Computer whizzes at the National Security Agency were called in only after the Office of Personnel Management detected its network had been penetrated, NSA Director Adm. Michael Rogers said Tuesday night. Ultimately, hackers made off with personal information on millions of national security personnel.
The NSA director doubles as the head of the Defense Department's CYBERCOM.
After the intrusion, "as we started more broadly to realize the implications of OPM, to be quite honest, we were starting to work with OPM about how could we apply DOD capability, if that is what you require," Rogers said at an invitation-only Wilson Center event, referring to his role leading CYBERCOM.
NSA, meanwhile, provided “a significant amount of people and expertise to OPM to try to help them identify what had happened, how it happened and how we should structure the network for the future," Rogers added.
One of the command's missions is to be prepared to defend key U.S. infrastructure, including the dot-gov domain -- but only at the request of the affected organization and when directed by the president, a Defense official told Nextgov, adding that the top priority of CYBERCOM is to defend military networks.
On July 9, U.S. officials disclosed the OPM hackers copied background check information on 21.5 million federal employees, personnel applying for clearances to handle classified secrets, and their families. The information included victims’ psychological profiles, medical histories and other intimate details that could be used by foreign spies to elicit U.S. intelligence.
To secure systems going forward, OPM has publicly said it will, among other things, deploy by March 2016 continuous monitoring tools and experts to detect threats, shift to a whole new IT environment containing tighter security controls and require contractors handling OPM data to let the agency inside their networks.
While Rogers divulged part of the Pentagon's response to the OPM attack, he did not get into specifics on the Pentagon's or any other agency's retaliation for the attack -- if any. The hackers are believed to be Chinese-backed cyber sleuths.
"This is an ongoing topic of debate," Rogers said.
According to The Washington Post, the departments of Treasury and Justice, White House and intelligence community are readying a package of sanctions against China for stealing corporate intellectual property, but the penalties are not retribution for the OPM assault.