Rogers mum on OPM attribution, but says hack shows value of data
The country's top cyber official declined to officially attribute the OPM hack to China, but called the intrusion a reminder of how "data has value as a commodity."
Adm. Michael Rogers did not join the chorus of anonymous officials blaming China for the OPM hack.
While plenty of U.S. officials have blamed China for the OPM hack in the media – without attaching their names to the accusation -- none are doing so in public during a week of high-level economic and security talks between Washington and Beijing. The country’s top cyber official, U.S. Cyber Command Commander Adm. Michael Rogers, declined on June 24 to attribute the hack to China, but called the intrusion “another reminder to us … [that] we are in a world in which increasingly data has value as a commodity.”
Nation-states and private groups are aggressively targeting this high-value data, regardless of whether it resides in public or private networks, added Rogers, who was speaking at the GEOINT Symposium at the Washington Convention Center.
Rogers, who also heads the National Security Agency, said U.S. officials’ ability to attribute cyber intrusions to specific actors has improved markedly over the last decade. The investigation of the hack of the Office of Personnel Management, which exposed the personal information of millions of current and former federal officials, is ongoing, he added.
The NSA, with its vaunted cyber capabilities, has had a prominent role in investigating recent major network intrusions, including the hack in November of Sony Pictures Entertainment. For U.S. officials, publicly naming Chinese actors as being behind the OPM hack, if indeed they were, arguably carries more risk than accusing North Korea of sponsoring the Sony Pictures hack. While North Korea is a rogue state, the United States has worked with China in international negotiations to curb Iran’s nuclear program. And though administration officials, particularly those from the Justice Department, have often said they will call publicly call bad cyber actors to account, geopolitics complicates this principle.
White House spokesman Josh Earnest said on June 23 that, as far as he knew, the FBI had yet to make a determination on who was behind the OPM breach, but implied that frank bilateral discussions were going on behind doors on the issue. “After all, that’s the reason that we would invite senior Chinese officials to the United States, so that we wouldn’t have conversations through the media, but actually have an opportunity in a private setting to have a direct face-to-face discussion,” Earnest said.
Josh Campbell, a spokesman for the FBI’s cyber division, said the investigation of the OPM hack is continuing and declined to say whether an attribution had been made. He said that each investigation is unique, and it remained to be seen whether the FBI would publicly present evidence it has collected on the OPM intrusion, as the bureau did after the Sony Pictures investigation.