[The Justice Department is exploring legal action against Chinese individuals and organizations believed responsible for the personnel office theft, much as it did last summer when five officers of the People’s Liberation Army, part of the Chinese military, were indicted on a charge of the theft of intellectual property from American companies. While Justice officials say that earlier action was a breakthrough, others characterize the punishment as only symbolic: Unless they visit the
or a friendly nation, none of
them are likely to ever see the inside of an American courtroom.] United States
The Obama administration has determined that it must retaliate againstChina for the theft of the personal information of more than 20 million Americans from the databases of the Office of Personnel Management, but it is still struggling to decide what it can do without prompting an escalating cyberconflict.
The decision came after the administration concluded that the hacking attack was so vast in scope and ambition that the usual practices for dealing with traditional espionage cases did not apply.
But in a series of classified meetings, officials have struggled to choose among options that range from largely symbolic responses — for example, diplomatic protests or the ouster of known Chinese agents in the
— to more significant actions
that some officials fear could lead to an escalation of the hacking conflict
between the two countries. United States
That does not mean a response will happen anytime soon — or be obvious when it does. The White House could determine that the downsides of any meaningful, yet proportionate, retaliation outweigh the benefits, or will lead to retaliation on American firms or individuals doing work in China. President Obama, clearly seeking leverage, has asked his staff to come up with a more creative set of responses.
“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” said one senior administration official involved in the debate, who spoke on the condition of anonymity to discuss internal White House plans. “We need to disrupt and deter what our adversaries are doing in cyberspace, and that means you need a full range of tools to tailor a response.”
In public, Mr. Obama has said almost nothing, and officials are under strict instructions to avoid naming
as the source of the attack.
While James R. Clapper Jr., the director of national intelligence, said last
month that “you have to kind of salute the Chinese for what they did,” he
avoided repeating that accusation when pressed again in public last week. China
But over recent days, both Mr. Clapper and Adm. Michael S. Rogers, director of the National Security Agency and commander of the military’s Cyber Command, have hinted at the internal debate by noting that unless the
finds a way to respond to the
attacks, they are bound to escalate. United States
Mr. Clapper predicted that the number and sophistication of hacking aimed at the
would worsen “until such time
as we create both the substance and psychology of deterrence.” United States
Admiral Rogers made clear in a public presentation to the meeting of the Aspen Security Forum last week that he had advised President Obama to strike back against
for the earlier attack on Sony
Pictures Entertainment. Since then, evidence that hackers associated with the
Chinese government were responsible for the Office of Personnel Management
theft has been gathered by personnel under Admiral Rogers’s command, officials
said. North Korea
Admiral Rogers stressed the need for “creating costs” for attackers responsible for the intrusion, although he acknowledged that it differed in important ways from the Sony case. In the Sony attack, the theft of emails was secondary to the destruction of much of the company’s computer systems, part of an effort to intimidate the studio to keep it from releasing a comedy that portrayed the assassination of Kim Jong-un, the North Korean leader.
According to officials involved in the internal debates over responses to the personnel office attack, Mr. Obama’s aides explored applying economic sanctions against
, based on the precedent of
sanctions the president approved against China in January. North Korea
“The analogy simply didn’t work,” said one senior economic official, who spoke on the condition of anonymity to discuss internal White House deliberations.
is so isolated that there was
no risk it could retaliate in kind. But in considering sanctions against North Korea , officials from the Commerce
Department and the Treasury offered a long list of countersanctions the Chinese
could impose against American firms that are already struggling to deal with China . China
The Justice Department is exploring legal action against Chinese individuals and organizations believed responsible for the personnel office theft, much as it did last summer when five officers of the People’s Liberation Army, part of the Chinese military, were indicted on a charge of the theft of intellectual property from American companies. While Justice officials say that earlier action was a breakthrough, others characterize the punishment as only symbolic: Unless they visit the
or a friendly nation, none of
them are likely to ever see the inside of an American courtroom. United States
“Criminal charges appear to be unlikely in the case of the O.P.M. breach,” a study of the Office of Personnel Management breach published by the Congressional Research Service two weeks ago concluded. “As a matter of policy, the United States has sought to distinguish between cyber intrusions to collect data for national security purposes — to which the United States deems counterintelligence to be an appropriate response — and cyber intrusions to steal data for commercial purposes, to which the United States deems a criminal justice response to be appropriate.”
There is another risk in criminal prosecution: Intelligence officials say that any legal case could result in exposing American intelligence operations inside
— including the placement of
thousands of implants in Chinese computer networks to warn of impending
Other options discussed inside the administration include retaliatory operations, perhaps designed to steal or reveal to the public information as valuable to the Chinese government as the security-clearance files on government employees were to
One of the most innovative actions discussed inside the intelligence agencies, according to two officials familiar with the debate, involves finding a way to breach the so-called great firewall, the complex network of censorship and control that the Chinese government keeps in place to suppress dissent inside the country. The idea would be to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the
. United States
But any counterattack could lead to a cycle of escalation just as the
hopes to discuss with Chinese
leaders new rules of the road limiting cyberoperations. A similar initiative to
get the Chinese leadership to discuss those rules, proposed by Mr. Obama when he met the Chinese leader at Sunnylands in California in
2013, has made little progress. United States
has been cautious about using
cyberweapons or even discussing it. A new Pentagon strategy, introduced by the
secretary of Defense, Ashton B. Carter, in the spring, explicitly discussed
retaliation but left vague what kind of cases the United States viewed as so critical that
they would prompt that type of retaliation. United States
In response to the Office of Personnel Management attack, White House officials on Friday announced the results of a 30-day “cybersecurity sprint” that began in early June after the federal personnel office disclosed the gigantic theft of data.
Tony Scott, the government’s chief information officer, who ordered the review, said in a blog post that agencies had significantly ramped up their use of strong authentication procedures, especially for users who required access to sensitive parts of networks.
By the end of the 30th day, officials said that more than half of the nation’s largest agencies, including the Departments of Transportation, Veterans Affairs and the Interior, now required strong authentication for almost 95 percent of their privileged users.
For Mr. Obama, responding to the theft at the Office of Personnel Management is complicated because it was not destructive, nor did it involve stealing intellectual property. Instead, the goal was espionage, on a scale that no one imagined before.
“This is one of those cases where you have to ask, ‘Does the size of the operation change the nature of it?’ ” one senior intelligence official said. “Clearly, it does.”
Michael D. Shear contributed reporting