Trump Issues Executive Order to Further Combat ‘Malicious’ Foreign Cyber Activities

January 19, 2021 Updated: January 20, 2021

President Donald Trump on his last full day in office issued an executive order aimed at the use of cloud computing products for malicious cyber operations against the United States.

The order addresses the use of United States Infrastructure as a Service (IaaS) products, a type of cloud computing, by foreign malicious cyber actors.

“IaaS products provide persons the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers. Foreign malicious cyber actors aim to harm the United States economy through the theft of intellectual property and sensitive data and to threaten national security by targeting United States critical infrastructure for malicious cyber-enabled activities,” Trump said in his order.

“Foreign actors use United States IaaS products for a variety of tasks in carrying out malicious cyber-enabled activities, which makes it extremely difficult for United States officials to track and obtain information through legal process before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities; foreign resellers of United States IaaS products make it easier for foreign actors to access these products and evade detection,” he added. “This order provides authority to impose record-keeping obligations with respect to foreign transactions.”

Trump is ordering the Commerce Department to draft regulations that require U.S. IaaS providers to verify the identity of a foreign person that obtains an account.

The order also authorizes the Secretary of Commerce to ban or restrict accounts by any foreign person in a foreign nation “found to have any significant number of foreign persons offering U.S. IaaS products used for malicious cyber-enabled activities,” or by any U.S. IaaS provider for or on behalf of a foreign person.

The Secretary of Commerce is further authorized to ban or restrict accounts in the United States by any U.S. IaaS provider for or on behalf of a foreign person “if such an Account involves any such foreign person found to be offering United States IaaS products used in malicious cyber-enabled activities or directly obtaining United States IaaS products for use in malicious cyber-enabled activities.”

National security adviser Robert O’Brien said that Trump’s action is a “major step” in giving U.S. network defenders and investigators an advantage in protecting the American people.

“Foreign malicious cyber actors threaten our economy and national security through the theft of intellectual property and sensitive data, and by targeting United States critical infrastructure,” he said in a statement.

“By gaining access to United States IaaS products, foreign actors can steal the fruits of American innovation and prepare destructive attacks on our Nation’s critical infrastructure with anonymity. Malign actor abuse of United States IaaS products has played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and Solar Winds.”

The order comes after a massive hacking campaign in late 2020 that breached federal government networks through inserting malicious code into software updates for SolarWinds’ Orion network management software. SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies.

U.S. officials have said they believe Russia was behind the cyberattack against SolarWinds, Secretary of State Mike Pompeo told Mark Levin’s radio show in December 2020. Then-Attorney General William Barr also said in December 2020 he believed the hacking campaign was carried out by Russian hackers. The Kremlin has denied any involvement.

Follow Mimi on Twitter: @MimiNguyenLy