U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.
Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active.
[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld’s Security Report newsletter. ]
“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”
The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking.
It was expanded in December 2016 to include election-related systems and used to sanction Russian agents and organizations for their alleged role in a series of attacks during the presidential election.
In that action, Obama named the Russian military intelligence agency, the GRU, and the federal security service, the FSU, as responsible for the election-related attacks. It also named three organizations and four Russian individuals for their alleged role.
The extension of the existing executive order is one of the first actions President Trump has taken publicly that addresses cybersecurity. In February, he had been due to sign an executive order that addressed the issue but it was canceled at the last minute.
The order, as it stood to be signed, largely addressed cybersecurity in the federal government by placing responsibility for cyber risk at the head of each department. It also would have asked the Department of Commerce and Department of Defense to work on cyberdefense of critical infrastructure.
But, after meeting with some of his national security staff and representatives from the National Security Agency, the order was never signed. The White House never explained why that didn’t happen.