White House debating actions to retaliate against foreign cyberattacks

SAN FRANCISCO — The White House is debating what actions will be taken to retaliate against individuals and countries that launch cyberattacks against the United States.

White House Cybersecurity Coordinator Michael Daniel on Thursday said officials might consider financial sanctions, visa restrictions and military action as tools to use against foreign hackers who target U.S. networks. However, the U.S. is still weighing when a cyber incident will prompt a response from the federal government.


"It's really a question that we're still debating and debating vigorously, and we need to debate within the government and as a society," Daniel said during a speech at the RSA cybersecurity conference. "What I can say is that once we decide a federal response is warranted though, there's still a broad spectrum of actions we could take."

The State Department could also leverage its diplomatic powers to push countries to crack down on hacking activities from within their borders, Daniel said.

The White House had hinted at possible actions it could take in response to cyberattacks and cyber theft of intellectual property, but Daniel's speech marks the first time it has given specific examples.

The cyber chief stressed that the U.S. government's response to cyberattacks will be "cautious” and take into account the broader implications for foreign policy.

"As a matter of policy, the government's responses will be cautious and incremental, and more robust federal responses have a higher threshold to cross for too many reasons," Daniel said.

Daniel warned that the consequences of misattributing an attack in cyberspace can be steep.

"The risk of missed attribution, missed calculation and escalation in cyberspace are very real," he said. "As a government, any action we take in cyberspace must be considered against its possible foreign policy implications and our desire to establish international norms of acceptable behavior in cyberspace."

"We don't want our response to something that's annoying to harm our relationship with other nations, or worse yet, result in a physical conflict,” Daniel said. "We don't want to create a truly unstable new normal that would tell other countries that it's OK to intervene on U.S. networks, something that advocates of hacking don't often stop to think of."

Cyberattacks stemming from China have dominated headlines in recent days. A widely publicized report from security firm Mandiant said an elite military unit of Chinese hackers in Shanghai has waged an extensive hacking campaign against U.S. companies.

The administration has been cautious in its response to the report and a series of hacker attacks that hit The New York TimesThe Washington Post, Apple and other companies.

In his keynote, Daniel made a brief mention of China. He said the U.S. plans to "maintain a meaningful dialogue with the world's largest cyber actors, countries like China, and work together to develop an understanding of acceptable behavior in cyberspace."

Following the release of the president's cybersecurity executive order earlier this month, Daniel said the White House plans to continue its push for cyber legislation. The White House wants Congress to pass legislation that improves information sharing about cyber threats, promotes the adoption of cybersecurity standards by critical infrastructure operator, equips law enforcement with tools to combat hacking crimes and establishes a unified data breach notification law.

He also made an appeal to the industry representatives in the audience to help the government successfully implement the measures in the order, including helping the Commerce Department craft a set of cybersecurity best practices and standards for industry to adopt.