Yesterday the President signed
a new executive order (number to be published) that amends the existing EO
13694, Blocking the Property of Certain Persons Engaging in Significant
Malicious Cyber-Enabled Activities, that was originally
published in April, 2015. This action was taken in response to actions
taken by Russian intelligence agencies during the 2016 presidential election
cycle.
Amended EO 13694
The amendment of the so called cyber response executive
order does three things. It adds an annex {Annex A} to the Executive Order
providing a list of specific people to whom the sanctions provided for in the
order will apply. Second, it provides a new ‘offense’ for which sanction
activities may be applied in the future {1(a)(ii)(E)}. Finally, it provides the
Secretary of the Treasury with the authority to remove names from Annex A when “circumstances
no longer warrant the blocking of the property and interests in property of a
person listed in the Annex to this order” {new Section 10}.
The new annex includes four ranking members of the Russian
Main Intelligence Department [GRU], the GRU and the Russian Federal Security
Service, as well as two affiliated civilian organizations. Coincidentally, the
Treasury Department also named two Russian individuals to the Specially
Designated Nationals List (SDN) (the same list to which the persons and
organizations in the Annex were added, see pages 356 thru 360 for all of the
additions made yesterday) for cybersecurity fraud related issues not related to
the election.
The new offense was added as paragraph 1(a)(ii)(E):
Tampering with, altering, or
causing a misappropriation of information with the purpose or effect of
interfering with or undermining election processes or institutions;
Other Russian Sanctions
The White House also
announced two other sets of sanctions against the Russian Government
yesterday. First it is expelling 35 Russian diplomats (intelligence officers),
giving them and their families 72 hours to leave the country. It is also
denying remaining Russian diplomatic personnel access to two Russian owned
properties in Maryland and New York.
Officially this action is not related to the reported
Russian ‘interference’ in the 2016 election, but it is rather being taken
because over the last two years “harassment of our diplomatic personnel in
Russia by security personnel and police has increased significantly and gone
far beyond international diplomatic norms of behavior”.
Russian reaction to these ‘other sanctions’ is already being
reported. CNN reports
that the Russians have “ordered the closure of the Anglo-American School of
Moscow” (school for the children of English speaking diplomats) and closed “access
to the US embassy vacation house in Serebryany Bor, near Moscow”.
Joint Analysis Report
Also yesterday the FBI and US-CERT issued a joint analysis
report (JAR-16-20296A)
on the election security compromises, code named GRIZZLY STEPPE. This report is
supposed to provide the technical support for the claim of Russian intelligence
involvement in the hacks of the email systems of the Clinton Campaign and the
Democratic National Committee.
While it does not provide any direct evidence of Russian
involvement (that information almost certainly remains classified), the report
does provide the indicators of compromise that are associated with those hacks.
Those indicators include the YARA signature (in the report) and CSV
and STIX
format files of the indicators available on the GRIZZLY
STEPPE web page.
The bulk of the JAR is a listing of mitigation measures that
individuals and organizations can take to prevent similar attacks in the
future. Unfortunately, there is nothing new here. All of the mitigation
techniques should have been well known by the IT people responsible for the
systems involved.
Commentary
The other sanctions being directed at diplomats here in the
United States is a fairly common game played in the diplomatic community. The
people being expelled are known intelligence personnel, almost certainly
responsible for classic spying type operations here in the United States. Their
expulsion will have some delaying effects on those spying efforts, but no
effects of any long-term consequence. The US personnel that will be expelled
from Moscow in retaliation will be responsible for similar efforts against the
Russians.
It is very likely that the expulsions have nothing to do
specifically with the election fiasco. Announcing them on the same day as the
EO 13694 actions allows the press to conflate the two-separate sanctions,
making the EO 13694 sanctions seem more effective. The freezing of assets under
EO 13694 may have some effect on the individuals and organizations listed, but
only if they have clearly identified assets in the United States. Even that
effect will be minimized, if/when the individuals are ultimately removed from
the Annex A list.
Congressional leaders on both sides of the fence are saying
essentially; about time, but too little too late. I’m not sure what the
politicians want (other than blood?). I guess the CIA and NSA could hack the
political emails of Putin cronies and leak them to the Russian press. I don’t suspect,
however, that they would get the same play in Russia as we saw in the US press
during the election.
That is the big point that is being lost here. There is
nothing really new here in the hacks of the political emails; that is
espionage, pure and simple. Intelligence agencies sharing that information with
the press is unusual, but not unprecedented. Of course, if it had been ‘Deep
Throat’ sharing the emails it would not have caused nearly the stir.
What was unprecedented was the huge amount of play that the
American press gave the leaked emails, even when it was patently clear that it
was a foreign intelligence agency responsible for the leak. If the press had
not spent so much time talking about the petty squabbles and indiscretions of
the party and campaign officials (and there was nothing new there in the level
of squabbles or seriousness of indiscretions) then this whole thing would have
been a non-issue that these sanctions would have been more than appropriate to
deal with.
Unfortunately, we have not heard the last of this.