Despite China’s escalating cyberattacks that are stealing massive amounts of sensitive U.S. government personnel and military data, President Obama still plans to have China’s president as an honored guest in Washington this year, the White House said Wednesday.
Mr. Obama will roll out the red carpet in September for the first official state visit by President Xi Jinping, who is presiding over what analysts say is an increasingly successful effort to raid U.S. government secrets and personal information about millions of current and former federal employees.
White House press secretary Josh Earnest said the administration needs and values China’s help in nuclear talks with Iran, which are reaching a culmination this month. He called China an “active and important participant” in the negotiations.
“We value their contribution to that effort, and they have acted constructively alongside other members of the international community to try to prevent Iran, through diplomatic talks, from obtaining a nuclear weapon,” Mr. Earnest said. “Engaging with China is something that has served this country well. There are going to be some areas with China where we’re able to cooperate and some areas where we’re going to compete.”
The administration hasn’t publicly blamed China for the attack on the Office of Personnel Management computer network, which officials call one of the biggest security breaches in U.S. history, but lawmakers and anonymous administration officials say there is no doubt China is responsible.
The Obama administration estimates that Chinese hackers, even before the digital break-in at OPM, carried out more than 30,000 cyberattacks in recent years as part of an enormous military-industrial spy program. More than 500 of those attacks gained significant access to Defense Department computer systems.
In the attack on OPM, hackers obtained personal information on as many as 4 million current and former federal employees, including hundreds of thousands with security clearances. Some of the information dates back to 1985, raising questions about how the federal government is storing its data.
“If you know that breaches are inevitable, why would you keep data active going back to big shoulder pads, big hair and Reagan?” said Theresa Payton, a top cybersecurity consultant who was the White House chief information officer under President George W. Bush. “We’ve got to change how we think about how much we store, where we store it and who has access to it.”
She said Mr. Obama should use the White House meeting with the Chinese president to get tougher about cyber espionage.
“It doesn’t matter if it’s China, Russia or somebody else,” Ms. Payton said. “There is a clear and present danger with the collection of information about federal employees, intelligence operators and political appointees. I would not cancel the meeting; I would talk to [Mr. Xi] about creating some type of agreement or treaty between the U.S. and the Chinese about acceptable rules of the road.”
Mr. Earnest said the administration has expressed its concerns to the Chinese many times “about some of their activities in cyberspace,” and he noted that the Justice Department has indicted five members of China’s military for carrying out cyberattacks.
But analysts and other government officials say the U.S. warnings have made no appreciable dent in Chinese efforts to infiltrate U.S. government and private computer networks. China has denied the activities and says it, too, is often a victim of cyberattacks.
In a report to Congress last month, the Pentagon said China’s malicious activity in cyberspace is a massive military program.
“China is focusing on counter-space, offensive cyber operations, and electronic warfare capabilities meant to deny adversaries the advantages of modern, informationized warfare,” the report said.
The Pentagon added that Chinese military planners think “the key to seizing ‘cyberspace superiority’ is to deter or stop an adversary by developing and employing offensive cyberspace capabilities.”
In attacks attributed to China, hackers have gained details of the F-35 Joint Strike Fighter’s stealth radar and engine secrets and access to the U.S. Transportation Command’s Single Mobility System, which is used to coordinate troop and equipment deployments during military operations.
The White House and Congress have accused each other of being slow to approve steps to prevent cyberattacks. Administration officials say they are stepping up efforts to install security software called “Einstein 3” at all federal agencies.
Ms. Payton said there hasn’t been significant cybersecurity legislation in 12 years and that measures pending in Congress are focused too much on punishment after an attack rather than detection and prevention.
She said policymakers should offer incentives such as tax breaks or research and development credits for companies to create defenses against cyberattacks.
“I’d actually like to see the Hill and the president think about before a breach happens: Is there something we can do differently, and how do we incentivize companies to think about different designs and different approaches?” she said.