Cyber sanctions

Cyber sanctions can be considered as an extension of the economic sanctions’ regimes. Thus, although the use of cyber sanctions and its introduction in the international relations is relatively new, the historical background of the sanctions goes deeper in the historical trajectory. First economic sanctions were used during the times of Ancient Greece, which is known as the Megarian Decree issued by the Athenian for the undesired trade behaviors of the Megarians. Later on, the economic sanctions between these two city-states because of the Megarian Decree led to the Peloponnesian War, which was fought between the Athenians and Spartans.{{Cite book|last=McDonald|first=J.|title=Supplementing Thucydides' Account of the Megarian Decree.|year=1994}} Historical records show that economic power is important for the military power, and, thus, the influence of economic sanctions in world politics increased dramatically with the technological improvements since the industrial revolution that started in the 18th century. Especially with the dissolution of the Union of Soviet Socialist Republics (USSR), the use of economic sanctions increased exponentially and became the most important foreign policy instruments since the beginning of the 21st century.{{Cite book|last1=Drezner|first1=Daniel W.|url=https://books.google.com/books?id=N_7N_7hAHL4C&dq=Drezner,+D.+W.,+&pg=PR12|title=The Sanctions Paradox: Economic Statecraft and International Relations|last2=Drezner|first2=Daniel W.|last3=Drezner|first3=Professor of International Politics Daniel W.|last4=W|first4=Drezner Daniel|date=1999-08-26|publisher=Cambridge University Press|isbn=978-0-521-64415-0|language=en}}

It is important to understand the concept of economic sanctions before examining cyber sanctions because cyber sanctions are the extension of economic sanctions, and the goal of the both instruments is to use economic/financial instruments to change the target state's undesired behaviors. According to David Baldwin, economic sanctions are the options that have dynamic nature, meaning that they can escalate to interstate wars or deescalate to diplomatic negotiations.{{Cite book|last=Baldwin|first=David A.|url=https://books.google.com/books?id=0THZDwAAQBAJ&dq=Baldwin%2C+D.+A.+%282020%29.+Economic+Statecraft%3A+New+Edition.+Princeton+University+Press.&pg=PR11|title=Economic Statecraft: New Edition|date=2020-09-22|publisher=Princeton University Press|isbn=978-0-691-20444-4|language=en}} Thus, we can categorize economic sanctions as choice of options between the use military or negotiations. In the first category, the conflicting parties confront in the war theater, and in the second category the conflicting parties meet at the tables. However, when it comes to the economic sanctions, there is no need for the conflicting parties to meet with one another. These kinds of situations are seen when there are enduring rivalries between countries. For example, the relations between the USSR, later Russia, and the Western countries, especially the United States. Also, the relations between the US and North Korea can be another example for the use of economic sanctions for many decades. Scholars usually argue that economic sanctions are not effective when it comes to change the target state behaviors.{{Cite journal|last=Pape|first=Robert|date=1997|title=Why economic sanctions do not work|journal=International Security|volume=22|issue=2|pages=90–136|doi=10.1162/isec.22.2.90|s2cid=57566126}}{{Cite journal|last=Pape|first=Robert|date=1998|title=Why economic sanctions still do not work.|journal=International Security|volume=23|pages=66–77|doi=10.1162/isec.23.1.66|s2cid=57565095}}{{Cite book|last=Jones|first=Lee|url=https://books.google.com/books?id=DcOPCgAAQBAJ&dq=Jones,+L.+(2015).+Societies+under+siege:+Exploring+how+international+economic+sanctions+(do+not)+work.+Oxford+University+Press,+USA.&pg=PP1|title=Societies Under Siege: Exploring how International Economic Sanctions (do Not) Work|date=2015|publisher=Oxford University Press|isbn=978-0-19-874932-5|language=en}} However some argue that economic sanctions work at the threatening stage rather than imposition. Others argued that sanctions work when they are used selectively rather than comprehensively.{{Cite book|last=Cortright|first=David|title=Smart sanctions: Restructuring UN policy in Iraq|publisher=Joan B. Kroc Institute|year=2001}} According to Peterson Institute's international economics scholar Hufbauer et al., the implications of the economic sanctions should not be underestimated because, given the results of their datasets, almost 30% of all economic sanctions economic sanctions cases since the Second World War worked successfully.{{Cite book|last1=Hufbauer|first1=Gary Clyde|url=https://books.google.com/books?id=etyVmnPOrG8C&dq=Hufbauer,+G.+C.,+Schott,+J.+J.,+&pg=PR11|title=Economic Sanctions Reconsidered: History and Current Policy|last2=Schott|first2=Jeffrey J.|last3=Elliott|first3=Kimberly Ann|last4=Economics (U.S.)|first4=Institute for International|date=1990|publisher=Peterson Institute|isbn=978-0-88132-136-4|language=en}} As can be seen from these arguments, we have no consensus on the effectiveness of economic sanctions in the scholarly world.{{Cite journal|last=Onder|first=Mehmet|date=2020|title=Regime Type, Issue Type and Economic Sanctions: The Role of Domestic Players|journal=Economies|language=en|volume=8|issue=1|pages=2|doi=10.3390/economies8010002|doi-access=free|hdl=10419/257052|hdl-access=free}}

