The Daily Caller logo
Opinion

Treasury Fails To Name Any Cyber Worst Actors For Economic Sanctions

File photo of a man posing in front of on a display showing a Facebook logo and the word 'cyber' in binary code, in this picture illustration taken in Zenica
Mattie Lolavar Cybersecurity Consultant
Font Size:

A vacuum the size of cyberspace. That unfortunately describes the long awaited but non-existent list of “cyber worst actors” based on President Obama’s executive order to impose economic sanctions in response to “malicious” foreign-controlled cyber related activities. This list will identify the Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) “Specially Designated Nationals and Blocked Persons List (SDN-Cyber)”  — if OFAC ever issues a list. Distressingly, OFAC needed 8 months after the president issued the cyber-activities executive order (on April 1, 2015 and made effective on December 31, 2015) to publish anemic and meager regulations. Incredibly, the regulations fail to define the key terms “malicious activities” and “posing a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”

OFAC has abdicated its responsibility to publish clear, enforceable regulations on cyber criminality. That postpones indefinitely any effective U.S. government action to specify clearly when, who, and how cyber criminals — both state and non-state — will be punished financially by OFAC under the executive order.

This isn’t OFAC’s first time listing and sanctioning cyber rogues. In January 2015, in response to the hacking of Sony Pictures, Obama issued an executive order immediately listing the government of North Korea and individuals for economic sanctions. Obama’s executive order addressed previous cyber hacking, bringing to mind numerous known bad actors that could be listed based on previous cyber breaches.

Mega piracy king Kim Dotcom, currently attempting to halt extradition to the U.S. to stand criminal trial, could make any long — or short –sanctions list for piracy of intellectual property. Unfortunately, regardless of the fact the U.S. DOJ has indicted Dotcom for alleged theft of millions of dollars of intellectual property from the entertainment industry, the executive order could be used against him to block his U.S.-based assets only if the Treasury determines that Dotcom’s theft constituted a “significant threat” to the “economic health or financial stability of the United States.” Moreover, how do the executive order and OFAC regulations stop ongoing flagrant profiting from prior cyber theft and compensate the victims for their accrued and future financial losses?

What about listing China, whose People’s Liberation Army is responsible for hacking into American defense contractors and stealing trade secrets that are significant to national security and commercially valuable? For example, 60 Minutes reported recently on China’s theft of intellectual property, from the American Superconductor company. China stole the company’s software to control wind turbines, and used that stolen software for use in Chinese wind turbines, bypassing American Superconductor and nearly destroying their business. China is responsible for stealing American Superconductor’s software, and for using the misappropriated technology to operate wind turbines. In this theft, China sure looks like a “person” who “directed” the theft from outside the United States and “use[d]” it for commercial purposes as described in the executive order and thus should be on the OFAC list. If the OFAC SDN-CYBER category were a real-world list in existence and China on it, the federal government and Massachusetts presumably would not have been allowed to use federal taxpayers’ money to buy those turbines. American Superconductor would clearly vote China onto OFAC’s Cyber Worst Actors list.

Then there is the Snowden conundrum with the cyber sanctions. Do Edward Snowden’s gargantuan cyber theft of national security documents constitute a “significant threat to the national security” of the United States under Obama’s cyber executive order? What about other persons  (who may be a U.S. or non-U.S. citizen) who may have “materially assisted” or “provided financial” support to Snowden in support of those thefts or support him in the future? These “persons” might include Julian Assange and the Government of Russia. This scenario highlights the difficulty of implementing the key criteria in the cyber E.O. and the failure of the current OFAC regulations.

Despite the frustration with OFAC’s phantom cyber list, the Securities Exchange Commission is the poster child for going after cyber hackers where it hurts and successfully — freezing assets. Last, week the SEC froze assets against nine new defendants, in addition to the 34 Ukrainian-associated cyber traders and hackers who infiltrated Wall Street newswires’ computers and stole and released to their associates non-public financial information that generated approximately $100 million in illegal trading profits for the hackers. The U.S. Government knew most of these hackers at the time the president issued his cyber executive order in April 2015. When OFAC gets around to issuing the Cyber Worst Actors list, the SEC has at least 40 names for OFAC to consider nominating.

The now-effective and seriously deficient OFAC regulations represent a significant part of the Obama administration’s efforts to deter and punish cyber criminals. One hopes diplomatic pressures did not influence OFAC to issue the current anemic regulations, lest vigorous cyber economic sanctions regulations offend significant U.S. trade partners. President Obama’s cyber sanctions executive order must be implemented promptly and firmly, to deter and punish cyber criminality and cyber theft, particularly in well-documented cases such as multiple cyber-predations by the Government of China and its PLA. Treasury/OFAC’s current lackluster implementation of Obama’s cyber executive order results in an unfortunate signal to foreign governments, among others, that the U.S. Government is acquiescing to state and non-state actors undermining U.S. interests.

Treasury evidently decided not to seek public opinion concerning these critical regulations. Although the regulations address the crucial subject of cyber crime, Treasury waived the requirement of the Administrative Procedure Act for advance opportunity for public comment before issuing regulations.  In this case, silence is not golden. OFAC admits that these regulations are in “abbreviated form.” OFAC says it “intends to supplement [the cyber-sanction regulations] with a more comprehensive set of regulations, which may include additional interpretive and definitional guidance.”

In the spirit of good, “transparent” government, Treasury/OFAC should invite public comments for the official record, hold a public hearing, and provide a public response to those comments, including any comments urging Treasury to consider revising the current regulations. Any less robust effort to strengthen the current regulations only emboldens the “Cyber Worst Actors” to continue their cyber-based attacks against all aspects of the United States’ national security and economic interests.

Mattie Lolavar is President of M22 Strategies, Inc. a policy and communications firm focused on cybersecurity. She is the Founder of CyberSalon™ a monthly meeting bridging the public and private sectors on cyber issues.

PREMIUM ARTICLE: Subscribe To Keep Reading
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel