This, apparently, is not an April Fool’s joke. This morning, President Obama signed an executive order [pdf] allowing the White House to issue sanctions on those “engaging in significant malicious cyber-enabled activities.” I’m sure the Chinese state hackers behind the Github DDoS are shaking in their boots.
To make this work, the President officially declared foreign hacking to be a “national emergency” (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won’t be abused at all.
Look, everyone agrees that there’s a lot of online hacking and computer attacks going on. So much of what we do in the world has moved online, so of course that’s going to be a target. But giving a general “ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!” executive order seems incredibly pointless and counterproductive. It seems like yet another example of politicians feeling the need to do something because there’s a problem — but not having any good ideas on what to actually do that will help solve the problem. So they just do something to say they did something, never mind how toothless it is — or (more importantly) how the broad and vague definitions set forth in the “something” they do can (and will) be used in the future against perfectly reasonable actions and actors.
It’s stories like these that make actual computer security folks shake their heads in confusion at politicians. You don’t solve cybersecurity issues with vague executive orders. You do it with better security practices (and not undermining those practices with backdoors and stockpiling zero days).