This Week in Getting Hacked: First Class Edition
April 2, 2015
This Week in Getting Hacked: Watch the Grid
April 8, 2015Freshly signed by the President of the United States himself is a new executive order that will allow sanctions to be placed against persons or groups that digitally attack the United States (and all its entities). In what can only be described as the POTUS being sick of his debit-card information being stolen at Target for the umpteenth time, Obama has grown a backbone.
I mean, look at President Obama’s face in this image on his official press release:
That’s the face of a man who means business. Cyber-business.
Of the order, Obama said:
“I’m, for the first time, authorizing targeted sanctions against individuals or entities whose actions in cyberspace result in significant threats to the national security, foreign policy, or economic health or financial stability of the United States. From now on, we have the power to freeze their assets, make it harder for them to do business with US companies, and limit their ability to profit from their misdeeds.
Who Does the Order Target?
When one reads more into the executive order, it becomes very clear that it targets overseas threats more than domestic ones. This could be because of the North Korea scandal of a few months ago, which you can brush up on here:
But before you chastise the POTUS, please see that sanctions would be used against companies that knowingly use trade secrets to undermine the nation’s economic health. Which is just as serious and just as cyber-security-ey.
In fact, for attacks to be sanction-worthy they will have to meet four criteria points:
- Critical infrastructure attacks, like power-grids
- Major computer network attacks
- Stealing intellectual property or trade secrets, as mentioned above
- Benefiting from stolen trade secrets and property
So if you’re not committing these infractions, you’re in no real danger of sanctions from the United States government. But, and it’s a big but, that list is just vague enough to encompass basically every type of cyber-attack imaginable.
What We Learned From the Past to Deal with New Cyber-Attacks?
As with the video above, the U.S. government has also accused other nations, like Iran in 2012, of cyber-attacks. Attacks on Target, Sony, Home Depot and others are also incidents that the order looked into to glean information on the types of information (or reasons why) cyber-attackers attack in the first place—beyond the obvious financial gains.
Obama has mentioned these attacks in his most recent State of the Union address, and this new order is just proving that he was serious. Coupling with this new order is another executive order issued by the POTUS insisting that companies share the details of their digital threat data, which would aid the government in protecting it.
Most importantly, however, is the new governmental agency whose sole purpose is to asses and prevent cyber attacks. All of the above has been building up to the power of this new executive order.
What is the Power of the new Cyber-Security Executive Order?
Straight from the President’s mouth: “From now on, we have the power to freeze [cyber-attacker’s] assets, make it harder for them to do business with US companies, and limit their ability to profit from their misdeeds.”
Basically, if you mess with America, you’re done messing with America. This will have huge financial impacts, if caught, on the attacking persons or entities. It’s also enough of a threat to discourage cyber-attacking behavior and increase data security.
This can raise some issues, however, issues that were addressed. How will companies test their cyber-security without being flagged? Isn’t that just another round of governmental red-tape business will have to cut through just to ensure their cyber-security.
Well, yes. But it could be worth it and there are certain implications of privacy that arise with this. However, the order will not take action against this type of cyber-behavior—or more specifically against the “legitimate cyber-security research community.”
The main point of the order, said an official, is that “if you think you can just hide behind borders and leap laws and carry out your activities, that’s just not going to be the case. We have other ways of getting at you, and we can hit where it hurts in terms of a financial impact.”
According to the Washington Post, the order was supposed to come out last week, but Obama wanted the language to be abundantly clear that it was aimed specifically against malicious attacks.
It’s a very serious issue that the President is taking with every grain of seriousness it deserves. As we’ve written about in the past, the laws protecting the way business operates in the past, before the technological boom, are sturdy and in place. But the laws protecting how business operate today are still catching up.
This order is just a necessary step in ensuring the economic stability of the United States, as more and more economic-weight is being shifted online. Hopefully the President can deliver on all his promises in his State of the Union address. And you can bet, we’ll be here to give you all the information.
