President Obama today signed an executive order that creates the first-ever sanctions program to penalize overseas hackers who engage in cyber spying—and companies that knowingly benefit from the fruits of that espionage. Though no specific penalties were announced, in a post on Medium, Obama broadly writes that "from now on, we have the power to freeze [hackers'] assets, make it harder for them to do business with US companies, and limit their ability to profit from their misdeeds." And "while we're focused on the supply side of this problem—those who engage in these acts—we'll also go after the demand side—those who profit from them. ... I'm also authorizing sanctions against companies that knowingly use stolen trade secrets to undermine our nation's economic health."
Who won't be targeted: "the unwitting victims of cyberattacks, like people whose computers are hijacked by botnets ... nor ... the legitimate cybersecurity research community or professionals who help companies improve their cybersecurity." The order is the latest attempt by Obama's administration to come up with options short of direct retaliation to deal with a growing cyberthreat coming from both nations and criminal groups. While the US did sanction several North Korean individuals in retaliation for last year's cyberattack on Sony Pictures, they were not targeted specifically for their role in that incident. In May, the Justice Department issued criminal indictments against five Chinese military hackers it accused of cyber espionage, but the hackers are out of reach of the US justice system. (More executive order stories.)