U.S. Executive Order Authorizes Sanctions on Individuals and Entities Responsible for Cyber-Attacks

On April 1, 2015, President Obama signed an Executive Order entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” In brief:

• The Executive Order allows for the imposition of sanctions on individuals and entities that are determined to be responsible for, or complicit in, malicious cyber-related activities aimed at disrupting critical infrastructure or computer networks, or at misappropriating funds, trade secrets, or personal or financial information, that cause significant harm to United States interests.
• No designations were made at the time of the Executive Order, so it provides authority for future action but does not immediately impose sanctions on any person or entity.
• Guidance issued in connection with the Executive Order underlines, among other things, the need for companies providing IT products and services to be prepared to implement any future sanctions designations with an appropriate risk-based screening program to avoid direct or indirect dealings with sanctioned entities.
• The Executive Order also makes the provision of goods and services in support of malicious cyber-related activities sanctionable, without imposing any explicit knowledge requirement; while the breadth of this provision is likely in practice to be tempered by common sense, it also argues for the exercise of due diligence by entities operating in the relevant sectors.

Please feel free to raise any question or concern you may have with any of your regular contacts at the Firm, or with Paul Marquardt in our Washington office.