On Tuesday, President Trump issued an executive order, and the following is a translation of his full letter to the Speaker of the House and the President of the Senate.
Letter to the Speaker of the House and the President of the Senate
Dear Madam Speaker, (Dear Mr. President).
Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report that I have issued an Executive Order declaring that, with respect to Executive Order 13694 of April 1, 2015 (Freezing the Property of Certain Persons Engaged in Significant Malicious Cyber Enabling Activities) to take additional steps to address the use of U.S. Infrastructure as a Service (IaaS) products by foreign malicious cyber actors.
Foreign actors use U.S. IaaS products for a variety of tasks to conduct malicious cyber-enabled activities, making it extremely difficult for U.S. officials to track and obtain information through legal proceedings before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities; foreign distributors of U.S. IaaS products make it easier for foreign actors to obtain these products and evade detection. The order authorizes the imposition of record retention obligations on foreign transactions .
To address these threats, to deter foreign malicious cyber actors from using U.S. IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that vendors offering U.S. IaaS products verify the identity of persons who obtain IaaS accounts (“accounts”) for the purpose of providing those products, and maintain records of those transactions. Where appropriate, and to further prevent malicious cyber activity, the United States must also restrict access to U.S. IaaS products by certain foreign actors. In addition, the United States must encourage stronger cooperation among U.S. IaaS providers, including increased voluntary information sharing, to enhance efforts to thwart the actions of foreign malicious cyber actors.
I have authorized the Secretary of Commerce, in consultation with the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, to exempt any U.S. IaaS provider or any particular type of account or lessee from the requirements of any regulation issued under the Act. These standards and procedures may include a finding by the Secretary that the provider, account, or lessee complies with security best practices to prevent misuse of the IaaS product.
The heads of all executive departments and agencies are directed to take all appropriate measures within their authority to implement the provisions of this Executive Order.
A copy of the Executive Order I issued is attached.
DONALD J. TRUMP (Donald J. Trump)
Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House
Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities | The White House
Recent Comments