This afternoon the White House announced several actions against Russia in retaliation for Russian interference in the U.S. election. Key among them is the use of the cybersecurity sanctions regime created by Executive Order 13694 in April 2015. But the White House had to amend the Executive Order to use it against Russia.
As I previously explained, the Executive Order was designed primarily to address interference with “critical infrastructure” and cyber-enabled theft of intellectual property or other information for competitive advantage or financial gain. Election infrastructure, however, is not (yet) designated as critical infrastructure in the United States. The omission of election infrastructure from critical infrastructure poses problems internationally because it means that the internationally agreed norm against attacks on critical infrastructure doesn’t necessarily reach U.S. election systems. The omission also posed a domestic challenge because the existing Order did not clearly apply. To remedy that problem, White House amended the Order to allow punishment of “(E) tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.”
The White House designated five Russian entities and four individuals as subject to sanctions. The sanctioned entities include the Main Intelligence Directorate (GRU) and the Federal Security Service (FSB), and the individuals are four officials with the GRU.
The White House released a fact sheet summarizing its actions, which also include the expulsion of 35 Russian officials in response to harassment of U.S. diplomatic personnel in Russia.
[Editor’s Note: Just Security has published a list of all the government documents with short summaries of each.]