This past Thursday, the Office of Personnel Management (OPM) released a statement that a cyber intrusion was detected in April. In the attack, which according to those familiar with the case, originated in China. The personal information of 2 million current and 2 million former federal employees’ was reportedly stolen.
Chinese hackers attacked OPM last year—again in the search for federal employees’ personal data. Cyber attacks such as these will continue to be a persistent problem and put the private information of those in the public and private sector at risk.
While the recent attack is still being investigated, there have been no reports that the attack was state sponsored. The Chinese government denies that the attack originated in their country and points to the fact that the origin of cyber attacks is hard to identify.
The attack last week reportedly began in December 2014. It wasn’t until the OPM upgraded to the U.S. Computer Emergency Readiness Team’s Einstein program, which tracks unauthorized traffic for government agency networks, that the breach was noticed. Some officials believe that this attack could affect other agencies.
While the Chinese government has scoffed at U.S. allegations that the attack originated in China, Foreign Ministry spokesman Hong Lei has called for “more [] cooperation.” It would be good to receive China’s support in establishing the source of the OPM attack, but harsh realities exist on both sides. While the Chinese officials call for evidence the U.S. may hold, the U.S. side will keep secret the methods it’s used to uncover the attack in order to protect its security programs. Meanwhile, there are questions about how much the Chinese side would cooperate in finding the culprits, especially if the investigation were to expose any Chinese state involvement.
This recent attack shows that the U.S. and China have not changed their stances on cybersecurity, and it shows that federal agencies continue to be at risk of cyber intrusions. Securing our federal agencies’ information and working to increase the cooperation and sharing of information between agencies must continue to be a priority.
For more information on cyber attacks, see:
The Heritage Foundation report on federal cyber breaches in 2014
The Heritage Foundation report on cyber attacks on U.S. private companies in 2014