April 23, 2020 | Press Release

New FDD Analysis and Infographic Show Inconsistent Use of U.S. Sanctions and Indictments to Combat Malicious Cyber Activity

A new analysis and interactive infographic illustrate the frequency and distribution of U.S. sanctions and indictments revealing inconsistencies in their application against Chinese, Russian, North Korean, and Iranian cyber actors.
April 23, 2020 | Press Release

New FDD Analysis and Infographic Show Inconsistent Use of U.S. Sanctions and Indictments to Combat Malicious Cyber Activity

A new analysis and interactive infographic illustrate the frequency and distribution of U.S. sanctions and indictments revealing inconsistencies in their application against Chinese, Russian, North Korean, and Iranian cyber actors.

Washington, D.C., April 23, 2020 – Since 2013, the United States has issued cyber-related sanctions and indictments against more than 190 individuals and entities to combat malicious cyber activity originating in China, Russia, North Korea, and Iran, according to a new infographic released today by the D.C.-based Foundation for Defense of Democracies (FDD). However, “the dataset illustrates that while sanctions and indictments have increased during the Trump administration, there is considerable room for improvement in addressing Chinese cyber operations,” says authors Trevor Logan and Pavak Patel. “An enforcement regime applied consistently to all foreign actors would signal to adversaries what the United States considers acceptable behavior in cyberspace. Without a clear deterrent from the United States, foreign hackers likely will continue to feel emboldened as they attack the United States while enjoying safe harbor in their home countries,” they conclude.

Among the authors’ observations are:

  • “By the numbers, Washington has sanctioned the majority of Iranian, North Korean, and Russian individuals and entities indicted for cyber-related crimes. In contrast, the Treasury Department has used sanctions against only two Chinese actors, who allegedly engaged in money laundering for the Lazarus Group. In short, while the Justice Department has accused 38 Chinese individuals and entities of conducting cyber-enabled economic and political espionage against the U.S. government and private companies, 36 of these operatives have escaped financial sanctions.”
  • There appear to be discrepancies in the frequency with which the United States uses these tools against actors from different foreign countries. The six sanctions and indictments levied against actors from the DPRK pale in comparison to the 30 such actions targeting actors from Iran. This may reflect a matter of policy, or it may reflect the fact that there are fewer North Korean individuals to target. In contrast, Iranian operativestend to be semi-professional actors who may not have allegiance to one particular group.
  • While it is difficult to ascertain the exact cause for numerical differences between the sanctions and indictments levied against various actors, the numbers do point to greater room for collaboration between Treasury and the Justice Department.
  • Indeed, while the Justice Department has accused 38 Chinese individuals and entities of conducting cyber-enabled economic and political espionage against the U.S. government and private companies, 36 of these operatives have escaped financial sanctions.
  • The discrepancy may indicate that the United States is reluctant to issue sanctions against malicious Chinese actors due to the fear of escalation or economic retaliation against American companies. In contrast, the relative weakness of the Iranian, North Korean, and Russian economies means that Washington can act more freely without fear of blowback.
  • By constraining access to financial resources and changing the aggressor’s cost/benefit dynamics, sanctions likely would help establish a stronger deterrence posture…The recently published Cyberspace Solarium Commission report acknowledges that a layered deterrence strategy “will not eliminate state-sponsored cyber operations or cybercrime, but consistently enforced consequences and rewards can begin to erode the incentives for bad behavior.”

The interactive infographics illustrate the frequency with which the U.S. government deploys sanctions and indictments to combat malicious cyber activity conducted for the benefit or at the behest of China, Russia, Iran, or North Korea. This dataset can help analysts understand how the United States employs these tools and why it does so against certain cyber threat actors but not others, looking at why both sanctions and indictments are used against some targets but not others; what differences there are in usage related to the type of cyber operation, the evidence available, the nature of the U.S. relationship with the relevant nation-state, or some other consideration.

To date, it appears that the United States has used Treasury’s financial sanctions authorities and Department of Justice indictments in different ways for different threat actors. For example, while North Korean hackers are often considered more prolific and capable than their Iranian counterparts, the number of sanctions and indictments against actors from the DPRK is far less than the number of actors from Iran that the U.S. has targeted. Additionally, in the case of Chinese-backed cyber operations, Washington appears to have chosen to rely nearly exclusively on criminal indictments rather than pairing indictments with financial sanctions as the Trump administration has done particularly in the case of Russian operations.

FDD’s Center on Cyber and Technology Innovation created these visualizations and is making the underlying data publicly available so that others can build on this effort by pairing these data and graphics with additional tools and information.

The infographic represents the combined research expertise of FDD’s Center for Cyber and Technology Innovation and Center on Economic and Financial Power.

About FDD

The Foundation for Defense of Democracies (FDD) is a Washington, DC-based non-partisan policy institute focusing on foreign policy and national security. Visit our website at www.fdd.org and connect with us on Twitter, Facebook, and YouTube.

Issues:

China Cyber Cyber-Enabled Economic Warfare Iran Iran Global Threat Network North Korea Russia Sanctions and Illicit Finance