December 30, 2016
On December 29, 2016, in response to Russia’s alleged efforts to influence the 2016 U.S. Presidential election through cyber operations, President Obama issued an Executive Order "Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities." Through this Executive Order ("E.O."), the Obama administration imposed sanctions on Russia’s two leading intelligence services – the GRU and the FSB – as well as four top officers of the GRU and three companies that provided materials support to GRU’s cyber operations. These individuals and entities have been added to the Department of the Treasury’s Office of Foreign Assets Control’s ("OFAC’s") Specially Designated Nationals and Blocked Persons ("SDN") List along with two additional affiliated individuals not directly identified in the E.O. These new sanctions block the assets of these organizations and individuals that are in the United States and prohibit U.S. persons (including banks) from transacting with them.
The new E.O. amends preexisting E.O. 13694, "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities." E.O. 13694, which was promulgated on April 1, 2015, was a previously unused Order that authorized the imposition of sanctions on individuals or entities determined to be responsible for or complicit in malicious cyber-enabled activities that cause enumerated harms that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. That E.O., which emerged following the North Korea hacks against Sony and others had been publicly threatened against cyber attackers but never used due to concerns both about the ability to publicize the case against any accused attackers (given the sensitivity of the information) and worries about retaliation.
The authority under E.O. 13694 has been amended to also allow for the imposition of sanctions on individuals or entities determined to be responsible for tampering, altering, or causing the misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions. Before this amendment, it was unclear whether E.O. 13694 would encompass interference with elections.
In conjunction with these new sanctions, President Obama also announced that the State Department would be shutting down two Russian compounds in the United States and declaring 35 Russian intelligence operatives as "persona non grata." The Department of Homeland Security and the Federal Bureau of Investigation also released a report with declassified technical information on Russian civilian and military intelligence cyber activities.
The goal of sanctions is usually two-fold – (1) well-designed and robustly implemented sanctions deter others from engaging in the sanctionable conduct, while (2) also encouraging sanctioned parties to reform their behavior. While President Obama and senior administration officials indicated that these were the goals of this round of sanctions, it is not clear how effective they will be. The primary manner in which sanctions such as these operate is via restricting the ability of sanctioned individuals and entities to use the international financial system. Entities on the OFAC SDN List are essentially off limits to all U.S. institutions, and many other institutions globally choose to follow OFAC regulations. In most cases institutions such as banks, corporations and individuals are harmed by being sanctioned due to their need to access the system. Such harm can be seen with respect to other recent Russian targets of U.S. sanctions – including banks, high-net-worth individuals (the oligarchs), and others – which were promulgated in response to Russian activities in Ukraine and Syria. However, in this context, the target of sanctions – the Russian intelligence services – is unique and they may not need to rely on the international financial system in order to continue their operations.
Moreover, also limiting any impact is that, at the time of this writing, there has been no movement by the U.K. or the E.U. to reciprocally enforce any similar sanctions on Russia. Without coordination similar to that seen with other sanctions regimes, the hardship on sanctioned individuals and entities may be limited. In the Russia context, European coordination has been a critical force multiplier in imposing prior sanctions.
Going forward, there are a few issues of which to remain aware. First, given both Russian warnings prior to the imposition of these measures and Russia’s history of responding to sanctions, it would be reasonable to expect certain retaliatory actions by Russia against the United States. As a riposte to U.S. sanctions on Russia following Moscow’s Ukrainian actions, Russia imposed travel bans against several senior U.S. policy makers and also prohibited the importation of western agricultural products. The limited nature of these sanctions and their counter-productive outcomes (a primary result of the agricultural ban was to increase the price of food for Russians) demonstrates that countries have comparatively limited sanctions tools at their disposal if they seek to reciprocate. Given this, Russia’s retaliation may be in the cyber realm and consequently unannounced and unseen publicly.
Whatever its type we do expect some retaliation – though at the time of this writing it appears that President Putin has opted to delay any immediate response in favor of potentially waiting out President Obama’s term. While Russian foreign minister Sergey V. Lavrov initially recommended the reciprocal expulsion of 35 U.S. diplomats and closure of two U.S. diplomatic facilities, President Putin announced just hours later that he did not intend to retaliate against the U.S. actions.
Indeed, the second area of note coming from these sanctions is the response of the President-Elect and his likely actions once he assumes office on January 20, 2017. President-Elect Trump has indicated his lack of faith in the intelligence community’s assessments with respect to Russian culpability in any cyber attack regarding the election, alongside his desire to improve relations between Washington and Moscow. As a practical matter, because these new sanctions were implemented via Executive Order, President Trump can unwind them unilaterally and relatively quickly with limited administrative burden.
