Pages

28 June 2015

China Most Likely Behind OPM Data Hack, DNI Clapper

Damian Paletta
June 26, 2015

WASHINGTON—The top U.S. intelligence official signaled Thursday that Chinese hackers were behind the theft of millions of personnel records from the federal government, marking the administration’s most pointed assignment of blame since the breach was announced June 4.

Director of National Intelligence James Clapper, speaking at a Washington intelligence conference, said China was the “leading suspect” in the attacks, adding that given the difficulty of the intrusion, “You have to kind of salute the Chinese for what they did.”

Mr. Clapper’s pointed remarks come as U.S. officials are debating how and whether to retaliate against Chinese officials for the breach of records and background investigation data from the Office of Personnel Management. Officials are still studying how many people were affected, but they believe 18 million Social Security numbers could have been compromised.

President Barack Obama in April signed an executive order that would make it easier for the Treasury Department to impose sanctions against any person who conducts a cyberattack that represents a “significant threat” against the U.S. government or a U.S. firm.

The White House hasn’t used these new powers yet, but they are considering whether to enact them in this case, people familiar with the matter said.

White House spokesman Josh Earnest said Thursday the new sanctions power “gives the U.S. government a whole set of new tools that didn’t previously exist in responding to incidents like this.” He said the White House would not telegraph its “response to this incident, but they certainly are available.”

The administration previously avoided publicly attributing the breach to China, though numerous U.S. officials privately have said the hackers were Chinese.

A spokesman at the Chinese embassy in Washington did not respond to a request for comment. Beijing has previously denied involvement in the incident.

Mr. Clapper said hackers will continue to try to steal information from the government and from American companies until policy makers beef up deterrence against stealing intellectual property or private records.

“The challenge here, the problem for us, frankly, is until such time as we can create both the substance and the psychology of deterrence, this is going to go on,” he said, “And that’s been frankly a struggle for us, because of concerns about unintended consequences and other related policy issues.”

Mr. Clapper appeared to be alluding to an internal battle within the White House on how to best respond to cyberattacks. He said the lack of a threat of retribution from the U.S. government means policy makers must focus “a lot more attention to defense.”

U.S. officials have been careful not to reveal any details of the internal debate over how to respond to large-scale cyberattacks, but they have acknowledged they lack a clear approach.

Both Defense Secretary Ash Carter and National Security Agency Director Adm. Michael Rogers have said the U.S. should come up with a clear protocol for how it responds to cyberattacks, in part to warn hackers about the consequences of their actions.

Mr. Clapper said Thursday that such a protocol would allow the U.S. clearly to state once a hacker crossed “a red line, at that point, what are we going to do about it?”

Asked if he would recommend any specific response to the Chinese, Mr. Clapper said that was up to the White House and others.

“We are just down in the engine room shoveling intelligence coal,” he said.

In past years it was unusual for the U.S. government to identify suspected cyberthieves, but that may be changing. In December, the White House accused North Korea of stealing and destroying large amounts of records from Sony Pictures Entertainment. And in May 2014, a federal grand jury indicted five Chinese military hackers for “computer hacking, economic espionage” and other offenses against entities including a U.S. nuclear plant.

No comments:

Post a Comment