NSA Chief: Don’t Assume China Hacked OPM

Michael_Rogers.jpg

The US military’s top cyber warrior says it’s merely an “assumption” that the Chinese government was behind the recent hack at the Office of Personnel Management, or OPM — and not necessarily one he shares. That puts Adm. Michael Rogers, (pictured) commander of US Cyber Command and director of the National Security Agency, in opposition to unnamed sources within the US government who blamed Beijing in June 4 interviews with the New York Times and Washington Post.

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

The OPM hack may have exposed as many as 18 million records of government employees and job applicants, including people who applied for—and received—top-secret clearances.
Rogers’s hedged response, given during a question-and-answer session at the GEOINT symposium in downtown Washington, comes in stark contrast to the NSA’s approach to attribution during the Sony hack. In that case the FBI, working with the NSA and DHS, quickly named North Korea as the perpetrator, resulting in the prompt issuance of sanctions.
Rogers called that a great example of cross-agency collaboration. “Working across the United States government, DHS, FBI and the National Security agency, we were able to relatively quickly come to consensus about the characterization of the activity we were seeing coming in, which formed the basis of our attribution, and with a relatively high confidence factor, which allowed us to respond in a very public and direct way.”

If you’re a conservative politician or a presidential candidate, there’s a good chance that you believe that the Chinese government is behind the OPM hack and that the Obama administration is being too easy on Beijing. Sen. Susan Collins, R-Maine, who serves on the Senate Intelligence Committee, told the Associated Press on June 5 that Beijing backed the intrusion. She called it “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”

More recently, former Arkansas governor and 2016 GOP presidential hopeful Mike Huckabee wrote on his blog, “We should hack the cell phones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe-out a few critical Chinese computer systems.”
The Obama administration has been more reluctant to publicly blame the Chinese government. “I can’t promise you that we’ll be in a position at any point in the future to make a grand pronouncement about who may have been responsible for this particular intrusion,” White House press secretary Josh Earnest said at a June 9 briefing.

The cybersecurity group FireEye says it’s “highly confident” that Chinese hackers did it, based on the kind of cables and telecommunications equipment involved, the type of data stolen, and the specific backdoors that the thieves used. “These backdoors, they’re commonly used by Chinese threat actors,” Michael Oppenheim, the intelligence operations manager at FireEye, told Defense One.
Oppenheim stopped short of formally accusing the Chinese government but added, “We believe that this aligns with Chinese interests.”
Oppenheim said that he was sympathetic to Rogers’s reluctance to formally attribute the breach to the Chinese government. “For someone in his position, you want to be 100-percent sure,” he said.
Meanwhile, we asked Rogers: what is he doing to shore up defenses or retaliate for the hack? “Now tell me,” he said, “you really think that as the director of the NSA and US Cyber Command, I’m going to talk to you about that?”

DefenseOne:

 

« Data Security and Loss of Control Killing Cloud?
Hackers target Polish airline carrier LOT »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.