Cybersecurity: Crime and Espionage

Cyber Sanctions and Idle Threats

By Paul Rosenzweig
Wednesday, March 2, 2016, 7:05 PM

As a young boy, I would sometimes be bullied by my peers. But even worse than the bullying was the perception of being unable to respond. If I said something like "do that again and I'll hit you" the harsh response would be the taunt "idle threats" -- a sign that my bully knew I was bluffing and had no real response.

I was reminded of these painful memories from my youth, today, at the RSA Conference during a discussion of America's response to state-sponsored economic espionage. Why? Because we are coming up on the one year anniversay of President Obama's Executive Order, "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities" and, at least as far as the public record reflects the substantial new sanction powers have not been used -- AT ALL. Now, I am more than willing to accept a high degree of caution in deploying a new legal tool. And I am more than willing to acccept that it takes a while to lay the groundwork for implementiing a new sanctons regieme. But is it really the case that in over a year, we have not been able to identify a single person in the entire world who is engaged in significant malicious cyber-enabled activities that warrant response? Or was this EO just an idle threat that the bullies can ignore?