The Green Sheet Online Edition
May 11, 2015 • Issue 15:05:01
White House gets tough on cyber crime
The United States raised the price of cyber crime on April 1, 2015, the effective date for a new set of penalties for cyber criminals. President Barack Obama declared a "national emergency" when he issued an executive order granting additional powers to U.S. government agencies to "respond appropriately, proportionally, and effectively to malicious cyber-enabled activities."
Described as "our latest tool to combat cyber attacks," the order takes aim at individuals and businesses engaged in cyber warfare that "results in significant threats to the national security, foreign policy, economic health or financial stability of the United States."
The new measure is a continuation of Foreign Policy Executive Order 13636, titled Improving Critical Infrastructure Cybersecurity, and signed in February 2013. It introduces harsher penalties for cyber criminals. The Secretaries of the Treasury and State now have the authority to seize property, extradite, or imprison individuals or businesses involved in malicious activities.
Security analysts hail government oversight
Mark Wayne, Executive Vice President of Governance, Risk and Compliance at Michigan-based ANX eBusiness Corp., welcomed additional government oversight of cyber threats in the business community.
"Before, the government did not generally get involved in an isolated credit card data breach until after it had already happened," he said, noting that his team has seen on a weekly basis how new forms of malicious software infiltrate POS systems within retail businesses to steal customer credit card information.
"With multiple, enterprise-level data breaches occurring in the last few years, including the Target and Home Depot breaches, the demand for cyber security has rapidly escalated from an IT team discussion to the executive boardroom concern, and now it has reached the White House," Wayne added.
Zero tolerance for cyber fraud
The following fraudulent activities against U.S. critical infrastructure, companies or citizens could be subject to the government sanctions:
- Harming or significantly compromising the provision of services by entities in a critical infrastructure sector
- Significantly disrupting the availability of a computer or network of computers (for example, through a distributed denial-of-service attack)
- Causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information)
- Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain, where the underlying theft of the trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States (for example, where a corporation knowingly profits from stolen trade secrets)
- Attempting, assisting in, or providing material support for any of the above harms
Protecting infrastructure, security resources
White House author and blogger Michael Daniel described the guidelines and penalties as appropriate for the information age where broadband communications are ubiquitous in both the public and private sectors.
"Our focus will be on the most significant cyber threats we face – namely, on actors whose malicious activities could pose a significant threat to the national security, foreign policy, economic health or financial stability of the United States," Daniel wrote.
Daniel stressed that the sanctions will target only the malicious actors whose actions undermine U.S. national security, not the victims of cyber attacks, and certainly not security professionals. He reassured security analysts that Qualified Security Assessors and researchers would not become inadvertent targets of investigations during their performance of routine assessments and scans.
Broader, long-range effort to fight cyber crime
"This executive order supports the administration's broader strategy by adding a new authority to combat the most serious malicious cyber-threats that we face," said President Obama.
Daniel said the executive order was part of "a broad range of tools – including diplomatic engagement, trade policy and law enforcement mechanisms – to address cybersecurity threats."
Following are other strategic government initiatives designed to improve threat detection and protect critical infrastructure:
- The Cyber Threat Intelligence Integration Center monitors foreign cyber threats within the federal government. It also provides business intelligence to the various government centers responsible for cyber security and network defense.
- The Department of Commerce's National Institute of Standards and Technology has been working on the Cybersecurity Framework, a key deliverable of the original government mandate for improved security standards. NIST members from government and private sectors have been collaborating to enhance network security while protecting privacy and civil liberties.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.