US Imposes New Sanctions on Russia for Cyber-attacks
Five entities and six individuals were sanctioned for interference with the 2016 US election.
On December 29, 2016, President Obama issued a new executive order that expands the authority of the US Secretary of Treasury to impose sanctions on individuals and entities for cyber-attacks under Executive Order 12694. The new executive order also specifically sanctioned five entities and four individuals in Russia for cyber operations aimed at the US election.
Amended Sanctions Authority under EO 13694
The sanctions were imposed in response to cyber activities taken by the Russian government during the 2016 US election. Under the new executive order, “Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities,” sanctions may now be imposed on individuals and entities that the US Secretary of Treasury, in consultation with the US Attorney General and US Secretary of State, determines are responsible for or complicit in, or have engaged in, directly or indirectly, cyber-enabled activities originating from or directed by persons outside the United States, that result in a significant threat to the United States, and have the purpose or effect of “tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.”
In the annex to the new executive order, two Russian intelligence agencies, the Main Intelligence Directorate (GRU) and the Federal Security Service (FSB), four GRU officers, and three companies that provided material support to GRU’s operations were identified. These parties will be added to the Office of Foreign Assets Control (OFAC)’s list of Specially Designated Nationals and Blocked Persons (SDN List), along with two more individuals that OFAC identified for using cyber-enabled means to cause misappropriation of funds and personal identifying information. As a result, the assets of these parties are blocked and “US persons” are prohibited from dealing with them.
One notable consequence of the designation of the FSB specifically is that US persons may now be prohibited from applying to this agency to obtain licenses to distribute IT products containing encryption in Russia. Such an application by a US person, directly or indirectly, would appear to be a prohibited dealing with an SDN.
“US Persons” include any United States citizen or national, permanent resident alien, an entity organized under the laws of the United States (including its foreign branches), or any person within the United States. If a US person engages in prohibited dealings with an SDN, such person can face a maximum civil penalty of $284,582, or twice the value of the underlying transaction to which the violation relates, whichever is greater.
US persons must ensure through thorough screening and other due diligence that they are not engaging in any dealings, direct or indirect, with an SDN.