Foreign Cyber Criminals Targeting Trade Secrets May See Sanctions Under New Policy
Excerpt from Sandler, Travis and Rosenberg | April 08, 2015
President Obama issued April 1 an executive order allowing the U.S. to impose economic sanctions against foreign individuals or entities using cyber-enabled activities in an effort to harm critical U.S. infrastructure, damage U.S. computer systems and steal U.S. trade secrets or sensitive information. Obama administration officials said they expect the authorities under this order to be used “judiciously and in extraordinary circumstances” against “the worst of the worst, the most serious overseas malicious actors, the ones that could actually threaten the national security, foreign policy, or economic health or financial stability of the United States.”
Sanctions. The sanctions available include freezing the assets of designated persons that are in the U.S., come within the U.S. or come within the possession or control of any U.S. person and prohibiting U.S. persons from dealing with designated persons, including exports or transfers of blocked property.
Sanctionable Persons. These sanctions may be applied to any individual or entity determined to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the U.S. that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S. and that have the purpose or effect of:
– harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector;
– significantly compromising the provision of services by one or more entities in a critical infrastructure sector;
– causing a significant disruption to the availability of a computer or network of computers; or
– causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers or financial information for commercial or competitive advantage or private financial gain.
Sanctions may also be imposed against any person determined:
– to be responsible for or complicit in, or to have engaged in, the receipt or use for commercial or competitive advantage or private financial gain, or by a commercial entity, outside the U.S. of trade secrets misappropriated through cyber-enabled means, knowing they have been misappropriated, where the misappropriation of such trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S.;
– to have materially assisted, sponsored or provided financial, material or technological support for, or goods or services in support of, specific activities or any person whose property and interests in property are blocked pursuant to this order;
– to be owned or controlled by, or to have acted or purported to act for or on behalf of, directly or indirectly, any person whose property and interests in property are blocked pursuant to this order; or
– to have attempted to engage in specified activities.
No such persons have yet been identified, but the Treasury Department’s Office of Foreign Assets Control said it will work with other federal agencies to “identify individuals and entities whose conduct meets the criteria set forth in the E.O. and designate them for sanctions” by adding them to the list of specially designated nationals and blocked persons (SDN list).
Compliance. OFAC states that once designations have been made under this order, U.S. persons and persons otherwise subject to OFAC jurisdiction (including firms that facilitate or engage in online commerce) must ensure that they are not engaging in trade or other transactions with designated persons or any entity owned by such persons. OFAC encourages such persons to develop a tailored, risk-based compliance program, which may include sanctions list screening or other appropriate measures.