Why Sanctions Can’t Stop Cyberattacks – But Still Hurt
▼ Summary
– Sanctions can slow down, increase risks for, and raise costs of state-sponsored cyberattacks even if they don’t stop them completely.
– Targeting enablers like cryptocurrency services, hosting providers, and contractors is more effective than directly targeting hackers themselves.
– Sanctions work best when combined with other measures like diplomatic pressure, criminal indictments, and intelligence sharing for greater impact.
– Sanctions lose effectiveness when implemented too late, without coordination, or with weak enforcement mechanisms like the EU’s slow listing process.
– Even when not directly hurting targets, sanctions reinforce deterrence, clarify international norms, and create operational friction for adversaries.
When Western governments seek to counter state-sponsored cyber threats, sanctions often emerge as a primary tool. While these measures rarely halt malicious activity entirely, they impose significant operational friction, forcing attackers to slow down, adapt their methods, and absorb higher costs. A recent analysis from the Royal United Services Institute (RUSI) clarifies that sanctions function most effectively as part of a broader strategy rather than as isolated punishments.
The RUSI taskforce, composed of cybersecurity officials and analysts, examined how the United States, United Kingdom, and European Union deploy sanctions. Their investigation revealed that the most impactful approach involves targeting the ecosystem that enables cyber operations. This includes cryptocurrency mixing services, hosting providers, technology suppliers, and private contractors with global connections. These entities are often more vulnerable than the hackers themselves because they operate within, and depend upon, the legitimate international economy. Disrupting their services can cripple malicious campaigns more effectively than focusing solely on the individuals directing them.
Sanctions deliver the strongest results when governments integrate them with other instruments of state power. Combining financial penalties with diplomatic pressure, criminal indictments, and public intelligence advisories creates a compounded effect. For instance, the U.S. frequently announces sanctions concurrently with Justice Department charges, sending a powerful message that cyber intrusions carry real-world consequences. Each tool reinforces the others: sanctions stigmatize, indictments isolate, and technical advisories empower private-sector defense. This multi-pronged pressure damages reputations and complicates operations across entire networks, not just for specifically named individuals.
Furthermore, sanctions serve vital strategic purposes even when their direct economic impact is limited. They help reinforce deterrence, clarify international norms about acceptable behavior in cyberspace, and strengthen solidarity among allied nations. Publicly naming foreign intelligence officers, while not always a direct deterrent, fulfills important diplomatic and signaling functions.
The effectiveness of sanctions diminishes considerably when they are applied too slowly or without international coordination. Delayed actions often become merely symbolic, lacking the bite needed to disrupt ongoing operations. Unilateral measures are particularly weak, as threat actors can simply shift their activities to jurisdictions beyond the sanctioning country’s reach. The European Union’s cautious and slow listing process, coupled with its reluctance to swiftly attribute attacks, was noted as a factor that undermines the potential strength of its sanctions regime.
However, the practice of public attribution is gaining traction globally. Nations like France, the Czech Republic, and Singapore have all recently identified foreign state hackers behind major incidents. Once an attack is publicly attributed, imposing sanctions becomes a more justifiable and credible component of a collective international response.
Sanctions are adept at creating friction, complicating the lives of cyber adversaries. North Korean operators, for example, continue to execute cryptocurrency heists but encounter immense difficulty converting their digital loot into usable currency. This demonstrates how sanctions can force continuous adaptation and elevate risks, even if they don’t completely stop the underlying activity.
The ultimate objective is not to prevent every single hostile operation, an unattainable goal given the stealthy and persistent nature of cyber threats. Instead, the aim is to weave sanctions together with diplomatic, law enforcement, and intelligence tools to alter an adversary’s calculus. In practical terms, this means disrupting malicious campaigns by making them less profitable and more politically or economically costly for the perpetrators.
(Source: HelpNet Security)
