May 12, 2021

Volume XI, Number 132


May 11, 2021

Subscribe to Latest Legal News and Analysis

May 10, 2021

Subscribe to Latest Legal News and Analysis

U.S. Authorizes Targeted Sanctions Against Overseas Cyber Threats

Cyber threats are one of the U.S.’s top security threats.  In just the past year, there has been a significant increase in the frequency, scale and sophistication of cyber intrusions and attacks – many of them originating overseas – which have targeted U.S. businesses.  On April 1, 2015, the President announced a new tool to combat the most significant cyber threats to the national security, foreign policy and economy of the United States.  

To deter those responsible for significant harmful cyber activity, the President signed Executive Order 13694 (the “EO”) which authorizes the Secretary of the Treasury, in consultation with the Attorney General and Secretary of State, to impose sanctions on those individuals and entities located overseas that he determines to be responsible for or complicit in malicious cyber-enabled activities that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.

The Executive Order is tailored to address and respond to the harms caused by significant malicious cyber-enabled activities which include:

  • Harming or significantly compromising the provision of services by entities in a critical infrastructure sector;

  • Significantly disrupting the availability of a computer or network of computers, including through a distributed denial-of-service attack;

  • Misappropriating funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain;

  • Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain; and,

  • Attempting, assisting, or providing material support for any of the harms listed above.

By sanctioning malicious cyber actors, the EO aims: (i)  to disrupt the supply side of the problem by limiting malicious cyber actors’ access to U.S. technology supply and infrastructure which they often rely to commit the above listed acts, and (ii) to target the demand side by limiting their access to the U.S. financial system which they often use to transfer their money.

The Administration has stated that this new authority will be used in a targeted and coordinated manner in response to significant cyber threats, and is not a tool that will be used every day.  In particular, it will not be used to go after legitimate cybersecurity researchers or innocent victims whose computers are compromised.  The President remarked:

We’re giving notice to those who pose significant  threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks or stealing the trade secrets of American companies or the personal information of American citizens for profit.  From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume V, Number 93



About this Author

Curtis Dombek, Attorney, Lawyer, Governmental Contracts, Sheppard Mullin Law Firm

Curt Dombek is a partner in the Government Contracts, Investigations & International Trade Practice Group. Curt divides his time between the firm's Brussels and Los Angeles offices.

Areas of Practice

Mr. Dombek has practiced since 1983 in the field of international trade. He advises clients on the full range of international regulatory issues, including civilian and military export controls, trade sanctions and blocking orders, Customs matters, the Foreign Corrupt Practices Act, the USA Patriot Act, Free Trade Agreements, CFIUS reviews of foreign...