As such, any talk about the Obama Administration’s "boxing in" President Trump’s desire to weaken sanctions measures could be overstated. As we have noted in a prior client alert concerning sanctions under the Trump Administration, all of the sanctions in place against Russia – for its activities in Ukraine, Syria and now in the cyber arena – have critical executive components and consequently the new executive can choose to remove or defang them if he so chooses. However, it is true that if President Trump wanted to completely reverse President Obama’s course he would face political challenges (given the bipartisan support for responding to Russian aggression) and the reality that even if sanctions were undone, a stigma may linger over the previously-listed entities and individuals still denying them access to international finance. Moreover, this new measure adds further sanctions complexity to the Russian sanction program, which is quickly rivaling the Iranian sanctions program in its diversity. In the Russian case there are now sanctions in place that have black-listed hundreds of entities and individuals; made Crimea off limits to almost all U.S. economic engagement; implemented uniquely complicated non-black-listing measures against most of the largest companies in Russia’s financial, natural resource, and defense industries; sanctioned numerous individuals for human rights violations under the Magnitsky Act; and now have designated core elements of the state’s intelligence apparatus via this new sanctions instrument. The longer this list becomes, the more extreme any push back on the Obama strategy will be, and the more adept any response by President Trump needs to be in order to avoid unintended collateral effects (be they political, diplomatic or economic).
 Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment, Dec. 29, 2016, available at https://www.whitehouse.gov/the-press-office/2016/12/29/statement-president-actions-response-russian-malicious-cyber-activity.
 Joint Analysis Report, GRIZZLY STEPPE – Russian Malicious Cyber Activity, Dec. 29, 2016, available at https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf.
 Vladimir Putin Won’t Expel U.S. Diplomats as Russian Foreign Minister Urged, New York Times, Dec. 30, 2016, available at http://www.nytimes.com/2016/12/30/world/europe/russia-diplomats-us-hacking.html.
 Gibson Dunn, Trade Under Trump: How the New Administration Will Impact U.S. Economic Sanctions and Export Controls, Nov. 18, 2016, available at http://www.gibsondunn.com/publications/Pages/Trade-Under-Trump-How-New-Administration-Will-Impact-US-Economic-Sanctions–Export%20Controls.aspx.
The following Gibson Dunn lawyers assisted in preparing this client alert: Judith Alison Lee, Alexander Southwell, Adam M. Smith, David Wolber and Taylor Spragens.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s International Trade and Privacy, Cybersecurity and Consumer Protection practice groups.
Judith A. Lee – Co-Chair, International Trade Group, Washington, D.C. (+1 202-887-3591, firstname.lastname@example.org)
Ronald Kirk – Co-Chair, International Trade Group, Dallas (+1 214-698-3295, email@example.com)
Jose W. Fernandez – New York (+1 212-351-2376, firstname.lastname@example.org)
Marcellus A. McRae – Los Angeles (+1 213-229-7675, email@example.com)
Daniel P. Chung – Washington, D.C. (+1 202-887-3729, firstname.lastname@example.org)
Adam M. Smith – Washington, D.C. (+1 202-887-3547, email@example.com)
Mehrnoosh Aryanpour – Washington, D.C. (+1 202-955-8619, firstname.lastname@example.org)
David A. Wolber – Washington, D.C. (+1 202-887-3727, email@example.com)
Kamola Kobildjanova – Palo Alto (+1 650-849-5291, firstname.lastname@example.org)
Lindsay M. Paulin – Washington, D.C. (+1 202-887-3701, email@example.com)
Taylor J. Spragens – Washington, D.C. (+1 202-887-3556, firstname.lastname@example.org)
Peter Alexiadis – Brussels (+32 2 554 72 00, email@example.com)
Attila Borsos – Brussels (+32 2 554 72 10, firstname.lastname@example.org)
Patrick Doris – London (+44 (0)207 071 4276, email@example.com)
Penny Madden – London (+44 (0)20 7071 4226, firstname.lastname@example.org)
Benno Schwarz – Munich (+49 89 189 33 110, email@example.com)
Mark Handley – London (+44 (0)207 071 4277, firstname.lastname@example.org)
Alexander H. Southwell – Chair, New York (+1 212-351-3981, email@example.com)
M. Sean Royall – Dallas (+1 214-698-3256, firstname.lastname@example.org)
Debra Wong Yang – Los Angeles (+1 213-229-7472, email@example.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, firstname.lastname@example.org)
Shaalu Mehra – Palo Alto (+1 650-849-5282, email@example.com)
Karl G. Nelson – Dallas (+1 214-698-3203, firstname.lastname@example.org)
Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, email@example.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650–849–5393, firstname.lastname@example.org)
Ryan T. Bergsieker – Denver (+1 303-298-5774, email@example.com)
Richard H. Cunningham – Denver (+1 303-298-5752, firstname.lastname@example.org)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, email@example.com)
James A. Cox – London (+44 207 071 4250, firstname.lastname@example.org)
Andrés Font Galarza – Brussels (+32 2 554 7230, email@example.com)
Bernard Grinspan – Paris (+33 1 56 43 13 00, firstname.lastname@example.org)
Penny Madden – London (+44 (0)20 7071 4226, email@example.com)
Jean-Philippe Robé – Paris (+33 1 56 43 13 00, firstname.lastname@example.org)
Michael Walther – Munich (+49 89 189 33-180, email@example.com)
Nicolas Autet – Paris (+33 1 56 43 13 00, firstname.lastname@example.org)
Eryk L. Dziadykiewicz – Brussels (+32 2 554 72 03, email@example.com)
Alejandro Guerrero Perez – Brussels (+32 2 554 7218, firstname.lastname@example.org)
Kai Gesing – Munich (+49 89 189 33-180, email@example.com)
Sarah Wazen – London (+44 (0)20 7071 4203, firstname.lastname@example.org)
© 2016 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.