9821. Unpacking US Cyber Sanctions
- Author:
- Allison Peters and Pierce MacConaghy
- Publication Date:
- 01-2021
- Content Type:
- Commentary and Analysis
- Institution:
- Third Way
- Abstract:
- Malicious cyber activity poses one of the greatest threats to America’s national, economic, and personal security. Yet, the perpetrators of these crimes largely operate with pure impunity and face little consequences for their actions. This is particularly the case for cybercriminals who cost the US economy anywhere from $57 billion to $109 billion in 2016 alone.1 Since 2015, the United States has imposed targeted sanctions (e.g., asset freezes, travel bans) on over 300 individuals and entities in response to malicious cyber activity.2 Many of these sanctions were issued under the cyber-related sanctions program administered by the Department of Treasury and established by a series of Executive Orders under Presidents Obama and Trump and bills passed by Congress.3 Sanctions have largely been imposed on individuals with ties to Iran, Russia, and North Korea, and, in about half of these cases, sanctions have followed indictments. An overwhelming majority of these sanctions have targeted individuals with suspected links to government entities and, only recently, have cyber sanctions targeted cybercriminals.4 As targeted sanctions increasingly become a tool deployed by the US government to punish malicious cyber actors, it remains unclear whether they are having an impact in changing behavior. Research on the impact of sanctions more broadly indicates that sanctions can be an effective tool to impose consequences on bad actors and change their actions when employed multilaterally, as part of a coherent strategy, and effectively messaged.5 However, imposing sanctions on malicious cyber actors without continuously reassessing their impact and the expected reciprocal actions by the target(s), risks a number of potentially negative outcomes. While Congress introduced legislation in the 116th Congress to impose new or codify existing cyber-related sanctions into law,6 it has not exercised the necessary oversight over the Executive Branch’s strategy in issuing cyber-related sanctions and determining their efficacy. With other countries now following America’s lead in issuing these sanctions, the time is ripe for the new Congress to push for an inter-agency, holistic assessment of the impact of US cyber-related sanctions.7 And with cybercrime increasingly threatening all sectors of the US economy, Congress must call for an evaluation as to whether sanctions on non-state cybercriminals should increasingly be used.
- Topic:
- Science and Technology, Sanctions, Cyberspace, and Digitalization
- Political Geography:
- North America and United States of America