On-the-Record Press Call on the President’s Executive Order, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”

The White House

Office of the Press Secretary

For Immediate Release

April 01, 2015

Via Telephone

10:05 A.M. EDT

MS. MEEHAN:  Good morning, everyone, and thank you for joining this press call to discuss the President’s executive order, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”  It's a mouthful.

This call is on the record but will be embargoed until the end of the call, so please no social media until the call is over.  On the record means obviously that you can quote the senior administration officials by name and title.  They are Special Assistant to the President and Cybersecurity Coordinator, Michael Daniel.  And our second official is Department of the Treasury Acting Director for the Office of Foreign Assets Control, otherwise known as OFAC, John Smith. 

So with that, I’ll turn it over to our first official, Michael Daniel.

MR. DANIEL:  Thank you, Bernadette.  Thank you, everyone, for taking the time to talk with me today.  As we are all very much aware in this day and age, cyber threats are some of the most serious national security and economic challenges facing the United States.  And over the last few years, the administration has been pursuing a comprehensive strategy to confront this threat.  And in particular, what I want to talk to you about today is one new element of that strategy that we’re rolling out -- a sanctions E.O. to respond to the most significant cyber threats. 

In particular, we believe that we very much need the full range of tools across the spectrum in order to actually confront the cyber threats that we face.  So diplomatic, law enforcement, economic, military, intelligence -- all of those tools are necessary in order to combat this threat. 

So we have been over the past several years putting those tools into place and expanding our capabilities and abilities to confront this threat, and this sanctions E.O. is one particular piece of that. 

So what this sanctions E.O. is really designed to do is it is designed to fill in a gap that we have identified where individuals carrying out significant malicious cyber activity are located in places that it's difficult for our diplomatic and law enforcement tools to reach, whether because they’re behind the borders of a country that has weak cyber security laws, or the government is complicit in, or turning a blind eye to, the activity that’s happening and we don’t have good law enforcement relationships or other kinds of relationships.

So what we are doing is putting in place a tool that will enable us to impose costs on those actors.  And in particular, what we are doing is we are focusing on those actors that pose a significant threat to the national security, the foreign policy, or the economic health or security of the United States as a whole, and that carry out one of four explicit kinds of harms through cyberspace:  damaging attacks on our critical infrastructure; disrupting computer networks, say, through a widespread distributed denial of service attack; widespread or significant thefts of personal information, financial data, trade secrets or intellectual property; and the knowing use and receipt of those stolen goods.

So it's important to note that we very much intend this tool be one that is targeted and judicious in its use.  It's not one that we are expecting to use every day.  In most cases, our diplomatic and law enforcement and other tools will be the ones that we turn to first.  But it's important that we have this capability in our toolbox in order to go after the threats that we face.  We will not certainly be using this to target free speech or interfering with the free and open Internet, and we’re not going to be going after the innocent victims of people whose computers were taken over and used by malicious actors.  So it’s a very targeted and limited authority.

So we know that sanctions are not a cure-all for this particular threat, but it is an important tool for us to have.  The last thing I would say is we are not -- and Treasury can go into this in more detail -- we are not announcing any designations under this new authority today.  We are putting in place the framework so that it’s available for us to respond, if we needed to rapidly, to an emerging cyber threat.  In the future, we will use this tool in a targeted and coordinated way against the worst of the worst, the most serious overseas malicious actors, the ones that could actually threaten the national security, foreign policy, or economic health or financial stability of the United States.

So with that, I’ll turn it over to John over at Treasury.

MR. SMITH:  Good morning.  This is John Smith from the Treasury Department’s Office of Foreign Assets Control.  Thanks for joining us this morning.  I’m going to briefly discuss some of the details of the new executive order.  I should start by saying we are excited about this new tool that will allow us to expose and isolate those behind malicious cyber activity.  The executive order allows us to put a name to those who go to great lengths to mask their identity, to expose our adversaries behind these attacks for the world and, of course, financial institutions to see.

As Michael noted, this new executive order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities that engage in significant malicious cyber-enabled activities that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health, or financial stability of the United States.

Since Michael went through some of the details of the executive order, I’ll highlight a few points and I’m happy to take more detailed questions afterward about today’s action.  This authority is focused on significant threats, threats that endanger the national security or foreign policy of the United States, or our economic health and financial stability.  It’s also focused on protecting critical infrastructure.  This action builds on efforts by the U.S. government and public-private partnerships to disrupt threats and hasten response-and-recovery efforts by punishing malicious cyber actors.

