The Obama administration is drafting an escalating series of actions, including economic sanctions and curbs on doing business in the U.S., to punish China and other nations that persist in hacking its corporate computer networks, according to two administration officials with knowledge of the planning.
The measures have not yet been decided, the officials said, and the administration is moving cautiously as actions being considered include cyber retaliation, which could reveal information about U.S. government and private cyber security capabilities. It could also trigger further online or commercial warfare that would be difficult to contain.
The actions under consideration wouldn’t be targeted solely at China, the officials said, speaking on the condition of anonymity to discuss internal deliberations and classified information. The moves were first reported by the Washington Post.
While the U.S. believes that China is by far the most pervasive and persistent hacker, Russian cyberspies and criminals are generally more sophisticated and have stepped up their actions, especially against U.S. financial institutions, amid tensions over Russia’s actions in Ukraine.
The administration is also conscious of China’s place as America’s second-largest trading partner, a major holder of U.S. Treasuries and an important player in policies toward North Korea and Iran, one of the officials said. The discussions come at a particularly sensitive time, given President Xi Jinping’s visit to the U.S. next month, when he will meet with President Barack Obama.
Still, both officials said Chinese theft of U.S. trade and commercial data has increased despite a series of diplomatic warnings, so officials see no alternative to considering economic sanctions.
One of the officials said other, classified retaliatory actions by the National Security Agency are being considered and some have been taken to punish China for allegedly hacking into U.S. government databases. They said intelligence officials believe China is seeking to expose undercover American officers and find information to blackmail or bribe officials with access to classified information to provide it to China.
Katherine Archuleta, the former director of the U.S. Office of Personnel Management, resigned in July after disclosing that hackers stole personal data for more than 22 million people from her agency in one of the worst security breaches in history. U.S. Director of National Intelligence James Clapper said in June that China is a “leading suspect” in the hack.
China has vehemently denied its government was behind that attack and others that some investigators suspect were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.
“Cyberattacks are usually conducted anonymously and across borders, making them hard to trace back to the source,” Cui Tiankai, China’s ambassador to the U.S., wrote in an Aug. 26 article in National Interest magazine. “Unfounded accusations or megaphone diplomacy will be nothing but counterproductive.”
“Megaphone diplomacy is exactly what we are getting,” said Rosita Dellios, an associate international relations professor at Bond University on Australia’s Gold Coast. “It looks like they are trying to prime Xi into being receptive and playing a role with the U.S. in trying to establish some sort of cybernorms. But it is also unnecessarily disruptive just before Xi’s trip.”
There is widespread concern in the Central Intelligence Agency’s Directorate of Operations, the spy corps, that officers’ private health, marital, financial and other information may have fallen into Chinese hands, said one undercover officer, who also asked not to identified given the sensitivity of the information.
The timing of any move is being debated, the officials said, with diplomats and others arguing that making any kind of announcement or imposing any retaliatory sanctions in advance of Xi’s visit could cause unwarranted damage to ties. Some officials have argued that Obama should warn Xi privately of what will happen if the hacking continues but hold off taking any action to see if China responds.
Such sanctions are already authorized by an executive order that Obama signed in April, the officials said. It calls “malicious cyber-enabled activities” a national emergency and authorizes the Treasury Department to take action against individuals, companies and other entities that engage in it. In announcing it, one of the officials said, Obama noted that such attacks can originate “from a range of sources,” underscoring the possible breadth of the retaliatory actions being debated.
The actions that could trigger retaliation would have to meet a threshold of damage that’s still being debated, the officials said, but high on the list will be impacting the U.S. financial or energy infrastructure, a concern triggered by a destructive hack of Sony Pictures that the U.S. said was carried out by North Korea, and other intrusions into U.S. electric grids and pipelines.