New White House Executive Order: Sanctions in Response to Cyber Intrusions


Update: Here is the link the White House announcement of the Executive Order

For the last 4 years, I have persistently advocated for a trade sanction approach in response to the vast economic espionage being conducted by numerous nation-states and foreign corporate threat actors.

When I first started to publicly discuss this issue in the immediate aftermath of the Operation Aurora investigation, the main challenge we faced was the vast number of intrusions that had been conducted by the Chinese military and intelligence agencies on behalf of and for the commercial benefit of their State-Owned Enterprises (SoEs) and private industry.  Since those not so distant days, the problem has grown in size and CrowdStrike is now tracking dozens of nation-states and criminal organizations that are executing cyber operations against companies across virtually every sector of our economy on a daily basis.

Last year, the United States government had taken the unprecedented steps of filing a criminal indictment against 5 Chinese People’s Liberation Army (PLA) officers, who are members of the 2nd Bureau of the 3rd Department of the General Staff of the PLA – the Department responsible for conducting signals intelligence collection for the Chinese military, as well as publicly attributing the devastating attack on Sony to North Korea.

Today the White House is making yet another huge leap forward in the effort to raise the cost to our cyber adversaries and establish a more effective deterrent framework to punish actors engaged in serious intentional destructive or disruptive attacks that present a threat to national or economic security, as well as anyone engaged in economic espionage for commercial benefit or theft of financial information on a massive scale.

President Obama is expected to sign an Executive Order under the authority of the International Emergency Economic Powers Act,  to authorize the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to list foreign individuals or entities on the Specially Designated Nationals (SDN) List who are engaged in “significant malicious cyber-enabled activities.” The list can include individuals or organizations responsible for the hacks, as well as those companies (or SoEs) that may be financially benefiting from the stolen intellectual property they receive from the intelligence operations conducted by their governments. Being on this list means that U.S. businesses or persons are prohibited from conducting any business with the blacklisted entity (thus, they are immediately cut off from the entire U.S. financial sector) and travel by the entity to the U.S. is banned. In practice, the effect may even be more impactful and global as many other countries enforce sanctions against SDN-listed individuals.

While it remains to be seen how often these powers are used by the U.S. government and who might end up on the receiving end of these sanctions, I cannot understate the momentous impact of this action. The administration deserves tremendous credit for taking this extraordinary bold step. Today the individuals listed on the SDN include terrorists, WMD proliferators and narcotics traffickers. In the not too distant future, cyber criminals, companies that benefit from commercial espionage, and operatives of foreign intelligence services may very well find themselves added to such dubious company. Welcome to the Brave New World!

CrowdStrike Falcon Free Trial

Dmitri Alperovitch

Dmitri Alperovitch is a Co-founder of CrowdStrike who left the company in February 2020.


Try CrowdStrike Free for 15 Days Get Started with A Free Trial