I think it’s important to note that while this authority is powerful, it is a piece of the larger U.S. government response to enhancing cyber security.  This means that we intend to use this tool judiciously and in extraordinary circumstances.  It will not replace law enforcement mechanisms, and we intend to work closely with law enforcement in the careful application of this tool. 

Finally, as Michael noted, this authority is not designed to police the Internet or stifle technological innovations.  Just as we have a responsibility to protect the U.S. financial system from abuse by malicious actors, we have a responsibility to protect the United States from those who exploit our information technologies to threaten our critical infrastructure, our economic health and financial stability, and other core interests.

With that said, I’m happy to answer any questions.

Q    I want to focus on the potential sanctions against companies that knowingly benefit from the fruits of cyber espionage.  When the Justice Department indicted those five Chinese military hackers, FBI Director James Comey said, “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries.”  From that, one presumes that the U.S. government has evidence that Chinese state-owned industries have knowingly benefitted.  Can you talk about whether you do have that evidence and how far it extends?  And what’s the potential universe of companies here that could be sanctioned?

MR. DANIEL:  Sure, so I’ll start at the top and then I’ll ask Treasury to sort of comment on kind of the standards of evidence that we use.

I’m certainly not in any position to speculate on the particulars of any given company and what we might have in terms of evidence.  What I can say from a broad standpoint is that we know that in many cases, not just in any one country, but across a wide swath of the planet, actually, there are companies that hire hackers to steal intellectual property.  And we don't want to just deter those that are actually with their fingers on the keyboard, but also those that are behind those groups and that are funding those groups and are enabling those groups to carry out their activity.

So that's why we felt it was important to have a broader tool that encompassed more than just kind of the individual hackers that are carrying out the activities, as important as that is to deter, but we also wanted to deter those who are paying for it.

John, do you want to add anything to that?

MR. SMITH:  Sure, I agree with what you said, Michael.  And I would just emphasize, as I think we’ve said, that this executive order is not targeted at any one country or region.  As Michael noted, this is activity that we see coming from regions and countries and jurisdictions around the world.  And we're focused on the activity and the threats that the activity poses to the U.S. and the U.S. financial system.

I can't talk about any evidence that we have or any targets that we may go after; that's something that we work very cooperatively with our interagency partners, including the Justice Department, on where we may go next.  I can say that we will work aggressively to make sure that the U.S. government and our whole-of-government approach is able to go after the cyber threats that we face.

Q    Hey, guys, thanks for doing the call.  Tell me, how do these sanctions that were outlined here, how is it different from the sanctions that the President went ahead and ordered on the North Korean individuals and North Korean intelligence agency after the Sony attack?  And would the Sony attack have qualified for these types -- in other words, would that attack meet the conditions that you're outlining here at justifying these sanctions?

MR. DANIEL:  So I think in broad terms -- again, I’ll let Treasury follow up and comment on the specific details.  In my view, what sets this executive order apart is that it is focused on malicious cyber activity.  And it’s the first of its kind in this space where we don't have to rely on a sanctions regime that is, in fact, targeted at a particular country or group of actors within a country, but is more broad-brushed than that.

At the same time, it’s narrow in the sense that it’s not just any malicious activity; it’s specific activity that is of a significant level to affect the national security or the economic health of the United States, and that it is associated with one of those four really important harms that I was talking about. 

It’s very difficult to speculate whether or not we would have used this tool with respect to Sony.  I can say that obviously we will now -- this will become one of the tools that we will have in our toolbox.  And going forward, if we face similar incidents like that, it will certainly be something that we will consider, and we will consider whether we have the evidence in a form that we are willing to disclose publicly, that we would be willing consider using this tool.

John, do you want to add something from Treasury’s perspective?

MR. SMITH:  Sure.  I think I agree once again, Michael, with much of what you’ve said in terms of how does a Sony attack differ and what would our response be.  I look at sanctions programs as coming in two broad types, and we have sanctions programs that focus on jurisdictions like North Korea, Iran, other jurisdictions that are really in the news and that we have particular criteria that relate to those jurisdictions.  And then we have some sanctions, executive orders that allow us to target activity wherever the attack activity that threatens the U.S. interests may occur, may arise from. 

