If you can’t beat them, then you better offer compliments. That seems to be the attitude of U.S. Director of National Intelligence James Clapper when he announced Thursday it appears that Chinese hackers pulled off the network intrusion that led to the theft millions of personnel records from the federal government.
Speaking at a Washington intelligence conference on Thursday morning, Clapper said China was the “leading suspect” in the attacks, but then added that given the difficulty of the intrusion, “You have to kind of salute the Chinese for what they did.”
More on recent OPM hack
U.S. officials are still studying how many people were impacted in the recently discovered breach of records and background investigation data from the Office of Personnel Management, but it appears that up to 18 million Social Security numbers could have been compromised. The latest information also seems to suggest that sensitive personal information related to background checks on thousands of U.S. government employees was also accessed, which significantly ups the ante in terms of the potential intelligence value of the data.
President Obama signed an executive order nearly three months ago giving the Treasury Department the power to impose sanctions against any person who conducts a cyber attack that is a “significant threat” against the U.S. government or a U.S. firm. The Feds have not used these new powers yet, but according to knowledgeable sources, the White house team is seriously considering taking this route to punish the perpetrators.
On Thursday, presidential spokesperson Josh Earnest noted that the new legal power “gives the U.S. government a whole set of new tools that didn’t previously exist in responding to incidents like this.” He went further to say that the U.S. would not give advance notice of its “response to this incident, but they certainly are available.”
Of note, the Obama administration had avoided publicly attributing the breach to China to date, even though several officials have privately commented that the hackers were almost certainly Chinese.
Statement from DNI head James Clapper
In his comments, Clapper noted that hackers will continue to make efforts to steal information from the government and from American companies until we beef up deterrence against the theft of intellectual property and private records.
“The challenge here, the problem for us, frankly, is until such time as we can create both the substance and the psychology of deterrence, this is going to go on,” Clapper explained, “And that’s been frankly a struggle for us, because of concerns about unintended consequences and other related policy issues.”
This comment was apparently an allusion to an internal battle within the executive branch on how to respond to cyber attacks. Clapper noted the lack of a credible threat of retribution from the U. means policy makers must give “a lot more attention to defense.”
Clapper also argued that establishing a clear protocol for major hacking incidents would allow the government to state once a hacker crossed “a red line, at that point, what are we going to do about it?”
When asked what specific response would he recommend to the Chinese intrusion, Clapper refused to answer, saying that was up to the White House and other policy makers.