Hard on the heels of reports that China and Russia are busy using stolen U.S. government data to identify American intelligence officers and assets, comes word that the Obama administration is considering retaliatory sanctions against Russian and Chinese targets.
According to a Reuters report, anonymous U.S. officials phrased these sanctions as specifically targeted against Russian and Chinese individuals and private companies, not the government, and they would be a reaction to commercial cyber-espionage against American targets, not the mother of all data breaches at the Office of Personnel Management.
Private-sector cyber espionage is certainly a valid concern, but the report is all a lot of vague muttering without any specifics. Reuters’s sources said “no final decision has been made on imposing sanctions.”
None should be expected any time soon, either: “A move against Chinese entities or individuals before Xi’s trip, the officials said, is possible but unlikely because of the strain it could put on the top-level diplomatic visit, which will include a black-tie state dinner at the White House hosted by President Barack Obama.”
Even if sanctions are imposed, great care will be taken to avoid ruffling feathers in Beijing or Moscow. “The sanctions Washington is currently considering would not target suspected hackers of government data, but rather foreign citizens and firms believed responsible for cyber attacks on commercial enterprises,” one official told Reuters, without naming any potential targets—ostensibly out of concern that advance warning could give the targets time to hide their assets.
White House spokesman Josh Earnest repeated that talking point verbatim: “It would be strategically unwise for us to discuss potential sanctions targets because that would only give the potential targets of sanctions the opportunity to take steps that would allow them to evade those sanctions.”
Many Chinese and Russian individuals linked to potential computer espionage have significant ties to their respective governments, making strong sanctions against them—potentially strong enough to cut the targets off from American money altogether and destroy them—unlikely from a diplomatic perspective. Perhaps a sacrificial lamb or two will be chosen in China, in order to demonstrate Beijing’s oft-stated intolerance for cybercrime. Given recent market events in China, there are probably a few usual suspects the politburo wouldn’t mind rounding up.
There is much talk of the administration’s ire and menacing language about “tools in the toolbox to confront this particular challenge,” as Earnest put it. But the reality is that China and Russia retain the plausible deniability necessary to conduct cyberwar offensives and blame the results on “renegade hackers.” At best, we might hope a message has been sent that the OPM hack, and a few other high-profile attacks on U.S. government and corporate targets, crossed a line that must not be crossed again.