In Data Breach, Reluctance To Point The Finger At China

Loading
Error

/

Download
Embed Code

Copy/paste the following code

Donate

Adm. Michael Rogers, NSA director and head of the U.S. Cyber Command, has avoided singling out China for blame in the OPM hack, which may affect as many as 18 million federal workers. (Chip Somodevilla/Getty Images)
Adm. Michael Rogers, NSA director and head of the U.S. Cyber Command, has avoided singling out China for blame in the OPM hack, which may affect as many as 18 million federal workers. (Chip Somodevilla/Getty Images)

Adm. Michael Rogers is among the American officials most likely to know which country perpetrated the Office of Personnel Management's massive data breach, possibly the biggest hack ever of the U.S. government. He's not only director of the National Security Agency, but also heads the U.S. Cyber Command.

Still, when asked last week at a spy satellite symposium about the origin of the OPM hack, which was first reported in early June, Rogers demurred.

"I'm not gonna get into the specifics of attribution," he said. "That's a process that we're working through on the policy side. There's a wide range of people, groups and nation states out there aggressively attempting to gain access to that data."

Lawmakers have shown a similar reluctance to name names. California U.S. Rep. Adam Schiff is the House Intelligence Committee's top Democrat and has been outspoken on many sensitive issues.

But in an interview, Schiff did not cite China when asked which country was behind the data breach.

Director of National Intelligence James Clapper, shown here speaking in March at the Council on Foreign Relations, has named China as "the leading suspect" behind the OPM data theft.
Director of National Intelligence James Clapper, shown here speaking in March at the Council on Foreign Relations, has named China as "the leading suspect" behind the OPM data theft.

"I think we have a pretty good case as to who's responsible," he said. "But it really is up to the administration to decide whether they want to publicly attribute the attack."

Federal law enforcement sources tell NPR the personal data of at least 18 million federal workers may have been accessed through the OPM computer system. Some China experts say assigning blame in this case can be tricky, because cyberspying there is often outsourced to nongovernment contractors.

"It's hard to sort of pin down who you should be blaming, and if you leave all of the blame at Beijing's doorstep, is that really the right place?" says Dan Altman, a China-watcher at New York University's Stern School of Business and senior economics editor at Foreign Policy magazine.

Beyond uncertainty, there's the hard, cold reality that China is still the United States' second largest trade partner, after Canada.

"This might not be the best time to try and get into the blame game with Beijing," Altman says, "because you want to engage them in that economic relationship, and that's always been the reason for reticence in terms of the United States pushing back at China — and not just over cybersecurity, but over things like civil rights and human rights as well."

Not surprisingly, China denies any responsibility for the OPM hack. At a meeting last month in Beijing with foreign journalists, the Chinese foreign minister, Wang Yi, inveighed against what he termed "irresponsible finger-pointing" by anonymous sources.

"The Chinese government opposes any hacking activities or the theft of commercial secrets," he said, "and this is the set policy of the Chinese government, and we have very strict regulations."

Wang also pointed out that 80 percent of the Chinese government's websites have been hacked. Most of these cyberattacks, he asserted, have come from the U.S.

Just as China is willing to point fingers, so, too, are some American officials. One of them is Director of National Intelligence James Clapper. At the same symposium where the NSA's Rogers had avoided singling out China for blame, Clapper named China as "the leading suspect" behind the data theft.

"You have to kind of salute the Chinese for what they did," Clapper said, adding, "You know, if we had the opportunity to do that, I don't think we'd hesitate for a minute."

That the nation's top intelligence official would name China publicly struck some in his audience as revealing.

"I think Clapper's saying clearly here, A) I really do want to go after them, and B), it's really complicated," says Colin Clark, editor of the online publication Breaking Defense. "If you're simply engaging in counterespionage, you're OK. But, you know, where does counterespionage begin and end and where does war-fighting begin?"

Clark says nobody in Washington wants to get into a dogfight with Beijing over the stolen data.

