President Obama declared the threat of malicious cyber-enabled activities a national emergency April 1 and issued an executive order authorizing sanctions on individuals or entities that are responsible for, are compliant in, or engage in such activities originating or directed from abroad.
Calling cyber threats one of the most serious economic and national security challenges the United States faces, Obama authorized the secretary of the Treasury, in consultation with the attorney general and the secretary of State, to impose sanctions on those whose actions are likely to result in or have contributed to a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. The executive order also authorizes sanctions to be imposed on individuals who knowingly receive or use trade secrets stolen through cyber-enabled activities that pose a threat to U.S. national security and economic competitiveness.
ABA President William C. Hubbard commended the president for his executive order, saying it provides a new tool for both the private sector and the government in the fight against malicious cyber activity and cyber theft.
The president’s action is in line with ABA policy adopted in 2013 that calls for appropriate sanctions for unauthorized, illegal intrusions into computer networks utilized by lawyers.
“Information security represents an increasingly important issue for the legal profession,” Hubbard said. He explained that sophisticated hacking activities on private computer systems and networks, including those used by lawyers and law firms, have increased dramatically over the last decade and expose clients, their lawyers and society to significant economic losses and undermine the legal profession by threatening client confidentiality and the attorney-client privilege.
The April 1 executive order follows President Obama’s pledge in January to push for comprehensive cybersecurity legislation. At that time he submitted a legislative proposal to Congress aimed at enhancing collaboration and information sharing by the private sector by encouraging the private sector to share appropriate cyber threat information with the Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC).
The center would share the information with relevant federal agencies Information Sharing and Analysis Organizations developed and operated by the private sector. Private sector companies that participate would gain partial liability protections from lawsuits resulting from security breaches. The president also included provisions to modernize law enforcement authorities to address cybercrimes and would streamline procedures for reporting security breaches to consumers.
Although Congress was unable to agree on comprehensive legislation during the last Congress, several bills were enacted, including new laws creating the NCCIC and supporting steps for the private sector to develop voluntary best practices for reducing cybersecurity risks to the nation’s infrastructure.