Julian Hattem at The Hill reports that:
French President François Hollande said on Wednesday that it is “unacceptable” for the U.S. to have intercepted his and two other French presidents’ communications. The French government has reportedly summoned U.S. Ambassador Jane Hartley to the foreign minister’s office, and a top French intelligence official is also reportedly planning to visit the U.S. in coming days to discuss the revelations. "France will not tolerate actions that threaten its security and the protection of its interests,” Hollande’s office said in a statement on Wednesday.
“These are unacceptable facts that have already been the subject of clarification between the US and France,” he added. “Commitments were made by the U.S. authorities. They need to be recalled and strictly respected.”
The indignation is a bit thick, especially coming from the French. Big time governments spy. On friends and on enemies. But it is better not to get caught so as to spare us all the cheap theatrics.
Whatever the NSA may have learned about the intentions of the French leadership, it is a small beer compared to what the Chinese (almost certainly) got from the recent massive hack on U.S. Office of Personnel Management databases. This is very big medicine and would seem, at the very least, to call for some sort of overwhelming digital retaliation. Of which the U.S. must certainly be capable. Hard to imagine that our geeks are, if not the best in the world, then at least world class.
General Michael Hayden, former head of the NSA and the CIA, is unsparing on the U.S. cyber failures here.
Among the general’s insights:
… I do not blame the Chinese. If we determine that China did this, we would be assigning responsibility, but blame is a different matter. I blame China when they penetrate American industry (an unfair nation state vs. private company fight) and rip off intellectual property for commercial gain (something we view as criminal).
This wasn't that. This was legitimate state espionage, one government going after another for information that could contribute to its national security. As Director of the National Security Agency, given the opportunity against similar Chinese information, I would not have hesitated for a second...and I wouldn't have had to get anyone's permission to do it.
And, regarding the government’s response to this catastrophic digital cyber defeat:
The White House directed that all federal agencies conduct a 30-day cyber sprint to apply patches and the other elements of basic cyber hygiene that they apparently had not done in the preceding months and years.
Then OPM, as required by law, began notifying folks whose personal information had likely been compromised. Tens of thousands of emails were sent directing government employees to -- wait for it -- click on the embedded hyperlink to take advantage of the data breach protection services being offered. Recognizing that just such an action (a spear fishing attack) had likely enabled the original breach, the Department of Defense (DoD) directed its employees to trash the OPM message.
As the general sums it up:
This is what serious nation states do. All of them. There is no shame for China here. This is all shame on us.