And with Chinese President Xi Jinping set to make his first state visit to the White House in September, the muted official response to the OPM hack is bound to continue.

Copyright 2015 NPR. To see more, visit http://www.npr.org/.

Related Story:

Copyright NPR. View this article on npr.org.

Transcript

RACHEL MARTIN, HOST:

Several weeks have gone by since the Office of Personnel Management revealed it had been hacked. Federal law enforcement sources say the personal information of more than 18 million people may have been compromised. China is the prime suspect in the hack, and yet U.S. officials remain reluctant to say so publicly. NPR's David Welna looks at why.

DAVID WELNA, BYLINE: If any American officials should know which country perpetrated the OPM's massive data breach, it would likely be Admiral Michael Rogers. He not only directs the National Security Agency, he also heads the U.S. Cyber Command. But if Rogers knows, he's not saying.

(SOUNDBITE OF ARCHIVED RECORDING)

MICHAEL ROGERS: I'm not going to get into the specifics of attribution. That's a process that we're working through on the policy side.

WELNA: Last week during an appearance at a spy satellite symposium, Rogers declined to blame China for the OPM hack. The most he would say was this...

(SOUNDBITE OF ARCHIVED RECORDING)

ROGERS: There's a wide range of people, groups and nation states out there aggressively attempting to gain access to that data.

WELNA: And while California Congressman Adam Schiff is outspoken on many other sensitive issues, the House Intelligence Committee's top Democrat would not name China when asked in an interview which country is behind the data breach.

(SOUNDBITE OF ARCHIVED RECORDING)

ADAM SCHIFF: I think we have a pretty good case as to who's responsible, but it really is up to the administration to decide whether they want to publicly attribute the attack.

WELNA: Some China experts say assigning blame in this case can be tricky because cyberspying there is often outsourced to non-government contractors.

DAN ALTMAN: It's hard to sort of pin down who you should be blaming, and if you leave all of the blame at Beijing's door step, is that really the right place?

WELNA: That's Dan Altman, a China-watcher at New York University's Stern School of Business, as well as economics editor at Foreign Policy magazine. Altman says beyond uncertainty, there's a hard, cold reality - China is still the United States' second-largest trade partner.

ALTMAN: This might not be the best time to try and get into the blame game with Beijing because you want to engage them in that economic relationship. And that's always been the reason for reticence, in terms of the United States pushing back at China not just over cybersecurity, but over things like civil rights and human rights, as well.

WELNA: Not surprisingly, China denies any responsibility for the OPM hack. Here's Chinese Foreign Minister Wang Yi speaking to a group of foreign journalists last month through an interpreter.

(SOUNDBITE OF ARCHIVED RECORDING)

WANG YI: (Through interpreter) The Chinese government opposes any hacking activities or the theft of commercial secrets, and this is the set policy of the Chinese government, and we have very strict regulations.

WELNA: On the other hand, Wang said, 80 percent of the Chinese government's websites have been hacked, and most of those of cyberattacks, he claimed, have come from the U.S.

But just as China is willing to point a finger, so are some American officials. Director of National Intelligence James Clapper told the same spy satellite symposium last week that China is in his words the leading suspect in the OPM hack.

(SOUNDBITE OF ARCHIVED RECORDING)

JAMES CLAPPER: Please don't take this the wrong way. You have to kind of salute the Chinese for what they did. You know, if we had the opportunity to do that, I don't think we'd hesitate for a minute.

COLIN CLARK: Clapper's saying clearly here, A, I really do want to go after them, and B, it's really complicated.

WELNA: So says Colin Clark. He's editor of the online publication Breaking Defense. Washington, he says, may be nettled, but it does not want to get into a dogfight with Beijing.

CLARK: If you're simply engaging in counter-espionage, you're OK. But, you know, where does counter-espionage begin and end, and where does war fighting begin?

WELNA: And with Chinese President Xi Jinping set to make his first state visit to the White House in September, the muted official response to the OPM hack looks bound to continue. David Welna, NPR News, Washington. Transcript provided by NPR, Copyright NPR.