The Obama administration has decided to retaliate against China for a huge cyberattack that targeted a government agency, but has yet to find a method that would deter future attacks, while not provoking an escalating cyber conflict, according to a New York Times report.
Senior officials told the paper that they felt cyberattacks targeting the U.S. would continue to escalate unless the government was able to create costs for attackers, which would curb future security breaches, and that the scope of the most recent attack demanded a response.
The administration has reportedly considered a range of options for retaliation, including diplomatic protests, actions against Chinese agents in the U.S., economic sanctions, and retaliatory cyberattacks on Chinese networks.
The retaliatory attacks reportedly discussed included actions to steal data similar to that breached when the U.S. Office of Personnel Management (OPM) was hacked in June this year. The personal information of 21 million U.S. federal employees, many of whom have access to sensitive information, was stolen.
Concerns among officials that retaliation could escalate the conflict between the two countries mean that thus far, the exact nature of the U.S. response has not been finalized, the paper reported.
U.S. national security officials have recently stepped up public warnings about the dangers of cyberattacks, and urged the importance of developing cyber weapons that are powerful enough to deter future attacks.
“Just as we fashioned a formidable nuclear capability that served us through the Cold War and beyond, I am confident in our ability to keep pace with adversaries,” Adm. Mike Rogers, who is both the military’s top commander for cyber operations as head of U.S. Cyber Command and director of the National Security Agency, said, referring to the need to develop cyber weapons, according to the Los Angeles Times.
Whatever form the U.S. response takes, it is possible that the public may not even be aware of it, officials cited by the Times said. The administration has also reportedly decided against publicly accusing China of responsibility for the OPM hack, as doing so could require exposing details of the United States’ own espionage and cyberspace capabilities, officials told the Washington Post.
In an apparent effort to de-escalate the cyber conflict between them, the U.S. and China agreed to a cybersecurity code of conduct at a summit last month.