And this joins the ranks of our counterterrorism authorities, our narcotics authorities, our transnational and criminal organization authorities that allow us to go after activity and the threat that that activity poses to the United States wherever it may come up.  So it wouldn’t matter to me whether the next threats come from North Korea or anywhere else, if this gives us the tool in our toolbox to go after that activity.  Whether or not that attack would qualify under this executive order isn’t something that we’ve calculated.  What I’m looking from the future is what can we do under this executive order, and that’s what our focus will be.

Q    Can you be more specific about how you define “malicious”?  What would the tipping point be to trigger something like this?  And also, do you have a sense of when you expect to name individuals or groups in this first round of sanctions, if that’s already on your radar?

MR. DANIEL:  So, I’ll let John handle the first part of that question.  The second half -- no, we don’t have a particular timeline.  We wanted this authority in place to deal with any emergent threat.  Obviously, we have a robust -- very robust interagency process to identify particular targets that we would consider.  And we are going through that process, and we will see what comes out of it.  But we certainly don’t have any particular timeline on that at this point.

MR. SMITH:  And I’ll just add from the Treasury perspective.  If you look at malicious cyber-enabled activities and kind of the title and the preamble to the executive order, how we define or characterize what “malicious” would be is really with respect to the harms that you see in sections 1(a)i and then A through D of the executive order, when the executive order has harming or compromising the provision of services by a computer or network of computers that support a critical infrastructure sector, or significantly compromising the provision of services by entities in that sector.  Those would be what we would consider to be -- those are examples of some of what we would consider to be the malicious cyber-enabled activities.

Q    I just want to follow up on Peter Baker’s question if I can, and see if I can get a little more specificity, understanding you don't want to look back.  But is there something about this executive order that would open up a new tool box in a case like Sony?  Or is it really more about location as opposed to the types of sanctions, in that case?  I'm just, for our own edification, trying to figure out would this have changed the game there and going forward, or no because of it being North Korea.

MR. DANIEL:  So I think in my mind, the way that I look at this would be what we are trying to do is enable us to have a new way of both deterring and imposing costs on malicious cyber actors wherever they may be, and across a range of threats that we face, both to our critical infrastructure and to our intellectual property and personally identifiable information. 

And in that realm, we wanted to separate out location from that, because obviously cyber incidents tend to flow very easily across international boundaries, and so trying to tie that to particular locations just didn’t make sense sort of in the cyber area.  So we had to look at the kinds of regimes, like John alluded to, of CT and narcotics and transnational crime where what you're focused on is the activity and the harm involved.

Certainly, our experience of looking at how to craft the proportional response that the President called for in response to the attack on Sony Pictures Entertainment, certainly that process informed us as we are finishing up this executive order and highlighted the need for us to have this capability and to have this tool.  But I think that's really how I would frame up an answer to your question.

MR. SMITH:  And this is John, and I'd just add in that we should emphasize that what we did with each one of the executive orders -- the North Korea authority versus the authority here -- the North Korea authority gave us the authority to designate officials of the government of North Korea, officials of the Workers’ Party, and those that materially assist or support the government or those officials. 

And so we took the actions that we did in the beginning of January as a response to certain provocative activities in North Korea, including the Sony Pictures attack.  But it wasn’t directly a response in the executive order criteria to cyber-enabled activities -- malicious cyber-enabled activities of the government.

This allows us to have an executive order that actually focuses directly on the activities of concern, whether they arise in North Korea or another jurisdiction.  And we can directly target those malicious cyber-enabled activities that are of concern, rather than targeting as a response to an attack -- officials of the government or other persons who meet our criteria.

Q    Hi, thanks so much for taking my call.  The order talks about interruption of computers and networks not just within the 16 critical sectors of infrastructure, but also organizations that support those sectors.  If you look at the sectors, they're fairly wide-ranging.  They include information technology; they include the financial services sector.  I guess my question is, it seems that, in fact, any sector of the economy affected by a foreign attack would be potential fodder for a sanctions.  Is that a correct reading of the order?

MR. SMITH:  I think that in the short term, if it is something -- to answer your question, if it was an attack that actually rose to the level, or a disruption of service that rose to the level of posing a significant threat, or materially contributing to a threat to the national security, foreign policy, or the economic health or financial stability of the United States -- which is quite a mouthful to keep repeating -- but if it meets one of those tests, then we wanted to be sure that we could actually use this tool against it. 

So, yes, if you were affecting a network of some entity in the -- some group of entities probably in the United States that rose to that level -- that it was actually posing a threat, for example, to our overall economic health -- then I think most people would say, yes, that’s the kind of thing you would want the U.S. government to be combatting.  And this is one way that we could do that.

