The White House refuses to publicly blame China for hacking the
By declining to tell the truth about China, we abandon a core tenet of cyber deterrence theory: public attribution. The administration knows this.
In April, the
So why is the administration officially staying silent? Inside Washington, two rationales have been floated. But to the 21 million Americans who had their information stolen — many of whom work in our defense and intelligence communities — one of these rationales isn’t compelling and the other is downright disturbing.
The administration’s first — and flimsiest — justification for staying silent is that attributing the attacks to China could force us to reveal our own intelligence sources and methods. This is wrong. Telling the truth about China doesn’t disclose our own capabilities. We’re not taking China to court. We don’t have to publicly file the intelligence and analysis that informs our judgments.
Instead, we could do what we did with the North Korean hack of Sony Entertainment Pictures — we simply said we had our reasons for concluding
The administration’s second, more concerning, justification for not publicly blaming the Chinese is that doing so could force the United States into taking some type of retributive action, sparking a rapid escalation between Washington and
Since 2013, the
Americans know security matters are sometimes handled in discreet ways out of the public view. Maybe the same bureaucrats who couldn’t identify the hack for more than a year are now planning an intricate and clandestine cyber response that will teach the Chinese a lesson and preclude a cyber standoff. Maybe, but there is reason to be skeptical.
Instead, many are concerned that Washington has neglected cyber security for so long that we now find ourselves in a dangerous position. We know what we need to do — aggressively deter cyber attacks — but we are unable to do so because we are too vulnerable to those very threats.
Something big has to change.
We need to do a serious scrub of our cyber threat assessments, of our defensive posture against online attacks, and of our offensive cyber doctrine. We can’t be passive anymore. We can’t sit in silence and naively hope that we’ll somehow still manage to preserve our national interests or our way of life.
Perhaps the administration has a different reason for not publicly blaming China for the OPM attack. If they did, it is in direct contradiction to their own cyber strategy. If they are silent out of duress, however, it underscores the essential point that we’ve got a lot more to worry about than just the loss of social security numbers and ruined credit scores. Our national security is at stake.