President Obama recently issued Executive Order 13694 (EO 13694 or EO), “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” EO 13694 is aimed at deterring cyber attacks, cyber espionage and cyber thefts, which have become increasingly common in recent years.
Acting under the authority granted to him under the International Emergency Economic Powers Act, the president declared the existence of a “national emergency” in response to cyber threats that originate beyond U.S. borders. The EO enables the U.S. government to block the property and assets of extraterritorial actors involved in such attacks, who have otherwise been difficult to reach.
The issuance of EO 13694 is one tool in a broader strategy (including diplomacy, trade policy and law enforcement actions) adopted by the White House to combat malicious cyber attacks. The president already issued Executive Order 13687 on January 2, 2015 to impose financial sanctions on 10 North Korean officials and three North Korean government agencies as a response to the cyber attack launched against Sony Pictures Entertainment in 2014. Moreover, on February 25, 2015, the president established the Cyber Threat Intelligence Integration Center (CTIIC) to provide better inter-agency coordination of the analysis of intelligence related to foreign cyber threats and attacks. With EO 13694, the White House is attempting to broaden its authority to go after the “worst of the worst of malicious cyber actors.”
EO 13694 directs the Secretary of the U.S. Department of the Treasury to impose financial sanctions on the following:
Persons determined to be engaged or complicit in cyber activities originating from, or directed by persons located, outside of the United States that have contributed to or are reasonably likely to result in “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States” and that have any of the following purposes or effects:
Harming or compromising the provision of services of a computer or a network of computers that support one or more entities in a critical infrastructure sector (the term “critical infrastructure sector” is defined in Presidential Policy Directive 21, issued by the White House on February 12, 2013, and includes such sectors as energy, financial services, communications and critical manufacturing, among others);
Significantly compromising the provision of services by one or more entities in a critical infrastructure sector;
Causing a significant disruption to the availability of a computer or network of computers; or
Causing a significant misappropriation of funds or economic resources, trade secrets, personal identifying information, or financial information for commercial or competitive advantage or private financial gain.
Persons determined “to be responsible for or complicit in, or to have engaged in, the receipt or use for commercial or competitive advantage or private financial gain, or by a commercial entity, outside the United States of trade secrets misappropriated through cyber-enabled means” (with knowledge that they have been misappropriated) where there is a reasonable likelihood that such activity will result in or materially contribute to a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.
The EO also blocks the property and assets of any person (1) that materially assists, sponsors or provides financial, material or technological support or goods and services for any of the above activities or to persons that are blocked under this EO; (2) that is owned or controlled by persons blocked under this EO; or (3) that is found to have attempted to engage in any of the above activities. Moreover, persons found to engage in the prohibited activities may be barred from entry into the United States.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued FAQs related to EO 13694. Future regulations promulgated pursuant to this EO will likely define “malicious cyber-enabled activities” in the way that term is defined in FAQ 447:
[M]alicious cyber-enabled activities include deliberate activities accomplished through unauthorized access to a computer system, including by remote access; circumventing one or more protection measures, including by bypassing a firewall; or compromising the security of hardware or software in the supply chain. These activities are often the means through which the specific harms enumerated in the [Executive Order] are achieved, including compromise to critical infrastructure, denial of service attacks, or massive loss of sensitive information, such as trade secrets and personal financial information.
OFAC will work to identify individuals and entities whose conduct meets the criteria set forth in EO 13694 and designate them as Specially Designated Nationals (SDNs) and Blocked Persons. Identifying such persons and entities may be the most difficult part of this White House effort because the cyber attacks are often hard to detect and the persons involved are hidden from view. The effectiveness of EO 13694, therefore, may depend on the ability of government agencies and industry participants to locate and identify the “malicious cyber actors.”
Since the EO did not include any initial designations, there is currently no specific step that U.S. persons must take in order to comply with the EO. Once Treasury has made such designations pursuant to the EO, however, persons subject to OFAC jurisdiction must ensure that they are not engaging in trade or any transactions with such SDNs or entities owned by such persons. As with all other OFAC sanctions lists, the names and identifying information for designated individuals and entities will be made available on OFAC’s online search engine.
 Executive Order 13694 was published on April 2, 2015 in Vol. 80, No. 63, pages 18077-18079 of the Federal Register.