But obviously we would have to be able to make the case that, in fact, that group of entities that were being affected by that disruption met that significance test.

Q    Hi, thanks very much.  Two questions.  One is, attribution can be very hard.  So what level of evidence would you need?  Is it reasonable cause or (inaudible) standards?  And separately, (inaudible) I’m still a little bit lost about what does this new executive order allow you to do that you couldn’t already do in that --

MR. DANIEL:  John, do you want to take the first part of that?

MR. SMITH:  Sure, I can start off.  The standard of evidence is reasonable basis to believe or reasonable cause to believe.  It’s the basic standard of evidence that administrative agencies across the government use under the Administrative Procedure Act, under which we operate.  And so that’s the standard of evidence that we use.  When we do a designation or target someone under the authority we always do it publicly, we identify it publicly.  And we put out a fact sheet or press release, outlining the unclassified aspects of the case so that the international community and the U.S. financial system know the reasons that we’re taking the action.

In terms of what this authorizes us to do that we could not do before is, before we had country-specific executive orders that allowed us to designate.  For example, with respect to North Korea, we had the authority under the executive order to designate officials -- if we chose -- to designate officials of the government, officials of the Workers’ Party.  We did not have the authority to designate based on the activities of threatening the U.S. through their malicious cyber-enabled activities.  Now we have that authority based on the malicious cyber-enabled activities that they do that we can target directly those activities and not indirectly officials of a government where we may have a sanctions program.  So this allows us to go much broader beyond those countries, beyond those areas where we have sanctions programs, and this allows us to target the activity itself wherever it arises.

Q    So a couple questions.  I’m just wondering, are there any past examples, recent examples in the last few years in which you think this authority would have been used, that you would have looked to this authority?  For example, maybe the (inaudible) attacks against the banks.  And then I’m also wondering, what would the sanctions actually look like?  What kind of punishment would anybody who is designated under these sanctions actually face?

MR. DANIELS:  I think that sort of speculating how we would have used this tool in the past is very difficult because the circumstances are going to vary, and we didn’t have the benefit of having this tool when we went through the policy discussions.  Certainly, I can say that the class of activities that are, again, something that has the potential to cause widespread disruption to our financial sector, obviously something that would meet the significance test for the financial stability of the United States if we felt that we could make the case, as John just laid out -- in the way that he laid out, that we would consider using this tool.

And also, keep in mind that some of our view here is that we want to have this tool available as a deterrent and through those that would consider carrying out some of these activities. So it's not just actually composing the sanctions where we hope to have the effect.  So I think that certainly it's both targeted, in the sense it has to be very significant and meet those four harms, but it's also very broad in that those harms cut across a wide swath of activity. 

John, do you want to follow up on that?

MR. SMITH:  Sure.  I agree again with what you said, Michael.  I would say that, from our view, the past informs the present.  And in terms of the examples that we’ve seen in the past helps us shape the executive order to make sure that we have the maximum flexibility of targeting so that we can go after the targets that are really of concern, while also demonstrating that those targets have engaged in the significant level of threat and activity to fall within the scope of the executive order. 

In terms of what the punishment is, as you -- I think the word you used, what would the sanctions look like.  What happens as a result of our sanctions authority is we freeze the assets -- anyone subject to U.S. jurisdiction would have their assets frozen.  Also, it prevents U.S. persons from engaging in any transactions with those named under our executive order.  So it basically freezes in place now any assets, and it also prevents future activity, future transactions; any further assets coming through the country would be frozen.  And it also has a visa ban restriction that the State Department administers.

Q    I know you said you don’t want to target innocent victims.  I just want to get into the question of, is there any due process involved if somebody feels they are wrongly targeted, wrongly sanctioned?  Is there any judicial review, is there any process to appeal this?

MR. SMITH:  The answer is, yes, there is due process involved.  Anyone who is sanctioned under this authority has the ability to challenge their designation with OFAC.  They can bring an administrative petition with us, or they can go -- at the same time, choose not to come to the agency and they can file suit in any federal district court in the country.

Q    You said that part of the problem in cybersecurity is going after people who are in fairly obscure jurisdictions around the world where you don't have legal authority.  How many of the people do you think that are engaged in cyber-attacks actually have assets in the U.S. or in places where you can get them?  And how much money do you think there is in terms of assets held by cyber-attackers in the United States?

