U.S. officials have blamed Chinese government-backed attackers for many of the recent cyber attacks on U.S. government and business computer networks: “Researchers and government officials have determined that the Chinese group that attacked the office [of Personnel Management] was probably the same one that seized millions of records held by the health care firms Anthem and Premera.” U.S. Was Warned of System Open to Cyberattacks (The New York Times, June 5, 2015). According to a report by NBC News, the National Security Agency determined that China has been responsible for more than 600 cyber attacks on U.S. government, corporate, and private networks over the past five years. Last Thursday, U.S. Director of National Intelligence James Clapper told the House Intelligence Committee that Chinese cyber espionage continues to target a “broad spectrum of U.S. interests,” including national security information, sensitive economic data, and intellectual property. Chinese Cyber Spying Targets Broad Array of U.S. Interests: Clapper (The New York Times, Sept. 10, 2015).
On September 11, President Obama said more about such Chinese cyber attacks: “‘We’ve made very clear to the Chinese that there are certain practices that they’re engaging in that we know are emanating from China and are not acceptable.’ . . . The president said that the United States would have to respond more rapidly to cyberattacks, which would require a coordinated response from the military, intelligence agencies and the private sector.” Obama Talk With Troops Covers Syria and China (The New York Times, Sept. 11, 2015).
The Interim Department of Defense Cyber Rules released August 26, 2015, should be seen as part of the “coordinated response” described by President Obama. As Hilary Cairnie, Leader of BakerHostelter’s Government Contracts practice, and I explain in Law360, the new rules require all DOD contractors and subcontractors to promptly report cyber attacks to a central DOD clearinghouse and to take additional steps to protect DOD data.