A U.S. House member introduced draft legislation Thursday that would require the Obama administration to sanction Iranian hackers recently indicted for cyberattacks against the U.S.
The Iran Cyber Sanctions Act of 2016, introduced by Rep. John Ratcliffe (R-TX), would expand an executive order that granted the Treasury Department the ability to sanction companies involved in cyberattacks against the United States. The 2015 executive order was not initially intended to be used against individuals suspected of involvement in government hacking.
“The danger posed by Iran's increasingly sophisticated cyber capabilities has grown significantly over the past few years, and we must take these threats seriously,” Ratcliffe said, in a statement.
Seven Iranians who are believed to be connected to the Iranian government and the Islamic Revolutionary Guard were indicted by the Justice Department in March for alleged involvement in attacks against U.S. financial institutions between 2011 and 3013 and a cyberintrusion of a dam in upstate New York.
Former U.S. Air Force cyberspace officer and Dragos CEO Robert Lee called it "very destructive" for the DoJ to focus on individual operators, in speaking with SCMagazine.com after the Iranian hackers' indictment.
"It gives foreign nations a way out, by allowing them to blame individuals and say they were rogue operators, instead of the U.S. holding the governments responsible," Lee said. "They're doing name and shame strategies that make great headline but don't actually fix anything."
A version of the legislation was introduced in the Senate last month by Sen. Mike Rounds (R-SD).