WASHINGTON -- The White House is acknowledging an attempt to infiltrate its computer system, but says it thwarted the effort
A White House official said last week's attack targeted an unclassified network. He said the attack was identified and that the system was isolated to prevent spread. He said there was no indication that any data was removed.
The official, who was not authorized to speak on the record about the attack, said there was no attempted breach of classified systems. The official described such “spear-phishing” attacks as “not infrequent.”
Last year, Google Inc. (Nasdaq: GOOG) blamed computer hackers in China for a phishing effort against Gmail accounts of several hundred people, including senior U.S. government officials and military personnel. Last November, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.
The White House would not say whether the recent attack was linked to China.
Defense Secretary Leon Panetta, during a visit to China last month, raised the subject of China-based cyberattacks against American companies and the government.
News of the most recent attack came as the Obama administration is preparing an executive order with new rules to protect U.S. computer systems. After Congress failed this summer to pass a comprehensive cybersecurity bill, the White House said it would use executive branch authorities to improve the nation's computer security, especially for networks tied to essential U.S. industries, such as electric grids, water plants, and banks.
An initial draft of the order included provisions for voluntary cybersecurity standards for companies, a special council run by the Homeland Security Department and a review to determine if existing cybersecurity regulations are adequate.
But by issuing the executive order just weeks before the election, the White House risks complaints that President Barack Obama is anti-business from Republicans and the same pro-business groups that killed the legislation on Capitol Hill. They opposed a Senate bill that they said could lead to costly rules and regulations that would burden companies without reducing the risks.
Sen. Susan Collins, R-Maine, one of only a few Republicans to support the Senate bill, said Monday that an executive order is a “big mistake” because it can't grant incentives, such as liability protection, to encourage businesses to share information with government agencies about cybersecurity threats and vulnerabilities.
Executive orders are legally binding, but can be reversed by subsequent administrations, and they don't reflect a consensus as legislation passed by Congress does, Collins said at a cybersecurity event sponsored by The Wilson Center.
“I fear that it could actually lull people into a false sense of security -- that we've taken care of cybersecurity,” she said. “And the executive order simply cannot do that.”