The Obama administration is drafting an escalating series of actions, including economic sanctions and curbs on doing business in the U.S., to punish China and other nations that persist in hacking its corporate computer networks, according to two administration officials with knowledge of the planning.
The measures have not yet been decided, the officials said, and the administration is moving cautiously as actions being considered include cyber retaliation, which could reveal information about U.S. government and private cyber security capabilities. It could also trigger further online or commercial warfare that would be difficult to contain.
The actions under consideration wouldn’t be targeted solely at China, the officials said, speaking on the condition of anonymity to discuss internal deliberations and classified information. The moves were first reported by the Washington Post.
While the U.S. believes that China is by far the most pervasive and persistent hacker, Russian cyber spies and criminals are generally more sophisticated and have stepped up their actions, especially against U.S. financial institutions, amid tensions over Russia’s actions in Ukraine.
The administration is also conscious of China’s place as America’s second-largest trading partner, a major holder of U.S. Treasuries and an important player in policies toward North Korea and Iran, one of the officials said. The discussions come at a particularly sensitive time, given President Xi Jinping’s visit to the U.S. next month, when he will meet with President Barack Obama.
Still, both officials said Chinese theft of U.S. trade and commercial data has increased despite a series of diplomatic warnings, so officials see no alternative to considering economic sanctions.
One of the officials said other, classified retaliatory actions by the National Security Agency are being considered and some have been taken to punish China for allegedly hacking into U.S. government databases. They said intelligence officials believe China is seeking to expose undercover American officers and find information to blackmail or bribe officials with access to classified information to provide it to China.
Katherine Archuleta, the former director of the U.S. Office of Personnel Management, resigned in July after disclosing that hackers stole personal data for more than 22 million people from her agency in one of the worst security breaches in history. U.S. Director of National Intelligence James Clapper said in June that China is a “leading suspect” in the hack.
China has vehemently denied its government was behind that attack and others that some investigators suspect were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.