Cyber sanctions

Last updated

Cyber sanctions are defined as the economic and financial measures intended to change the behaviors of targets using malicious cyber activities and/or intrusions. Since cyber sanctions regimes are used by countries, these instruments are used predominantly by countries. [1] Thus, countries in the international system rather than non-state actors such as companies, are the main actors and decision-makers when it comes to the threat and/or use of cyber sanctions at the international level.

Contents

The concept of cyber sanctions is relatively new area in world politics. Today, few countries have taken measures and enacted legislation and involving cyber-related regulations to secure their information technology. On the other hand, many countries, including developed countries, have not updated their legislation according to this new security area, i.e., cyber-crimes.

Experts have different ideas on the effectiveness of economic sanctions. This might be one of the main reasons why policymakers are skeptical for using economic sanctions for the issues related to malicious cyber activities. States are enacting legislation that considers the use of economic sanctions for cyber conflicts at the international level. The need for stability in cyberspace necessitates regulations at domestic and international levels. [1] The legal basis for the use of sanctions for cyber activities can be considered under the United Nations Charter's Article 2.4 where it is stated that:

"All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations."

Under the light of the UN Charter, many actors in the international system, including the European Union as an international organization, and the major EU member countries, and the United States, have taken steps using proactive and reactive financial and economic sanctions that can escalate to the application of military options.

European Union

The first cyber-related sanctions were used by the European Union in 2017 against six individuals who were involved in malicious cyber actions against some EU institutions and especially against the Organization for the Prohibition of Chemical Weapons. The EU's response included targeted sanctions, such as asset freezes and travel bans for these six individuals. [2]

The European Union Council has adopted several conclusions on the implementations of collective cyber security in the region. These conclusions included detailed strategies envisioning contingency plans and coordinating responses against malicious cyber activities targeting EU member countries. The EU Council's conclusions stress the inevitable cyber chaos that can diffuse all over the world if collective action is not achieved in this regard. Moreover, the creation of a network of security operation centers in the EU served the goal of envisioning the possible signals of cyber attacks against the EU.

Currently, the EU Council is working on enhancing its collective cyber response by focusing on sanctioning the target by creating a new entity called a "cyber intelligence working group." [3] [4] Although steps have been taken in using economic sanctions for cyber-related attacks against the EU, these measures are not completed yet, and member countries have different opinions on response strategies.

The Joint Force Headquarters Cyber Emblem Joint-forces-headquarters-cyber air force.png
The Joint Force Headquarters Cyber Emblem

United States

In October 2020, after detecting malign cyber activities by a Russian government research institution aiming to manipulate U.S. industrial systems via the Triton malware, the United States Secretary of State released a press statement that mentioned that economic sanctions were being imposed under Section 224 of the Countering America's Adversaries Through Sanctions Act. [5]

As of now, there are two executive orders (Executive Order 13694 [6] and Executive Order 13757 [7] ) that explain how economic sanctions and other measures would be used in response to malicious cyber activities. [8] The authority of the Treasury's Office of Foreign Assets Control (OFAC) is responsible for the initiation and outcomes of economic sanctions related to cyber-related activities.

See also

References

  1. 1 2 Moret, Erica (2017). "The EU Cyber Diplomacy Toolbox: towards a cyber sanctions regime?" (PDF). European Union Institute for Security Studies. JSTOR   resrep06815.
  2. "EU imposes the first ever sanctions against cyber-attacks". www.consilium.europa.eu. Retrieved 2021-07-28.
  3. "Cybersecurity: Council adopts conclusions on the EU's cybersecurity strategy". www.consilium.europa.eu. Retrieved 2021-07-28.
  4. Council of the European Union (2021). Draft Council conclusions on the EU's Cybersecurity Strategy for the Digital Decade.
  5. "United States Sanctions Russian Government Research Institution". United States Department of State. Retrieved 2021-07-28.
  6. "Executive Order -- "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities"". whitehouse.gov. 2015-04-01. Retrieved 2021-07-28.
  7. "Sanctions Programs and Country Information". U.S. Department of the Treasury. Retrieved 2021-07-28.
  8. "Cyber Sanctions". United States Department of State. Retrieved 2021-07-28.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.