The White House is considering the use of economic sanctions to punish the Russian government for their “nefarious activities in cyberspace,” according to a statement from White House Press Secretary Josh Earnest on Wednesday.
“[Economic sanctions are] something that we have used before and could potentially be used in preparing a proportional response to cyber threats,” said Earnest, answering a question regarding how the White House may respond to cyber attacks coming from Russia.
Such sanctions could feasibly be used for — but are not limited to — punishing Russia for its alleged involvement in a data breach at the DNC, former U.S. National Security Council director for cybersecurity policy Nathaniel Gleicher previously told FedScoop.
Under an executive order signed by President Barack Obama, the U.S. Treasury Department is empowered to levy sanctions on individuals and other entities who commit cyber attacks and or espionage against the country.
The executive order filled a gap in U.S. cybersecurity efforts and was designed to act as a tool for deterrence and punishment purposes, Michael Daniel, Obama’s top cybersecurity adviser, previously told reporters.
“We [now] have the power to freeze their assets, make it harder for them to do business with U.S. companies and limit their ability to profit from their misdeeds,” President Obama wrote in a Medium post following the executive order’s original announcement in April 2015.
But to convince allied nations to similarly honor those sanctions — thereby multiplying their effectiveness, internationally — the Obama administration may need to pursue public attribution in this case, Adam Segal, director of digital and cyberspace policy at the Council on Foreign Relations, told Fedscoop.
Last week, White House spokesperson Eric Schultz said the administration is reserving judgement until an ongoing FBI investigation into the DNC breach concludes. And even then, the government will consider the “clarity of evidence pointing to a culprit” and “whether it’s in the United States’ best interest to release that information or not,” Schultz said.
While nothing in the executive order requires some level of attribution, “if you were trying to convince others to honor the sanctions, you would probably need to convince them,” Segal said.
Pubic attribution, in this context, can be otherwise understood as the U.S. government openly blaming a cyber attack on a specific actor, group or entity.
Earnest’s comments on Wednesday follow in line with an opinion shared last week at the Aspen Security Forum by Department of Justice Assistant Attorney General John Carlin.
Carlin, who referenced a case in which Chinese hackers were arrested for stealing U.S. economic information and other trade secrets, told an audience that public attribution of cyber attacks is the “only way to change behavior.”
The arrest of the Chinese hackers mentioned by Carlin also occurred shortly after the Obama administration threatened to impose those same sanctions introduced by the aforementioned order. The arrests, conducted in partnership with Chinese authorities, served as an example for how the U.S. can deter future attacks, Carlin described.
Wednesday’s White House press conference represents the first time that the Obama administration has disclosed it is considering economic sanctions specifically against Russia for a possible cyber attack.