Following another year of costly cyber-attacks on U.S. companies, federal agencies, and critical infrastructure, the United States operationalized a new tool to counter the global cyber threat and thwart further strikes at home. On Dec. 31, 2015, the Office of Foreign Assets Control (OFAC) in the U.S. Treasury Department issued regulations implementing an executive order introduced by President Barack Obama last April authorizing economic sanctions in response to malicious cyber-enabled activities launched from abroad.
While key details on the sanctions program’s contours are unclear, the regulations unquestionably increase U.S. policymakers’ power to punish and deter those who siphon trade secrets from American networks and threaten national security and financial interests. This article probes what we know about the first U.S. cyber sanctions framework, what we do not, how the regulations are expected to impact business, and what companies should be doing to prepare.
