Why Obama's Plan to Deter Cyber Attacks With Sanctions Is Useless

The White House has announced a new sanctions program that will authorize the executive branch to penalize malicious cyber “actors” whose behavior endangers “the national security, foreign policy, or economic health or financial stability of the United States.” Sadly the President is opting for theater that creates the perception of security rather than actually making it more difficult for attacks to succeed.


Obama’s new executive order rests on a strategy of deterrence, a cold war idea that’s been revived by the likes of former NSA director Mike McConnell and more recently by current NSA director Mike Rogers. The basic idea is this: if enemies fear retaliation they’re less likely to launch an attack (nuclear, cyber or otherwise).

But deterrence is useless if you can’t figure out who attacked you. Malware isn’t like an ICBM that leaves a clear trail going from point A to point B. Thanks to Edward Snowden it’s public knowledge that Five-Eyes Intelligence agencies have invested heavily in developing anonymity technology and conducting deception operations that aim to conceal the origins of their clandestine attacks. It would be naïve to believe that other countries aren’t doing the same.

Consider the following scenario. Japanese spies targeting sensitive information in the United States could launch their campaign out of China, outsourcing the bulk of their work to local outlaws who use indigenous tools and tactics. Advanced anti-forensic methods could be wielded to cast suspicion elsewhere, away from Japan, and investigators would no doubt recognize the political expedience of accusing China over an ally.

One can imagine the hazards, not to mention embarrassment, associated with rash accusations. In 2009 the presiding Republican on the House Intelligence Committee, Peter Hoekstra, in lieu of hard evidence, recommended that the United States execute a “show of force” against North Korea in response to run-of-the-mill denial of service attacks on South Korean and U.S. websites. Cooler heads prevailed and the attacks were eventually traced back to a VPN circuit in Florida.

It’s interesting to watch history repeat itself with the data breach at Sony. Yet the public clamors for POTUS to do something. This new program, which threatens would-be “actors” with economic sanctions, is something. So that’s what Obama is doing.

Boldly clambering down into the rabbit hole of attribution is bad enough, but there are additional questions that arise with respect to this new executive order. For example, if the United State is going to penalize other countries for alleged cyberattacks does this mean that other countries will be able to seek redress from the United States for American cyberattacks?

After all, the United States is the most prolific “actor” in the cyber domain, seeking to “dominate” the Internet. Officials have admitted outright that both the Stuxnet and Equation Group attacks were NSA initiatives. Dozens of countries and hundreds of organizations were impacted. Will the United States be exempt from the mandates that it applies abroad, as the world’s one indispensable nation?

Sanctions may be less violent than conventional military weapons but they still rely on the process of attribution. This underscores the reality that false flag operations are as popular as ever and relatively easy for funded intelligence outfits to execute. Does the President believe threatening sanctions will improve our cyber security or is he merely looking for another excuse to frame and punish his adversaries?

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

Close