White House pushes back against cyberterrorism

You’re working on your laptop as usual one morning, perusing your favorite social network, when your computer requests a system update. Although nothing seems out of the ordinary, one of those language pack updates you normally barely pay attention to is carrying a not-so-ordinary payload. In the blink of an eye, your system is wrenched from your control, and a complete hard-drive wipe commences, destroying all of your most important work and personal files. An ominous red skeleton appears on your screen with a host of demands. Before you know it, all of your personal files will be shared publicly on the world wide web. This modern-day horror story may seem distant, but company-wide attacks like this occurred just last December, targeting businesses like Sony Pictures Entertainment. These attacks against American individuals and companies have not gone without response. American intelligence agencies traced the attack’s trail across the globe as it bounced from compromised computer to compromised computer until it eventually led to its source — North Korea. The question, however, isn’t how to find cyber criminals, but what to do once they are caught. In the case of the Sony attacks, any actions taken become a sensitive diplomatic move. On Jan. 2, U.S. President Barack Obama issued an executive order instructing several government agencies to take action against the Democratic People’s Republic of Korea (DPRK). The Treasury Department, for example, froze any assets controlled by the American financial system of individual officials, the DPRK and its supporters. On April 1, Obama signed a new, more powerful executive order. This new executive order has no geographic limits and expands possible sanctions to any foreign attackers and their supporters. “Cyber threats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Obama said in his press conference. “As we have seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies and our citizens.” The U.S. government is now authorized to freeze the assets of any identified perpetrators. Michael Daniel, the White House cybersecurity coordinator, wrote on the White House Blog, “Our focus will be on the most significant cyber threats we face — namely, on actors whose malicious activities could pose a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.” Daniel listed cyber threats that will be targeted by the government: compromising critical services in American infrastructure; disrupting computer or network availability; misappropriating funds, economic resources, trade secrets or personal information for gain; knowingly receiving said misappropriations, or attempting or assisting in any of these attacks. Daniel believes it is also important to note who the U.S. government is not targeting. “These sanctions will in no way target the victims of cyber attacks, like people whose computers are unwittingly hijacked by botnets or hackers. Nor is this Order designed to prevent or interfere with the cybersecurity research community when they are working with companies to identify vulnerabilities so they can improve their cybersecurity,” Daniel said. Looking forward, we can expect further bolstering of U.S. cyber defenses. From diplomacy engagements to trade policy to law enforcement mechanisms, the government will be taking a more severe stance against cyber and technology threats. Congress legislation is currently under works to enhance and modernize the American cybersecurity approach. Thus, while we have been introduced to a new, modern-day horror story, we are also introduced to a new, modern-day hero. As Obama announced upon signing this new executive order: “Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks or stealing the trade secrets of American companies or the personal information of American citizens for profit.”