mead cohen berger shevtsova garfinkle michta grygiel blankenhorn
The Best Offense
Former CIA Head: OPM Hack was “Honorable Espionage Work”

Former Director of the CIA General Michael Hayden, speaking at a The Wall Street Journal-sponsored event about the recent hack of the U.S. Office of Personnel Management, said Chinese hacking of U.S. government records is “honorable espionage work” of a “legitimate intelligence target.”

“This is a tremendously big deal,” he said. “My deepest emotion is embarrassment.”

Beijing has officially denied responsibility for the attack, which yielded what could be one of the biggest and most valuable troves of U.S. data ever stolen. But according to cyber security experts, all signs point to Chinese hackers or even, as Hayden asserted in his presentation, the Chinese state. Wisely and clearheadedly, he doesn’t blame the Chinese for the success of their cyber offense, but emphasizes instead the failure of America’s cyber defense. More:

“To grab the equivalent in the Chinese system, I would not have thought twice. I would not have asked permission…This is not ‘shame on China.’ This is ‘shame on us’ for not protecting that kind of information.”

The White House hasn’t said how many records were compromised, but it is expected to have been millions of files dating back more than a decade.

Hayden’s stance is notable especially in contrast to recent reports of how the White House was viewing the breach as late as Friday:

At the White House, officials said that Mr. Obama was weighing the use of an executive order he signed in April that allows the Treasury secretary to impose sanctions on individuals or groups that engage in malicious cyberattacks, or people who benefit from them.

“This newly available option is one that is on the table,” said Josh Earnest, the White House press secretary.

Presumably cooler heads in the intelligence community echoed sentiments similar to Hayden’s to President Obama, as we haven’t heard much about the use of retaliatory sanctions since last week. But at the same time, we can’t blame the White House for being angry and trying to come up with some response. Much like when your home has been broken into, a hack feels like a violation, and brings feelings of helplessness. Hopefully, the vast scope and the potential repercussions of this breach will focus bureaucratic brains in Washington on beefing up the cyber defenses of our critical government systems. And then, perhaps, they can turn their minds even more seriously on all the other vital infrastructure out there that can be compromised.

This is unfortunately a struggle without end, less like an unwinnable war than like a human body fighting off viruses that are constantly finding new weaknesses in us. It is impossible to completely harden the defenses of systems that grow more complex with each passing year as technology gallops on. The only solution is to be constantly aware of the threat, and to be vigilant.

And to remember that even the most competent security measures can be circumvented using age-old techniques:

(Credit: XKCD)

Features Icon
Features
show comments
  • Andrew Allison

    At last, somebody had the guts to put the breach in its proper context.

    • Boritz

      The saga won’t be complete until some high official takes “full responsibility” for the breach happening on his watch — then keeps his job with total impunity.

  • Kevin

    Just because the French homorably captured Minorca in 1756 didn’t mean the British didn’t shoot Admiral Byng for losing it. When those charged with defending the nation screw up badly they need to go, “pour encourager les autres”.

    • f1b0nacc1

      Remember, they didn’t shoot Byng for losing the island, but rather for failing to intercept the French ships, as he was ordered. There is a significant difference here (in one case a punishment for a defeat, and in another punishment for failing to act as ordered…the latter is far more serious), and Byng’s example did indeed ‘encourage les autres’…..have a chat with the late captain of the Graf Spee, for instance…

  • http://www.camalg.co.uk/ Nigel Sedgwick

    Firstly, in most circumstances, discovery (or knowledge otherwise) of a successful espionage attack against one goes some way towards mitigating the damage. However, in this particular case with the alleged disclosure of significant information on just about everyone working for the federal government, such discovery/knowledge is much less useful: how can one protect in practice against potential blackmail of all federal government employees.

    Secondly, protections against computer hacking are (or should be) the responsibility of the computer system architects and operational staff. In this particular case, a major part of the problem looks to be keeping too much (aggregated) data at risk in a single (logical) computer location. IMHO, this is quite a common failing – cyber security is thereby and purposefully subjugated to operational convenience – with the decision to ‘tolerate’ that weakness often being made by those without the training or judgement to understand and balance the risks.

    Finally and differently, on the cartoon (and I’m sure Randall Munroe knows this), disc encryption is also required, if the attacker has unrestricted access to the laptop hardware. Furthermore, most laptop commercial disc encryption is still vulnerable to expert attack.

    Best regards

© The American Interest LLC 2005-2016 About Us Masthead Submissions Advertise Customer Service