The Obama administration has decided against publicly blaming China for a massive hack of the U.S. Office of Personnel Management (OPM) over the past year according to senior administration officials in talking to the Washington Post. In June it was revealed that the OPM had been hacked which saw the compromise of the files of millions of current and former U.S. federal employees including secret records and many considered this a great defeat to the U.S. intelligence community. China is widely seen as being responsible for the hack though the U.S. has refrained from blaming them. Reasons for not doing so include a reluctance to reveal certain information and fears that similar cyber-attacks conducted by the U.S. on China will become public.
The OPM Hack and Fears of China
The hack at OPM saw the theft of personal data on millions of federal workers including highly sensitive security clearance information. When the hack became public knowledge, there was uproar in the U.S. Retired General Michael Hayden, former head of both the Central Intelligence Agency and National Security Agency, said that the data breach is a “tremendously big deal” and “The potential loss here is truly staggering and, by the way, these records are a legitimate foreign intelligence target.” Believing the breach to have originated from China, he feared that the stolen information will be used to help recruit spies in the U.S. and abroad while outing intelligence agents around the world.
Meanwhile, the former top counterintelligence official for the Intelligence Community, Joel Brenner said of the information obtained in the breach, “crown jewels material, a goldmine” for China. Even the FBI alluded to China’s involvement when it warned companies in the weeks following about malicious software found in the OPM breach that may be tied to Chinese hackers. Politicians in the U.S. from both sides of the aisle were also quick to point the finger at China and its growing cyber abilities which are seen as a threat to U.S. national security.
Reluctance to Blame China
Despite many placing blame on China, the Obama Administration has announced that it will not publicly declare China as the culprit. This week a senior Obama administration official told the Washington Post, “We have chosen not to make any official assertions about attribution at this point.” Factors cited in refraining from blaming China include concern that in making a public case against China would require exposing details of the espionage and cyberspace capabilities and activities of the U.S. The same official added, “We don’t see enough benefit in doing the attribution at this point to outweigh whatever loss we might [experience] in terms of intelligence-collection capabilities.”
In the past the U.S. has not been afraid to respond to situations where foreign governments have been deemed responsible for the theft of corporate secrets at major U.S. firms. Last June, five members of Unit 61398 were indicted by the Justice Department for stealing corporate secrets from several U.S. firms. Unit 61398 is one of several units of the Peoples Liberation Army (PLA) solely dedicated to cyber espionage. When foreign governments have been implicated of hacking government databases though, the government has been more restrained in its response.
Stealing or the attempt to steal information from another government is a traditional aspect of espionage. Because of that, there is a reluctance to take massive public action, in this case against China. With revelations of NSA spying on other countries including allies of the U.S., there is little reason to believe that the U.S. doesn’t conduct its own cyber espionage against China. The boldness of China in the hack even brought about a degree of respect in the U.S. intelligence community with Director of National Intelligence James Clapper saying, “You have to kind of salute the Chinese for what they did”. In so much, there seems to be little desire on the administration to bring such activities to light if they are to publicly blame China.
Regardless of the unwritten rules of espionage where this activity is considered to be expected, this event should warrant a more significant response. The hack of OPM is considered to be one of the most damaging cyber thefts in U.S. government history. The administration is still considering economic sanctions or other punitive measures on China for the OPM breach with a senior official saying, “We’re still teeing up options” for Obama and his national security team. This would send a message to China and act essentially as an implicit blame but does it go far enough?
The unwillingness of the Obama administration to take a harsher stance on China might also be due to other factors. The dispute in the South China Sea is heating up and the U.S. does not want to inflame that situation any more. The U.S. is looking to counter the rise of China but has to be cautious in how it proceeds so as to not push Beijing to take more aggressive actions. Furthermore, Washington might not want to endanger the upcoming visit of China’s President, Xi Jinping to Washington D.C. this September.
While the Obama administration won’t publicly blame China, there is little doubt that it is behind closed doors. At this point though the question is, what will a public condemnation of China by the U.S. government solve? By making the hack at OPM public knowledge, the government has allowed for China to be blamed as many current and former government officials have already done so. While the U.S. cannot stop China’s cyber espionage, the theft of records at OPM should send a signal to the intelligence and defense communities that the cyber threat from China is very real, and very dangerous and that greater steps must be taken to protect the U.S. from such attacks in the future.