The White House is finally putting the blame squarely on China for the recent hack of the Office of Personnel Management that compromised sensitive data for over twenty million Americans. The attack was the biggest breach of U.S. government data ever. Coupled with repeated statements by top White House and DoD officials to the effect that cyber attacks could, in theory, constitute acts of war or aggression, this leaves Washington with a difficult question: To retaliate, or not to retaliate?
According to the latest announcement from the Obama Administration, it appears we’re going with “retaliate,” though we don’t know how and when. The New York Times reports:
The decision [to retaliate] came after the administration concluded that the hacking attack was so vast in scope and ambition that the usual practices for dealing with traditional espionage cases did not apply.
But in a series of classified meetings, officials have struggled to choose among options that range from largely symbolic responses — for example, diplomatic protests or the ouster of known Chinese agents in the United States — to more significant actions that some officials fear could lead to an escalation of the hacking conflict between the two countries.
That does not mean a response will happen anytime soon — or be obvious when it does. The White House could determine that the downsides of any meaningful, yet proportionate, retaliation outweigh the benefits, or will lead to retaliation on American firms or individuals doing work in China. President Obama, clearly seeking leverage, has asked his staff to come up with a more creative set of responses.
This underlines just how grey an area cyber attacks are. Given the stakes, it’s alarming that we have nothing but vague answers about what to do when an opponent steps onto our virtual turf. For now, all anybody knows is that we are playing a new game—and no ones’s quite sure what the rules are.