449. I administer a network for my employer and I regularly deny access to certain services and systems (e.g., retail websites, social media platforms) in order to ensure the performance of the network for authorized business activities. Could I or my employer be sanctioned for this?

The measures in this order are designed to address the threat posed by individuals and entities engaged in significant malicious cyber-enabled activities that have the purpose or effect of causing specific enumerated harms. These measures are not designed to prevent or interfere with legitimate network defense or maintenance activities performed by computer security experts and companies as part of the normal course of business on their own systems, or systems they are otherwise authorized to manage.