• December 23, 2024

The Only Comprehensive Resource on U.S. Economic Sanctions

Cyber-Related Sanctions Incoming?

Spread the love

Since the issuance of Executive Order 13694 on April 1, 2015, the Cyber-Related Sanctions Program has been an empty program, containing neither regulations nor designations. That may be about to change. According to the Washington Post, designations of Chinese hackers or even Chinese companies benefitting from economic espionage could be dropping within weeks. There’s even a chance that OFAC will greet Chinese president Xi Jinping with new sanctions during his first state visit to the U.S. next month.

Despite remarks from Press Secretary Josh Earnest back in June, it’s looking like new designations, if the go through, will not tie back to China’s massive hack of the Office of Personnel Management (“OPM”). And for good reason. While the OPM hack was certainly a significant security failure that damaged U.S. national security, no one should pretend that the NSA would have acted any differently were it able to penetrate Chinese government networks in a similar fashion.

Moreover the language of EO 13694 makes clear that cybersanctions are not intended to address traditional espionage activity. The type of activity that could invite a cyber-related designation can be divided into two categories. §§ 1(a)(i)(A-C) generally threaten sanctions on individuals and entities targeting critical infrastructure. §1(a)(i)(D) and §1(a)(ii) target individuals and entities that either engage in cyberespionage for economic benefit or persons who receive commercial information derived from cyberesponiage or provide material support to those engaged in it. As with all U.S. sanctions programs, the intention is to strengthen norms that, at least on the surface, are accepted internationally.

From a practitioner’s perspective, the most interesting part of the Post story is the issue of the evidentiary standard used in any future cyber-related designations.

“Sanctions provide government officials a greater ability to protect classified sources and evidence than a criminal prosecution might. But, analysts point out, there likely will be significant pressure on the administration to release as much evidence as possible to back up its designations to convince skeptics.”

If the U.S. government really intends to target a significant Chinese company for receiving stolen commercial information, it’s unlikely that the customary single paragraph in an OFAC press release will suffice. I have a hard time believing that “reasonable cause to believe” is an evidentiary standard that China could accept (not that they would be pleased with any designation). It therefore seems likely that additional evidence would accompany any EO 13694 designations.

Perhaps this will usher in an era of more substantial designation actions or even the timely release of evidentiary memorandums. One can dream.

Samuel Cutler

Related post