On March 15, the Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned five Russian entities and nineteen individuals for “malign” cyber activity, “including their attempted interference in U.S. elections, destructive cyber-attacks, and intrusions targeting critical infrastructure.” This most recent round of sanctions is interesting for at least two reasons. To begin with, it is the first time that the Trump administration imposed sanctions under the Countering America’s Adversaries Through Sanctions Act (CAATSA), which was passed by overwhelming congressional majorities to punish Russian interference in the 2016 election. Second, all but two of the individuals sanctioned last week have previously either been targeted with sanctions or indicted in connection with L’Affaire Russe.
This most recent round of sanctions was undertaken pursuant to two authorities—Executive Order 13694 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” amended in 2016) and Section 224 of CAATSA. That order, which was first issued in 2015 by President Obama, authorizes sanctions on “individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities” that significantly threaten national security, foreign policy, or the nation’s economic health or financial stability. A 2016 amendment to the order expanded the order’s ambit to include individuals and entities responsible for interfering with or undermining election processes or institutions. 35 individuals and entities have been sanctioned under this executive order since 2015, most of which are connected to Russia.
CAATSA was signed by President Trump in August 2017 and specifically authorizes sanctions against Russia for its interference in the 2016 election and ongoing activity in Crimea. Last week’s sanctions were the first action the administration took under this authority. In January of this year, the State Department announced, to much criticism, that the administration would not be using CAATSA to impose additional sanctions on Russian entities or individuals, arguing that CAATSA itself was already “serving as a deterrent.”
Last Week’s Sanctions
The Trump administration used Executive Order 13694 to sanction all 16 entities and individuals indicted by Special Counsel Robert Mueller on Feb. 16. This includes the Internet Research Agency, Concord Management and Consulting, and Concord Catering (organizations used to funnel money to the Internet Research Agency), and 13 Russian nationals who supported the agency’s campaign to interfere with the 2016 election. Indeed, the rationale used to substantiate last week’s sanctions closely mirrored language used in the Mueller indictment. Last week’s sanctions, for example, note that the Internet Research Agency “organized and coordinated political rallies during the run-up to the 2016 election.” Mueller’s indictment similarly found that the agency “staged political rallies inside the United States.” Of the 16 entities and individuals sanctioned under the executive order 13694, only three (Yevgeniy Viktorovich Prigozhin and the Concord companies) were previously designated for sanctions due to activities related to Ukraine.
The entities and individuals sanctioned under CAATSA include the FSB, Russia’s internal intelligence agency; the GRU, Russia’s military intelligence agency; and six senior members of the GRU. The FSB, GRU, and four of the six individuals on the OFAC list had all been previously sanctioned in the waning days of the Obama administration for their interference in the 2016 election. One of the remaining individuals (Sergei Afanasyev) became a senior GRU officials after the 2016 Obama sanctions were released, and presumably could not have been included in the 2016 sanctions. It is unclear why the last individual (Grigoriy Molchanov, who joined the GRU in April 2016—many months before the Obama sanctions) was added to the list for the first time. OFAC’s statement cited 2016 election interference as well as the 2017 NotPetya attacks as bases for CAATSA sanctions. The NotPetya outbreak, a “worm” capable of spreading across computer networks, crippled computer systems across the globe by encrypting hard drives such that the machines could not run.
While these sanctions give the Treasury Department’s backing to the Mueller indictments, they shed little new light on Russian actors who have engaged in international cyber attacks or coordinated to interfere in the 2016 elections. Additionally, those who were looking for the administration to use CAATSA as a tool for punishing additional Russian entities will surely be disappointed.