President Obama said Monday that the massive breach of federal employee records announced last week should prompt a “much more aggressive” response to cyberattacks.
At a press conference in Germany, where he was attending the annual G7 summit, the president said that U.S. cyberdefenses “have to be as nimble, as aggressive, and as well-resourced as those who are trying to break into these systems.”
The breach at the Office of Personnel Management (OPM), the federal government’s human-resources office, compromised the records of 4 million current and former government workers. Some U.S. officials have said that the Chinese government was behind the attack—possibly as part of a plan to build a database of Americans suitable for recruitment as spies—but others have said that it’s still unclear whether Beijing ordered the attack.
Obama declined to blame the Chinese when asked about the attack at the G7 press conference, but one U.S. official told Reuters that the government considered the attack “a matter of national security, meaning it may have originated from a foreign government.”
Congress is considering several cybersecurity bills that promote the sharing of threat information between the government and the private sector. These bills are controversial because they shield companies from legal liability related to the sharing of data. Although that data is supposed to be anonymized, it could be combined with NSA surveillance records to target individual Americans.
In the wake of several high-profile attacks on U.S. businesses, including the devastating breach at Sony Pictures Entertainment that may have been the work of North Korea, cybersecurity has moved closer to the top of Congress’ agenda. The House has passed and combined its two cybersecurity bills into the Protecting Cyber Networks Act (PCNA), and the Senate is likely to pass the Cybersecurity Information Sharing Act (CISA).
Photo via U.S. Department of Homeland Security (DHS)/Flickr (PD)