The experts have different ideas on the effectiveness of economic sanctions. This might be one of the main reasons why policymakers are skeptical for using economic sanctions for the issues related to malicious cyber activities. However, the trend shows that states are enacting some bills that consider the use of economic sanctions for cyber conflicts at the international level. The need for stability in the cyberspace requires regulations both at domestic and international levels. We can consider the legal basis for the use of sanctions for cyber activities under the United Nations Charter's Article 2.4 where it is stated that:

“All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.”

The first cyber-related sanctions in the history was used the European Union in 2017 against six identified individuals who involved in malicious cyber actions against some EU institutions and especially against the Organization for the Prohibition of Chemical Weapons, which is an international organization founded in 1997. The EU's response included targeted sanctions, such as asset freezes and travel ban for these six individuals.{{Cite web|title=EU imposes the first ever sanctions against cyber-attacks|url=https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/|access-date=2021-07-28|website=www.consilium.europa.eu|language=en}}

After detecting malign cyber activities, aiming to manipulate the U.S. industrial systems by using the Triton malware, of some Russian individuals and the relationship between these individuals and the Russian government, the United States Secretary of State released a press statement in October, 2020, that mentioned economic sanctions were imposed economic sanctions under the Section 224 of the Countering America's Adversaries Through Sanctions Act.{{Cite web|title=United States Sanctions Russian Government Research Institution|url=https://2017-2021.state.gov/united-states-sanctions-russian-government-research-institution/|access-date=2021-07-28|website=United States Department of State|language=en-US}}

The developments on legalizing the cyber sanctions in the United States are promising that we might see enactment of more bills focusing on cyber issues at the international level. As of now, there are two executive orders (Executive Order 13694{{Cite web|date=2015-04-01|title=Executive Order -- "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities"|url=https://obamawhitehouse.archives.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m|access-date=2021-07-28|website=whitehouse.gov|language=en}} and Executive Order 13757{{Cite web|title=Sanctions Programs and Country Information|url=https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information|access-date=2021-07-28|website=U.S. Department of the Treasury|language=en}}) that explains how malicious cyber activities will be replied with the use of economic sanctions and other measures.{{Cite web|title=Cyber Sanctions|url=https://www.state.gov/cyber-sanctions/|access-date=2021-07-28|website=United States Department of State|language=en-US}} The authority of the Treasury's Office of Foreign Assets Control (OFAC) is responsible for the initiation and outcomes of the economic sanctions related to cyber-related activities.

