Following high-profile data breaches, including North Korea’s virtual invasion of Sony Pictures, President Obama declared a national emergency related to malicious cyber-attacks from abroad. In an executive order signed April 1, 2015, Obama created expansive sanctions designed to curb, as he put it, this “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

The order gives the U.S. Treasury Department discretion to freeze assets of foreign persons or entities who engage in “or [are] complicit in” particular cyber-espionage activities. The activities must have “the purpose or effect of . . . harming or otherwise significantly compromising” critical infrastructure, significantly disrupting the availability of a computer network, or causing a “significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” For sanctions to be imposed, these activities need only be “reasonably likely to result in . . . a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”

The order also grants the U.S. Treasury the power to prohibit American citizens and businesses from doing business with sanctioned persons and entities and leaves room for those with “a constitutional presence” in the U.S. to have assets frozen without prior notice. For example, American citizens and businesses that profit or derive an advantage from the reception or use of misappropriated trade secrets can also be subject to sanctions if they knew that the trade secrets were misappropriated through foreign cyber-espionage.

This executive order follows closely on the heels of an executive order promoting private sector cyber security information sharing.  Taken together, these orders send a clear message to the rest of the world about the United States’ commitment to combating cyber security threats. By punishing malicious hackers and those who benefit from hacked data, the latest order adds another tool to the country’s defense against international cyber-attacks.