Following a number of recent headline-grabbing breaches, including one at the Office of Personnel Management (OPM) in July which exposed personal data of 21.5 million individuals, a panel of foreign relations experts convened at the Atlantic Council, a think tank in Washington, D.C., to discuss how the U.S. should respond against hackers of both government and private enterprises.
Panelists at the Cyber Risk Wednesday gathering on Aug. 19, sponsored by Passcode, said a formidable response against China, the primary suspect in the OPM incursion, might set a precedent for drawing standards for international cyberconflicts and digital espionage.
But panelists also agreed that more formidable cybersecurity implementations for U.S. networks would be the preferred option rather than saber rattling.
Among the key points made was that in its silence following the OPM hack, U.S. officials are sending a message that espionage of this magnitude does not warrant economic sanctions. The U.S. is unwilling to condemn this act because it doesn’t want to limit its own capabilities in this area, said Robert Knake, the Whitney Shepardson senior fellow for cyber policy at the Council on Foreign Relations.
These activities are “part of traditional statecraft,” agreed Catherine Lotrionte, director of Georgetown University’s Institute for Law, Science, and Global Security. The U.S. has “got to think about … the limits that we want to place on espionage in cyberspace, in the context of what kinds of limits we want to place on ourselves.”
Owing to the secrecy of cyberespionage efforts, discussions today between the U.S. and China cannot be as transparent as were dialogs between Russia and the U.S. during the Cold War, when both countries could acknowledge they were spying on each other, said Jason Healey, senior research scholar at the School of International and Public Affairs at Columbia University.
In fact, Healey said the U.S. should continue to hold back in its espionage operations to lead by example and take the moral high ground.