White House confirms, downplays cyber attack
WASHINGTON (AP) — The White House is acknowledging an attempt to infiltrate its computer system, but says it thwarted the effort and that no classified networks were threatened.
White House spokesman Jay Carney told reporters the White House is equipped with mitigation measures that identified the attack, isolated it and prevented its spread.
He said there was no indication that any data was removed.
“There are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network,” Carney said.
Carney described the attack as “spear-phishing” and said such efforts against government computer systems are “not infrequent.” Carney spoke in Henderson, Nev., where President Barack Obama is preparing for his first debate against rival Mitt Romney on Wednesday.
“Phishing” is a tactic that involves sending an email that falsely claims to be from a legitimate enterprise in an attempt to trick the user into turning over information.
Last year, Google Inc. blamed computer hackers in China for a phishing effort against Gmail accounts of several hundred people, including senior U.S. government officials and military personnel. Last November, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.
The White House would not say whether the recent attack was linked to China.
Defense Secretary Leon Panetta, during a visit to China last month, raised the subject of China-based cyberattacks against American companies and the government.
News of the most recent attack came as the Obama administration is preparing an executive order with new rules to protect U.S. computer systems. After Congress failed this summer to pass a comprehensive cybersecurity bill, the White House said it would use executive branch authorities to improve the nation’s computer security, especially for networks tied to essential U.S. industries, such as electric grids, water plants, and banks.
An initial draft of the order included provisions for voluntary cybersecurity standards for companies, a special council run by the Homeland Security Department and a review to determine if existing cybersecurity regulations are adequate.
But by issuing the executive order just weeks before the election, the White House risks complaints that President Barack Obama is anti-business from Republicans and the same pro-business groups that killed the legislation on Capitol Hill. They opposed a Senate bill that they said could lead to costly rules and regulations that would burden companies without reducing the risks.
Sen. Susan Collins, R-Maine, one of only a few Republicans to support the Senate bill, said Monday that an executive order is a “big mistake” because it can’t grant incentives, such as liability protection, to encourage businesses to share information with government agencies about cybersecurity threats and vulnerabilities.
Executive orders are legally binding, but can be reversed by subsequent administrations, and they don’t reflect a consensus as legislation passed by Congress does, Collins said at a cybersecurity event sponsored by The Wilson Center.
“I fear that it could actually lull people into a false sense of security — that we’ve taken care of cybersecurity,” she said. “And the executive order simply cannot do that.”
Associated Press writer Richard Lardner contributed to this article.