The Obama administration continues to play down one of the nation’s most damaging Chinese cyber espionage operations in order to maintain a dialogue with China and host a summit for its leader this fall.
Weeks after the discovery that millions of personal records on federal workers was stolen by Chinese hacker in an intelligence operation, the president and his advisers failed to condemned the state-sponsored security breach whose damage continues to worsen almost weekly.
The Obama administration, in a sign of its apparent unwillingness to take any steps against China for the hacking, will go ahead with the hosting this week of the latest Strategic and Economic Dialogue in Washington. The dialogue is known for producing little in the way of tangible results of regular meetings between senior U.S. and Chinese officials. The questionable diplomacy is said its supporters to advance U.S. interests. However, keeping secret the Chinese connection to the cyber attack is likely to encourage further attacks.
Daniel Russel, assistant secretary of state for East Asia, made no mention in a briefing for reporters whether the Chinese role in the OPM hack would be discussed at the dialogue, which begins Tuesday.
Instead, he said cyber security would be discussed in the Strategic Security Dialogue that he said, “really is germane to building a relationship of trust between the U.S. and China. It’s an important common concern.”
China has denied any role in the OPM attack, as it has done in the past when Chinese hacking has been exposed on numerous occasions.
“We don’t always see eye to eye, but the fact is that global challenges require that we cooperate,” Russel said.
The talks are being led by Secretary of State John Kerry and Treasury Secretary Jacob Lew who will meet a large Chinese delegation headed by Vice Premier Wang Yang and State Councilor Yang Jiechi.
The Pentagon ignored the OPM hack in allowing China’s senior general to visit sensitive U.S. facilities, another sign the administration has not taken the threat of Chinese cyber espionage seriously.
Additionally, Obama has no plans to cancel the scheduled summit meeting with Chinese President Xi Jinping in September. It will be the first state visit by the communist leader to the United States. Canceling the visit would have sent a powerful signal to the Chinese. Instead, allowing the visit is clear sign the president and his advisers are not concerned about the data loss affecting the security of the country in fundamental ways.
The latest news reports from Washington indicate that China’s intelligence services were behind the hacking and had access to personal information on tens of thousands of federal employees who have access to secrets.
White House Homeland Security Director Lisa Monaco has no response when asked this week why President Obama during remarks in Germany had failed to condemn the cyber attack on OPM.
Monaco, following administration talking points not to identify China as the culprit, would say only that the administration may impose sanctions or take other unspecified legal, diplomatic or intelligence activities in response.
On Capital Hill, Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee, called the OPM hack perhaps “the most devastating cyber attack in our nation’s history.”
OPM Director Katherine Archuleta, a political appointee, came under fire during a Committee hearing for failing to protect federal data from the Chinese hacking. Archuleta said her main priority since taking over OPM in late 2013 was to improve information security.
“Well, you have completely and utterly failed in that mission if that was your objective,” Chaffetz said. “The information was vulnerable and the hackers got it. I don’t know if it’s the Chinese, the Russians, whoever, else, but they’ve got it. And they’re going to prey upon the American people. That’s their goal and objective.”
During the hearing it was disclosed that the hackers first penetrated OPM’s central personnel data file.
Investigators then learned that data contained in a different database used for screening the 700,000 federal works who have security clearances and must undergo period reviews was also compromised.
Estimates of the number of employees whose data was stolen could range as high as 14 million.
Other details from the hearing included that a zero-day vulnerability was used in the operation.
Archuleta and other officials declined to provide details in the open hearing.
The National Security Agency, the nation’s premier cyber security and intelligence gathering agency, also has joined the investigation of the cyber attacks, along with the FBI and Department of Homeland Security.
DHS assistant secretary Andy Ozment said investigators “have assessed that they have fully removed the adversary from these networks, but it is extremely difficult to have 100 percent certainty in these cases.”
Concerns remain that Chinese hackers may have left behind clandestine software that could be used in cyber warfare or cyber intelligence gathering.