The European Union Council has adopted several conclusions on the implementations of collective cyber security in the region. These conclusions also included detailed strategies envisioning the contingency plans and coordinating the responses against malicious cyber activities targeting the EU member countries. The EU Council's conclusions stress the inevitable cyber chaos that can diffuse all over the world if a collective action is not achieved in this regard. Moreover, the creation of a network of security operation centers in the EU served the goal of envisioning the possible signals of the cyber attacks against the EU. Currently, the EU Council is working on enhancing collective cyber response focusing on sanctioning the target by creating a new entity, which is called “cyber intelligence working group.”{{Cite web|title=Cybersecurity: Council adopts conclusions on the EU's cybersecurity strategy|url=https://www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/|access-date=2021-07-28|website=www.consilium.europa.eu|language=en}}{{Cite book|last=Council of the European Union|url=https://data.consilium.europa.eu/doc/document/ST-6722-2021-INIT/en/pdf|title=Draft Council conclusions on the EU's Cybersecurity Strategy for the Digital Decade|year=2021}} Although there are steps taken in using economic sanctions for cyber-related attacks against the EU, these measures are not completed yet, and the member countries have different opinions on the response strategies. The development of the events show that we will see a consensus on strategies for using economic sanctions in the near future.

File:Joint-forces-headquarters-cyber air force.png

Economic sanctions are flexible tools that can be used for many different purposes in many ways. These characteristics of economic sanctions make their use as a viable option for the increasing threats of malicious cyber activities both at intranational and international levels. The development of events show that developed countries, especially the United States and the European Union member countries, are taking serious measures that might enable use of economic sanctions unilaterally and internationally. Unilateral cyber-related sanction are sanctions episodes where the sanctioning state is only one state. Today, we have examples for unilateral cyber-related sanctions. However, it is very rare to see multilateral cyber-related sanctions, where the senders can be either more than one state; or else, there is an international organization, such as the UN or EU, imposing cyber-related sanctions. As can be seen from the European Union Council's conclusions on the common economic sanctions strategies against cyber-attacks, the consensus on using sanctions at the international level looks difficult to achieve. However, we might see that countries can be more willing to cooperate in the future because the level of cyber threats is increasing exponentially every day beyond the international borders. As a result, countries might begin to include cyber commands-as seen in the United States, within their military structures considering the increasing possibility that cyber-related sanctions can escalate to the use of military options.

• Office of Foreign Assets Control
• [https://www.cybercom.mil/ US Cyber Command]
• [https://www.enisa.europa.eu/ European Union Agency for Cybersecurity (ENISA)]
• [https://www.cisa.gov/ Cybersecurity & Infrastructure Security Agency (CISA)]

• Benatar, M., & Gombeer, K. (2011, May). [https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989786 Cyber sanctions: exploring a blind spot in the current legal debate]. In ESIL 2011 4th Research Forum.
• Iftimie, I. A. (2020). Cyber Sanctions: Weaponising the Embargo of Flagged Data in a Fragmented Internet. Journal of Information Warfare, 19(1), 48-IV.
• Iftimie, I. (2019, July). Cyber Sanctions: The Embargo of Flagged Data in a Geo-Cultural Internet. In European Conference on Cyber Warfare and Security (pp. 668-XIV). Academic Conferences International Limited.
• Miadzvetskaya, Y. (2021). Cyber sanctions: towards a European Union cyber intelligence service?. College of Europe Policy Brief series (CEPOB).
• Moret, E., & Pawlak, P. (2017). The EU Cyber Diplomacy Toolbox: towards a cyber sanctions regime?. European Union Institute for Security Studies (EUISS).
• O’Connell, M. E. (2012). Cyber security without cyber war. Journal of Conflict and Security Law, 17(2), 187–209.
• Peters, M. (2017). Cyber Enhanced Sanction Strategies: Do Options Exist?. Journal of Law & Cyber Warfare, 6(1), 95-154.

• Cyberspace
• Cybercrime
• Cyberterrorism
• Cyberattack
• Cybersecurity
• Cyberwarfare

{{Reflist}}

Category:International sanctions

Category:Embargoes