WASHINGTON--President Barack Obama on Wednesday moved to create a new program of sanctions against other nations and people outside the U.S. who participate in significant cyberattacks against U.S. citizens, companies or government entities, expanding federal protections in response to growing threats from hackers around the world.

The new powers would allow the Treasury Department to penalize--by freezing assets or locking access to the banking system--any person or institution that engages in large-scale cyberattacks that "significantly" harm or compromise "critical infrastructure" such as nuclear plants, water treatment facilities, or the financial system.

Sanctions also could be imposed in response to cyberattacks that attack economic resources, trade secrets, personal information, or a range of other things.

White House officials describe the sanctions as a new item in the "toolbox" that the government can use to respond to such attacks, though it remains unclear how frequently they would employ the sanctions.

"We intend to use this tool judiciously and in extraordinary circumstances," John Smith, the acting director of Treasury's Office of Foreign Assets Control, told reporters in a conference call. "This authority is not designed to police the Internet or stifle technological innovation."

Rep. Mike McCaul (R., Texas), chairman of the House Committee on Homeland Security, said he was "pleased" with the move but said it represented a series of half steps by the White House to address cyberattacks.

"While this action to impose sanctions on hackers is an important step, unfortunately it further illustrates the administration's piecemeal approach to confronting these growing cyber threats," he said.

The White House's description of the sanctions program suggests it could apply to virtually any major breach by overseas hackers, as they often target personal information, trade secrets, or other data.

It could also lead to lobbying by U.S. firms to sanction people they believe have hacked their networks, though it is unclear how the U.S. government might respond to such requests.

In December, the Treasury Department announced sanctions against several North Koreans the department alleged were tied to a large-scale cyberattack against Sony Pictures Entertainment.

White House officials said the new sanction rules would make it easier to impose these penalties and create a separate regime specifically designed to deter hackers.

The executive order would supplement legislation set for debate in Congress later this month that would encourage companies and the federal government to share more information about cyberthreats with each other, following large-scale breaches at numerous large companies, including Target, Home Depot, Sony Pictures Entertainment, as well as J.P. Morgan Chase & Co. and a host of other firms.

One of the many complaints from companies is that some cyberattacks are believed to be connected to foreign governments, particularly North Korea and China, and it is unclear what deterrents the U.S. government has in place to prevent foreign countries from engaging in these attacks.

The White House could try and use its new sanctions powers as a way of addressing this.

"I intend to employ the authorities of my office and this administration, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors," Mr. Obama said in a statement accompanying the executive order.

The executive order also allows the Treasury Department to impose sanctions on anyone who "knowingly" receives or uses information that has been stolen through a cyberattack, or provides any assistance in an attempted attack.

A key question in the new sanctions order is how the Treasury Department will decide whether a breach is "significant."

The word "significant" or "significantly" appears in the four-page executive order seven times, and it is used as a barometer to measure whether a cyberattack merits a sanctions response. But the White House, so far, hasn't defined what sort of attack would meet that threshold, possibly giving the Treasury Department flexibility in how the new powers are used.

Write to Damian Paletta at damian.paletta@wsj.com

Access Investor Kit for The Home Depot, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US4370761029

Access Investor Kit for JPMorgan Chase & Co.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US46625H1005

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more JP Morgan Chase Charts.
JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more JP Morgan Chase Charts.