President Barack Obama’s Executive Order 13694 of April 1, 2015, “Blocking the Property of Certain persons Engaging in Significant Malicious Cyber-Enabled Activities”, will focus on individuals and organisations, overseas, who engage in cyber attacks or commercial espionage and are domiciled outside of the US, and who pose a threat to national security or the financial stability of the US.
This EO will allow the US government to impose sanctions against these individuals or organisations, and makes sense in that most of the countries where these attacks are taking place have no extradition agreements with the US.
US companies will be asked to share information such as theft of Intellectual Property and other trade secrets with the US authorities.
But there are some additional considerations which US companies will need to consider.
Firstly, there are 16 critical infrastructure sectors named in the EO. They are, dams, defence industrial bases, emergency services, energy, financial, communications, critical manufacturing, chemical, commercial facilities, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors/materials/waste, transportation systems and water and wastewater systems.
US companies must ensure that they do not operate in any jurisdictions targeted by comprehensive sanctions programs, or engage in unauthorised transactions or dealings with persons named on any of OFAC’s sanctions lists.
Most importantly, all companies in the infrastructure list, above, are advised to evaluate their current policies and where necessary, “develop a tailored, risk-based compliance program, which may include sanctions list screening or other appropriate measures”.