious cyber-enabled activities” threaten U.S. national security, foreign policy, eco- nomic prosperity or financial stability.
Four categories of cyber behavior could trigger sanctions under the exec- utive order: harming critical infrastruc- ture services, “significantly disrupting” a computer network, stealing intellectual property or financial information, and
using such trade secrets for commer- cial gain.
It is unclear whether Treasury has refined how it targets candidates for sanctions since Lew’s letter. In a state- ment to FCW, the department said it does not comment on the existence of possible or pending investigations.
Treasury’s Office of Foreign Assets Control “continues to work to imple- ment and enforce our sanctions
“Most of the worst actors reside well outside the reach of U.S. law.”
— CHRIS CUMMISKEY
regimes, and exercises vigilance in detecting and responding to potential sanctions violations,” according to the statement.
Those who welcomed the executive order said the administration’s imple- mentation of it was telling.
“While the president made an impor- tant declaration by issuing the execu- tive order, [Lew’s report to Congress] highlights the challenges of implement- ing such a policy in the cyber arena,”
said Chris Cummiskey, a former Depart- ment of Homeland Security official who has worked on federal responses to cyber breaches.
“Most of the worst actors reside well outside the reach of U.S. law,” he said. Stewart Baker, another former DHS official versed in U.S. cyber policy, said he was disappointed by the lack of sanctions imposed in the months after
the executive order.
“Maybe those of us who praised
the order when it came out should have paid more attention to the fact that it was published on April Fools’ Day,” he quipped.
The lack of sanctions issued under Obama’s executive order notwithstanding, the Justice Depart-
ment has indicted Iranian and Chinese nationals for allegedly hacking U.S. assets. And legislation pending in Con- gress would urge the administration to impose sanctions on hackers with ties to the Iranian government.
In January 2015, three months before the executive order, Treasury sanctioned North Korean officials in retaliation for the hack of Sony Pic- tures Entertainment.
— Sean Lyngaas
FCW CALENDAR
7/13-15 Supply chain
The General Services Administration’s Software
and Supply Chain Assurance Working Group will hold public sessions on risk management, security metrics and more. McLean, Va. is.gd/FCW_ssca
7/26 Cloud
8/4-7 Cybersecurity
The final round of DARPA’s Cyber Grand Challenge —
dubbed the world’s first all-machine hacking tournament — will be held at DEF CON 24. Las Vegas
defcon.org
Federal CIO Tony Scott, FedRAMP Director Matthew Goodrich
and DISA Enterprise Applications Chief John Hale will speak at the ATARC Federal Cloud Computing Summit. Washington, D.C.
is.gd/FCW_cloud16
June 30, 2016 FCW.COM 3