The Obama administration has concluded that the recent Chinese cyberattack on the Office of Personnel Management rises above the level of traditional espionage, and that retaliation is the most suitable response to the theft of 20 million American’s personal information. Exactly what the retaliation may entail and when it will come, however, are open questions.
Over the past year, United States government and military computer systems have been compromised by what many believe are foreign governments, including Russian attacks on the White House, State Department and Pentagon, as well as the Chinese attack on OPM. Foreign governments have also been accused of attacking private computer networks, including the highly publicized attack on Sony last December by North Korea and the December 2014 attack on the Sands Casino by Iranians.
Disrupting and deterring future attacks are the two goals of any retaliatory action, but, according to senior officials, the Obama administration has yet to decide what actions are appropriate from a range of retaliatory measures, including diplomatic protests, actions against suspected foreign agents, economic sanctions, and, now, retaliatory cyberattacks on foreign computer networks. Admiral Michael S. Rogers, commander U.S. Cyber Command, has called for deterrence by “creating costs” for hackers, making future attacks less likely. Earlier this year, in response to the Sony hacks, Mr. Obama imposed further sanctions on North Korea by executive order, and has since signed a second executive order authorizing financial and travel sanctions against any foreign nation involved in attacks posing “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
Some experts have cautioned that the new realm of cyberconflict is “dangerous unchartered territory” and could escalate beyond the cyber-stage unless properly and carefully implemented, while others have criticized the U.S. government of inaction in the face of this growing threat. Many see this as the new face of the 21st Century’s Cold War not between enemies, but between economic competitors, requiring new tools for maintaining the balance of power. The fact remains, the United States, China and Russia have dedicated military units preparing for this new theatre of war, including the U.S. Cyber Command, China’s P.L.A. Unit 61398 , and Russia’s newest army division, and the U.S. intelligence community is actively engaged in its own cyber-attacks, which the Washington Post tallied at 231 offensive operations in 2011.
Businesses and citizens are in a precarious position in the wake of these cyber attacks, which raises significant questions concerning the role private entities may hold in this new theatre of war, and their options for responding to attacks by foreign governments.