MR. DANIEL:  So that's a good question.  I think that that's a very difficult one to answer with any degree of specificity.  But obviously, given the scope and breadth of the U.S. financial system and the fact that many, many actors try to convert their malicious -- what they steal through cyberspace and to launder it into open money, it means that a lot of that does wash through the U.S. financial system.  And so I think that we do believe that there is an opportunity to impact those entities financially.  It's I think very difficult to sort of get the scope and scale of it.

The other thing I would say is that we would also hope that some of our allies and aligned countries would consider joining us in creating these kinds of regimes so that it would not just be the United States that would be able to impose these sanctions but other countries as well.  And if we started building a coalition of those kinds of authorities you could really start to have a financial impact.

MR. SMITH:  And I would add that the prevalence of the U.S. dollar in the international financial system means that many transactions come through the United States that, frankly, people did not intend.  If you engage in a transaction in third countries, often the transaction may be -- the contract may be specified in U.S. dollars and may send transactions from their banks in countries that are far away from U.S. borders and they come through the U.S. financial system to be dollarized.  So more often than you would expect, actors in third countries that attempt to engage in international transactions have their monies frozen when they run afoul of U.S. sanctions, even if they never knew that they had a U.S. footprint in their transactions before.

I'd also mention that the effect of the sanctions is a prohibition on dealings with U.S. persons.  That means U.S. technology; that means U.S. goods.  And when we're talking about the Internet and the use of the Internet and technologies around the world, many of these actors may try to rely on the sophistication of the U.S. technology sector, and this will also hinder them in that area as well.

The final piece that I would add, adding to Michael’s point about hoping that other countries may join with us in a coalition -- we also don't have to wait for that to occur, because what we find with our sanctions authorities is that foreign financial institutions voluntarily comply with our sanctions list.  They, frankly, do not want to deal with terrorists, narco-traffickers, transnational criminal organizations, or, after today, malicious cyber actors that we may put on our list.  Foreign financial institutions voluntarily choose to comply, often close those accounts, and frequently freeze the assets as well.

We have much more cooperation offshore than many may expect.  And that's been the strength of the U.S. sanctions authorities over recent years. 

Q    Can you speak a little bit about -- you're obviously going to have to have some pretty precise attribution to sanctioned individuals or entities who are responsible for this. So can you talk a little bit about how you think attribution has improved or why you think it's at the level that you can now use a precise tool like this?  And related, are you concerned that you're going to have a lot of companies now coming to the administration and asking you to sanction people who are stealing their intellectual property, since we know that that is really a quite widespread problem, that a lot of companies are targeted?

MR. DANIEL:  So I think that certainly our ability to do attribution has improved.  You rightly note that it continues to be a challenge, and it was one that we will have to weigh very carefully when we consider designating a target about do we have the level of attribution that we are confident in and that meets the test that John laid out, and that we would be willing to provide that evidence openly. 

I feel that the investments that we have made in our capabilities over the last few years make that a more tenable prospect, but certainly one that is not a foregone conclusion; that we will always be able to use this tool in every instance because of that.  But I do believe that we are getting better at that, and that is something that we are continuing to pursue, honing our skills and improving our ability to do that kind of attribution. 

I think that, in broad terms, whether we would expect a whole flood of requests, I don’t think so.  But to the extent that it does encourage companies to come forward and work more closely with U.S. law enforcement and give us a better picture of how truly widespread that is -- as you note, we do believe, based on the evidence that we have, that it is incredibly widespread and we want to encourage companies to work with us in a way that we can try to use all the tools that we have available to us, not just this one, but all the tools that we have to go after those that are stealing our intellectual property.  So I would hope that the addition of this tool shows the commitment of the administration to protecting U.S. intellectual property and support our efforts in that regard.  And that it does encourage more companies to come forward.

But I should be clear that this tool is not meant to protect any one individual U.S. company.  It is designed to -- where we have widespread theft of our intellection property on a scale that actually affects the economic health of the United States as a whole.  There are other tools that we have to go after -- through law enforcement and other things -- to go after those that are related to just individual companies.  But certainly to the extent that we see a pattern emerge of an actor that is stealing intellectual property left and right from numbers or scores of U.S. companies and that is certainly something that we would consider.

MR. SMITH:  I’ll just echo what Michael said.  In terms of the -- on the second point on having companies come to us and do we have any concern with that, and the answer is absolutely not.  Again, echoing what he said, I think the more information about trade secret theft, the better off we are -- not only is the Treasury Department, the Justice Department, and all agencies of the U.S. government.  So we would welcome the input from the private sector and others that may have relevant information on trade secret theft that would be covered by the executive order.

