The massive data breach of a US government server originating from China might make for awkward conversation between President Obama and Chinese President Xi Jinping during his visit to Washington this week. But as pissed off as Obama might be, his options for fending off future Chinese hacking may be limited to incoherent mumbling and impassioned gesturing.
In July, the US Office of Personnel Management (OPM) announced it was the target of a yearlong data breach that was the largest of its kind in US government history. The records of more than 20 million people were compromised, including highly sensitive security clearance background information. Media reports citing unnamed government officials indicated the attacks originated in China, but whether the attackers had the support of the Chinese government is unclear. Though the stolen information has not shown up for sale in dark corners of the internet, reports indicate China may be compiling OPM and other stolen data into a database of US federal employees for further espionage potential, according to current and former intelligence officials.
Related: Hacks Bring Down US Background Check System — But the Worst Is Yet to Come
China's alleged cyber intrusions are not limited to traditional espionage. They also target the private sector and commercial secrets -- an issue the House and Senate leadership warned President Barack Obama about in a letter this week.
Most countries make a distinction between political and economic espionage, with the former tacitly accepted as something all nations do, while the latter is not viewed as an acceptable government activity. The Chinese government tends to conflate the two, which makes a certain amount of sense given the intimate relationship between government and private industry in China. Despite high-profile breaches like the OPM hack, the US is most concerned about halting China's economic espionage activities.
"This isn't a mild irritation, it's an economic and national security concern to the United States," National Security Advisor Susan Rice said during an address at George Washington University Monday. "Cyber-enabled espionage that targets personal and corporate information for the economic gain of businesses undermines our long-term economic cooperation, and it needs to stop."
Xi repeated what has become China's standard answer to US accusations: "China takes cybersecurity very seriously," he said. "China is also a victim of hacking. The Chinese government does not engage in theft of commercial secrets in any form, nor does it encourage or support Chinese companies to engage in such practices in any way." China has in the past expanded on these denials, citing its lack of control over independent actors — so-called "patriotic hackers" — and unsanctioned activities by local governments far from Beijing.
Determining who's doing the hacking is also challenging. Denise Zheng, deputy director and senior fellow in the Strategic Technologies Program at the Center for Strategic and International Studies, said hackers "may wear a PLA [China's People's Liberation Army] hat during the day and black hat at night."
The question of how the US should respond remains tricky. Obama last week said the attacks were straining the US relationship with China, and "that we are prepared to some countervailing actions in order to get their attention."
Those actions may not necessarily take place online.
"We've made clear that we have other punitive measure available when we do see instances of cyber intrusion and cyber theft," Ben Rhodes, the deputy national security adviser, said yesterday in a conference call with reporters. "Sanctions remain a tool of the United States, and we would be prepared, if necessary, to pursue sanctions."
Related: Chinese Cyber Attacks Trigger US MIDLIFE Crisis
Follow Shannon Hayden on Twitter: @ShannonKHayden
Read More >>
