Cyber security is an increasingly important issue in both the public and private sector, and U.S. government departments have fallen victim to hackers.
The latest hack struck the Office of Personnel Management (OPM), revealing sensitive information on millions of federal employees. China is known to possess sophisticated cyber warfare capabilities, and is frequently suspected of hacking U.S. targets. Now a Republican senator has attacked the Obama administration for not officially pointing the finger at Beijing over the OPM hack, writes Cory Bennett for The Hill.
Senator Sasse accuses Obama of “strategic mistake”
Senator Ben Sasse (R-Neb.) believes that Obama is making mistake by not blaming China for the attacks.
“This refusal is a strategic mistake, and the fact that we’re making it may indicate things are even worse than we’ve been led to believe,” read an op-ed by Sasse in USA Today on Monday.
Within days of the first of two hacks at the OPM, government officials revealed suspicions that China was responsible. 22 million people had sensitive data stolen in the hacks.
Experts believe that the data may form part of a database of U.S. government workers which Beijing is collecting for future use. Millions of federal workers had personal data such as background investigation documents stolen, and the information could be used to imitate them, perform future cyberattacks, identify undercover staff, blackmail workers or recruit informants.
White House decides against attribution
“By declining to tell the truth about China, we abandon a core tenant of cyber deterrence theory: public attribution,” Sasse wrote. “The administration knows this. So why is the administration officially staying silent?”
Officials at the White House have said that by releasing evidence connecting China to the hack they may also release sensitive information.
“We don’t see enough benefit in doing the attribution at this point to outweigh whatever loss we might [experience] in terms of intelligence-collection capabilities,” said a senior administration official to The Washington Post last week.
However Sasse does not buy into this reasoning. He called the argument the “flimsiest” of justifications.
“This is wrong,” he wrote. “Telling the truth about China doesn’t disclose our own capabilities. We’re not taking China to court. We don’t have to publicly file the intelligence and analysis that informs our judgments.”
Obama administration wary of jeopardizing relationship with China
Sasse sits on the Senate Homeland Security and Governmental Affairs Committee, and so should be aware of the delicate situation which the Obama administration is currently handling regarding China. Recent high-level talks covered a number of topics, including cyber security, and were intended to lay the groundwork for real progress during the scheduled visit of Chinese President Xi Jinping in September.
In addition to cyber warfare, the two sides discussed the ongoing territorial disputes in the South China Sea, which are causing increasingly tense standoffs between China, the U.S. and its regional allies.
However recent developments are more important than individual issues. China has repeatedly asked for a readjustment of its relationship with the U.S. as Beijing believes it deserves more respect in Asia and beyond. There is a legitimate fear that a public accusation could cause tensions to get worse.
As logical as this thinking may seem, Sasse calls it “more concerning.”
“Cyber threats keep our defense and intelligence leaders up at night because no aspect of daily life is immune to attack, and the administration’s decision not to attribute the OPM hack to the Chinese suggests that we’re not operating from a position of strength,” he wrote.
Legitimate worries over U.S. cyber defenses
Sasse believes that the OPM hacks are just one factor in a deepening concern for national security. He recently told The Hill that he was “worried that foreign actors who have nefarious goals in this space know that we’re asleep at the switch. There are a lot of bad actors out there thinking about cyber in ways that seem well ahead of where this government is.”
He used his latest piece to reiterate the point. If the Obama administration is “silent out of duress,” he wrote, “it underscores the essential point that we’ve got a lot more to worry about than just the loss of social security numbers and ruined credit scores. Our national security is at stake.”
Cyber security experts have long maintained that the U.S. and its allies are lagging behind China and Russia in terms of the sophistication of their cyber capabilities. The apparent ease with which foreign actors are able to penetrate government and private sector computer systems lends weight to that argument.
Sasse may be right to be worried by the strength of the U.S.’s cyber enemies, but it would be silly to risk intelligence information just in order to publicly blame Beijing.