US decides to retaliate against China's hacking

US President Barack Obama has asked his staff to come up with a creative set of responses against the Chinese attack

The Obama administration has determined that it must retaliate against China for the theft of the personal information of more than 20 million Americans from the databases of the Office of Personnel Management, but it is still struggling to decide what it can do without prompting an escalating cyber conflict.

The decision came after the administration concluded that the hacking attack was so vast in scope and ambition that the usual practices for dealing with traditional espionage cases did not apply.

But in a series of classified meetings, officials have struggled to choose among options that range from symbolic responses - for example, diplomatic protests or the ouster of known Chinese agents in the US - to more significant actions that some officials fear could lead to an escalation of the hacking conflict between the two countries.

That does not mean a response will happen anytime soon - or be obvious when it does. The White House could determine that the downsides of any meaningful, yet proportionate, retaliation outweigh the benefits, or will lead to retaliation on American firms or individuals doing work in China. President Obama, clearly seeking leverage, has asked his staff to come up with a creative set of responses.

"One of the conclusions we've reached is that we need to be a bit more public about our responses, and one reason is deterrence," said one senior administration official involved in the debate, who spoke on the condition of anonymity to discuss internal White House plans. "We need to disrupt and deter what our adversaries are doing in cyberspace, and that means you need a full range of tools to tailor a response."

In public, Obama has said almost nothing, and officials are under strict instructions to avoid naming China as the source of the attack. While James R Clapper Jr, the director of national intelligence, said last month that "you have to kind of salute the Chinese for what they did," he avoided repeating that accusation when pressed again in public .

But over recent days, both Clapper and Adm Michael S Rogers, director of the National Security Agency and commander of the military's Cyber Command, have hinted at the internal debate by noting that unless the United States finds a way to respond to the attacks, they are bound to escalate.

Clapper predicted that the number and sophistication of hacking aimed at the United States would worsen "until such time as we create both the substance and psychology of deterrence."

Admiral Rogers made clear in a public presentation to the meeting of the Aspen Security Forum last week that he had advised President Obama to strike back against North Korea for the earlier attack on Sony Pictures. Since then, evidence that hackers associated with the Chinese government were responsible for the Office of Personnel Management theft has been gathered by personnel under Admiral Rogers's command, officials said.

Admiral Rogers stressed the need for "creating costs" for attackers responsible for the intrusion, although he acknowledged that it differed in important ways from the Sony case. In the Sony attack, the theft of emails was secondary to the destruction of much of the company's computer systems, part of an effort to intimidate the studio to keep it from releasing a comedy that portrayed the assassination of Kim Jong-un, the North Korean leader.

©2015 The New York Times News Service