To sanction or not to sanction; that's the question legislators, public onlookers and federal workers have been waffling about since the Office of Personnel Management (OPM) data breaches, and even dating back to the cyber-attack on Sony Pictures in 2014.
In the latter debilitating attack, the US government imposed sanctions on North Korea, the apparent perpetrator. But the government has dragged its feet on putting forth sanctions in the OPM breach, even though it pointed to China as the likely conductor of the major espionage campaign that turned over more than 20 million federal workers' personal information, including that of informants based in foreign countries.
The contentious relationship between the two countries appeared to come to a head over the weekend, ahead of Chinese President Xi Jinping's visit to the White House later this month. China's state news agency, Xinhuanet, reported on September 12 that the two countries reached an “important consensus on combating cyber-crime.”
Jinping's Special Envoy Meng Jianzhu reportedly met with US Secretary of State John Kerry, as well as Jeh Johnson, secretary of the Department of Homeland Security, and Susan Rice, US national security advisor.
The Chinese media outlet reports that this meeting involved both countries stressing their desire to curb cyber incidents. They also emphasized the necessity of enhancing “mutual trust and cooperation in the sphere of cyber-security.”
Meanwhile, US officials remain relatively mum about their diplomatic cyber-security accomplishments. Rice reportedly told Reuters she had a “frank and open exchange about cyber issues.”
While some might point to sanctions against North Korea as evidence enough for imposing sanctions in retaliation for the compromising of OPM's databases, Paul Kurtz, former White House cyber-security advisor and current CEO and founder of TruSTAR Technology, reminded of the serious implications behind that kind of move during an interview with SCMagazine.com.
“It's silly not to have the tool of sanctions available in cyber-space,” he said. “But the ability to use that tool is developed over time.”
In other words, even if sanctions were imposed on individuals or specific groups, it would take months for them to truly take effect.
Instead, he suggested looking at all the tools available to the US government and then determining the best course of action before “pulling the trigger.”
This article was first published by our sister publication SC Magazine.