Q    I know you guys are looking forward in terms of future cases for these new sanctions authorities, but I was wondering if they could be applied to many of the open cases in which suspects have been named in unsealed indictments or through other methods, but the suspects are residing in countries like Russia or elsewhere, where it’s difficult to extradite them or bring them to the U.S. through other means.  Could you be looking at some of these open cases where there are still suspects who were out there who haven’t been caught or arrested yet?

MR. SMITH:  So what I would say from -- this is John from the Treasury Department.  I would say that certainly we’ll look at all of the relevant information that we receive, and we will aggressively work with our interagency colleagues to make sure that we target those that deserve to be targeted under this executive order. 

So we’re going to look at all of the information that we have, all of the information that we receive, to determine what the target sets should be.  And this is a widespread cooperative effort that we’ll engage in to make sure that we go after those that are engaging in the significant types of threats and activities that this executive order is intended to cover. 

Q    Actually, she just asked the question that I was going to ask.  This is a point that I wanted to sort of combine two questions.  One is, going after cases where we have suspects in Russia.  Currently, when you can’t reach those, you often wait until they go on vacation in Thailand or some other place where you can nab them.  And so I'm wondering if this is sort of another tool to go after those that you can’t get in those -- or that you’ve waited in the past.

But I wanted to talk to the attribution questions that came from NPR.  We had questions with the North Korea hack where the government did come out with some level of evidence that it had toward attribution.  And I'm wondering what will be the threshold for what’s publicly disclosed in terms of attributions to back a case, to make a case.  You keep on talking about how you will make a case and whether you will have evidence for a case.  But I'm wondering to what degree will that be publicly available for someone to either bring a case to dispute or for others to judge it on the merit.

MR. SMITH:  I think the answer to the first question that you asked is I think this authority is intended to complement our existing authorities.  We intend to work with other law enforcement and other agencies within the U.S. government to make the most of this authority.  And so I think we will make a decision within the U.S. government as to how to best target any particular actor that we may be concerned about falling in with the scope of this executive order. 

It may be to simply pursue the Justice Department criminal remedies that can be very powerful.  It may also be for us to engage, because the sanctions tool would be seen to be a better fit and we may decide to wait until the moment is right.  And you gave an example of when the moment could be right for certain actions.  There are many, many moments in an investigation when it may be right for us to take action, when it may be the most beneficial, the most advantageous to our cases, and we will work those with the interagency to make sure that we strike when we should, when it's the most opportune moment.

In terms of what’s publicly disclosed, with each and every designation action that we take under every one of our sanctions authorities, what we do is, to the extent that we’re relying on classified information, we go through a rigorous process before that time to see -- before the designation is announced to see what we can declassify or what we can announce at the time so that with each and every designation we have some declassified information that can be included to explain the basis for our designation. 

Sometimes we have more, sometimes it's more highly classified and there may be less that we can share publicly.  But we do endeavor with each and every designation to go out with a public press release that outlines the reason we’re taking the action.

Q    Hi there.  Thank you very much.  My question is pretty simple.  Would the enactment of CISA, if that happens, assist you guys in identifying parties that could be targeted with sanctions?  And related, have there been any conversation with lawmakers about this framework?

MR. DANIEL:  So certainly from my perspective, the enacting information-sharing legislation would, obviously to the extent that it increases the information flow between the government and the private sector, would certainly enable us to do a better job of amassing evidence, in identifying targets, and basically building the cases that we would need to use this tool.  So, yes, it would certainly work in concert.

And, yes, we did do consultations with the Hill, as we do with all executive orders, as we were getting ready to roll this out.  So there were definitely consultations with the appropriate congressional staff.

MODERATOR:  Thank you very much.  That will conclude this morning’s call.  I would like to thank very much Special Assistant to the President and Cybersecurity Coordinator Michael Daniel, and Department of Treasury Acting Director for the Office of Foreign Assets Control John Smith.

As a reminder, this call was on the record, and you can quote the two officials I just cited by name.  And since the call is now over, the embargo is now lifted. 

Thanks very much, everyone, for your attention and participation. 

END  10:47 A.M. EDT

https://www.whitehouse.gov/the-press-office/2015/04/01/record-press-call-president-s-executive-order-blocking-property-certain-