OPM Breach: Corporate and National Security Adversaries Are One and the Same

On June 5, 1989, images of a lone person standing ground in front of Chinese tanks in Tiananmen Square transfixed the world. On the same day twenty-six years later, the United States government announced one of the biggest breaches of personnel data in history. This breach is already being attributed to China. China has also recently been stepping up its efforts to censor any mention of the Tiananmen Square massacre. The confluence of these two events – censorship of a pivotal human rights incident coupled with the theft of four million USG personnel records – should clarify beyond a doubt China’s intentions and vision for what constitutes appropriate norms in the digital domain. It is time for all of the diverse sectors and industries of the United States – from the financial sector in New York City to the tech industry in Silicon Valley to the government in Washington – to recognize the gravity of this common threat and commit to a legitimate public-private partnership that extends beyond lip service. As the OPM breach demonstrates, the United States government faces the same threats and intellectual property theft as the financial, tech, and other private sector industries. It’s time to move beyond our cultural divisions and unify against the common adversaries who are the true threats to privacy, security, democracy and human rights across the globe.

I attended a “Cyber Risks in the Boardroom” event yesterday in New York City. More often than not, these kinds of cybersecurity conferences will include one panel of private sector experts complaining about government regulations, infringements on privacy, and failure to grasp the competitive disadvantage of US companies thanks to proposed legislation. I have even heard the USG referred to as an “advanced persistent threat.” A government panel generally follows, and bemoans the inability of the private sector to grasp the magnitude of the threat. There is often an anecdote about an unnamed company that refuses government assistant when a breach has been identified, and there’s the obligatory attempt at humor to assuage fears that the government is really not interested in reading your email or tracking your Snapchat conversations.

That did not happen yesterday. The one comment that struck me the most was a call for empathy between the private and public sectors. In fact, at a conference held in the heart of the financial capital of the world, panel after panel reiterated the need for the government and private sector to work together to ensure the United States’ competitive economic advantage. The United States economy and its innovative drive is the bedrock of national security. The financial sector – one of the largest targets of digital theft and espionage – seems to grasp the essential role the government can and should play in safeguarding a level digital playing field. Nonetheless, even in this hospitable environment, cultural and linguistic hurdles, not to mention trust issues, continue to limit cooperation between the financial sector and government.

News of the OPM breach broke just as I was leaving the conference. Many are attributing the breach to China. As someone who lives at the intersection of technology and international affairs, it is impossible to ignore the irony. There continues to be heated debate about US surveillance programs, as well as potentially impending legislation on intrusion software. These debates will not likely end soon, and they are part of the democratic process and freedom of speech that is so often taken for granted. Compare that to China’s expansive censorship and propaganda campaign that not only forces US companies operating in China to censor any mention of Tiananmen Square, but limits any mention of activities that may lead to collective gatherings. Or compare that to China’s 50 cent party, a group of individuals paid by the Chinese government to provide positive social media content about the government. (Russia has a similar program, which extends internationally, including spreading disinformation on US media outlets.) Perhaps even more timely, China iscensoring online discussion about the horrific cruise ship collapse earlier this week on the Yangtze River. This is a very similar approach to that taken following the 2011 train crash that similarly led to censorship of any negative media coverage of the government’s response.

The enormous and historic OPM breach, revealed on the 26th anniversary of the Tiananmen Square protests, should cause the disparate industries and sectors that form the bedrock of US national security to pause…and empathize. Combating common adversaries that threaten not only national security, but also freedom of information and speech, requires a united front. The private and public sectors are much stronger working together than apart. Despite significant cultural differences, there are core values that unite the private and public sectors, and it’s time to put aside differences and work as a cohesive unit against US corporate and national security adversaries—for they are truly one and the same. This does not mean that debates about privacy and legislation should subside. On the contrary, those debates should continue, but must become constructive forms of engagement rather than divisive editorials. Many – especially those in the financial sector – seem to grasp the appropriate role for the government in handling these threats. It’s time to put aside differences and pursue constructive and united private-public sector collaboration to deter the persistent theft of IP and PII information at the hands of the adversaries we all face together.