By Damian Paletta 

WASHINGTON--President Barack Obama on Wednesday moved to create a new program of sanctions against other nations and people outside the U.S. who participate in significant cyberattacks against U.S. citizens, companies or government entities, expanding federal protections in response to growing threats from hackers around the world.

The new powers would allow the Treasury Department to penalize--by freezing assets or locking access to the banking system--any person or institution that engages in large-scale cyberattacks that "significantly" harm or compromise "critical infrastructure" such as nuclear plants, water treatment facilities, or the financial system. Sanctions could also be imposed in response to cyberattacks that attack economic resources, trade secrets, personal information, or a range of other things.

The White House's description of the sanctions program suggests it could apply to virtually any breach by overseas hackers, as they often target personal information, trade secrets, or other data.

The executive order would supplement legislation set for debate in Congress later this month that would encourage companies and the federal government to share more information about cyberthreats with each other, following large-scale breaches at numerous large companies, including Target, Home Depot, Sony Pictures Entertainment, as well as J.P. Morgan Chase & Co. and a host of other firms.

One of the many complaints from companies is that some cyberattacks are believed to be connected to foreign governments, particularly North Korea and China, and it is unclear what deterrents the U.S. government has in place to prevent foreign countries from engaging in these attacks. The White House could try and use its new sanctions powers as a way of addressing this.

"I intend to employ the authorities of my office and this administration, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors," Mr. Obama said in a statement accompanying the executive order.

The executive order also allows the Treasury Department to impose sanctions on anyone who "knowingly" receives or uses information that has been stolen through a cyberattack, or provides any assistance in an attempted attack.

A key question in the new sanctions order is how the Treasury Department will decide whether a breach is "significant." The word "significant" or "significantly" appears in the four-page executive order seven times, and it is used as a barometer to measure whether a cyberattack merits a sanctions response. But the White House, so far, hasn't defined what sort of attack would meet that threshold, possibly giving the Treasury Department flexibility in how the new powers are used.

Write to Damian Paletta at damian.paletta@wsj.com

Access Investor Kit for The Home Depot, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US4370761029

Access Investor Kit for JPMorgan Chase & Co.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US46625H1005

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more JP Morgan Chase Charts.
JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more JP Morgan Chase Charts.