The federal government has finally decided how to publicly handle an OPM data breach that compromised over 20 million federal employee records this past June.

Rather, they’ve decided what they aren’t going to do about it.

Citing concerns over national security, the Obama Administration has decided that they will not publicly blame China for the hack, even though conventional wisdom (and a fair amount of now-public evidence) suggests that they were responsible. Officials fear that coming out in an official capacity against Beijing will compromise what evidence investigators have been able to assemble.

More from WaPo:

“We have chosen not to make any official assertions about attribution at this point,” said a senior administration official, despite the widely held conviction that Beijing was responsible. The official cited factors including concern that making a public case against China could require exposing details of the United States’ own espionage and cyberspace capabilities. The official was among several who spoke on the condition of anonymity to describe internal deliberations.



U.S. officials stressed that the administration has not ruled out economic sanctions or other punitive measures for the OPM breach. “We’re still teeing up options” for Obama and his national security team, a second U.S. official said.

The senior administration official said that the government could impose new sanctions on China without publicly linking it to the attack, and “then send a private message that said, ‘Oh, and by the way, part of the reason for this is OPM.’ ”

It’s a pickle.

It is perfectly reasonable to want to protect the status of our intelligence capabilities; if the US opens the door to a formal complaint against China, we also open the door to a stampede of hackers eager to show the world just how adept the United States of America is at gathering intelligence about the rest of the world. The problem with running on that theory is that by doing so you’re thrown accountability out the window.

Ars Technica explains:

Given that the Obama administration has made a show out of placing blame on the Chinese government for attacks on US businesses—including the filing of charges by the Justice Department against members of China’s alleged military hacking unit—not taking action over the government employee data breach could send a signal to adversaries that such attacks on the US government are fair game. Robert Knake, senior fellow at the Council on Foreign Relations and a former Director for Cybersecurity Policy at the National Security Council, told the Post, “We’re effectively saying you can do in cyberspace a volume of spying that is far greater than we ever could have during the Cold War and there will be fewer consequences for it.”

This is true, and it’s not far off the mark that Obama has set on other matters of foreign policy. The US is committed to peaceful coexistence with a hostile universe, and the world knows it.

But also consider…

But one Obama administration official said that filing indictments or taking other actions directly based on the OPM attack could backfire. “If you start trying to indict members of their intelligence service for conducting this type of espionage,” the official asked rhetorically, “what’s the response going to be? Are they going to start to indict NSA guys?”

Anyone else want to be a fly on the wall at the NSA the day that happens?

We’ll keep you updated on the status of the investigation.