US law regulates sanctions against non-Americans who commit cyberattacks

President Obama is expected to sign a bill on Wednesday creating a new sanctions program. This allows the government to impose targeted sanctions on individuals or organizations that carry out cyber attacks.

The new law, in the form of an executive order, is valid for cyber attacks aimed at corporate espionage or to damage systems on American soil, The Washington Times reported. The law, which has been in the works for two years, makes it possible to impose sanctions on non-Americans allegedly responsible for such attacks. Organizations may also have to deal with sanctions. Among the measures are the freezing of assets and the prohibition of commercial transactions with American companies.

President Obama wants the law to give the government more options to punish cyber attacks on American companies and government institutions. Corporate espionage, theft of credit card data and disruptive cyber attacks are a particular problem. Targeted sanctions against individuals should also mean that perpetrators can still be financially affected when they are abroad.

To prevent the sanctions from also being used for relatively minor offences, the law contains a number of minimum conditions that a ‘cyber crime’ must meet. For example, national security must have been at stake, or the American economy or foreign policy must have been damaged. In addition, four criteria have been drawn up, of which at least one must apply: critical infrastructure must have been attacked, a primary network has been disrupted, trade secrets or intellectual property has been stolen or there has been direct benefit from the stolen data.