US retaliation for OPM hack could set precedent in global cyberconflict
Passcode was the exclusive media partner for an event with the Atlantic Council exploring how the US should respond to attacks such as the Office of Personnel Management breach.
After the recent string of high-profile breaches such as the one at the Office of Personnel Management, many experts and international policymakers are watching closely at how the US may retaliate against suspected hackers.
When it comes to digital spying, international norms are noticeably absent; there's little precedent for聽how nations should retaliate to each other's聽network attacks.聽So a strong聽American response against China, the leading suspect in the OPM hack, could be a first step in establishing norms for international cyberconflicts and digital espionage.
At an event hosted by the Atlantic Council think tank in Washington on Wednesday, a聽panel of security experts debated various possibilities for US responses聽to the multitude of digital attacks on government agencies and private聽corporations. Passcode was the exclusive media partner for the Cyber Risk Wednesday event focusing on hacks, attacks, and what the US can do about it.
Here are three things we learned:
1. The US is careful about setting parameters on cyberespionage so it doesn't limit its own operations.
The US has聽spoken out publicly against certain kinds of attacks 鈥 destructive digital attacks, stealing intellectual property, and stealing personally identifiable information for private companies' gain, said聽Robert Knake, the Whitney Shepardson senior fellow for cyber policy at the聽Council聽on Foreign Relations.
But聽its聽relative silence after the聽OPM breach聽could leave other nations to interpret that the US does not consider the theft of government data for non-private benefit to be off-limits, he said.聽
The message the US might be sending other countries, Mr. Knake said, is:聽鈥淚f you鈥檙e stealing this information for traditional espionage purposes, it doesn鈥檛 cross this red line ... and it鈥檚 not the kind of thing that we would use economic sanctions for.鈥
2. Starting a global dialogue about digital espionage has many challenges because of its secrecy.
Discussing traditional espionage with Russia during the cold war was relatively straightforward because both Washington and Moscow acknowledged their role in spying on each other, said Jason Healey, senior research scholar at the School of International and Public Affairs at Columbia University.
But talking to China about digital attacks is tough,聽because Beijing's public stance聽is that "we don't engage is this," he said. "Both for practical reasons, as well as potential for advantage, we can try and shift that.鈥
3. To thwart digital spying by other countries, the US could advocate the moral high ground and lead by example.
According to Mr. Healey, the US should continue showing restraint in espionage operations. 鈥淲e don鈥檛 care if others show that restraint. We鈥檙e going to show restraint because of who we are,鈥 he said.
Two Notable Quotes:
鈥淲e haven鈥檛 deterred anyone,鈥 said聽Catherine Lotrionte, director of Georgetown University's Institute for Law, Science, and Global Security.聽Ms. Lotrionte said she doesn't believe that the current position of the US on digital attacks will keep future attackers at bay.聽
鈥淲e鈥檝e got to think about ... the limits that we want to place on espionage in cyberspace, in the context of what kinds of limits we want to place on ourselves," Knake said.聽
Notable tweet:
Correction: A previous version of this article incorrectly spelled the name of Catherine Lotrionte. This version has been corrected.聽