The White House

Office of the Press Secretary

Press Briefing by Press Secretary Josh Earnest, 6/5/2015

James S. Brady Press Briefing Room

1:08 P.M. EDT
 
     MR. EARNEST:  So I don’t have anything at the top.  So, Darlene, we can go straight to your questions.
 
     Q    Thank you.  On the hacking, has the administration wrapped its head around how far-reaching this hack may be?  And can you say which agencies or how many of them have been affected or breached?
 
     MR. EARNEST:  Darlene, the scope of the reported cyber intrusion is something that continues to be under investigation by the Federal Bureau of Investigation.  They are experts in this field, and they are working actively to understand exactly the scope of this particular intrusion, but also to determine who is responsible and to make sure that we can take steps that are necessary to hold the individuals who are responsible for this incident.
 
     Q    Does the administration believe that China, or hackers based inside of China are responsible?
 
     MR. EARNEST:  No conclusions about the attribution of this particular attack have been reached at this point.  As I mentioned, this is something that’s still under investigation.  Obviously, even preliminary aspects of an investigation can steer you in one direction or another.  But there’s still a lot of work that needs to be done to get to the bottom of this particular incident.
 
     So, if and when any announcements are made in that regard, those are announcements that will come from the FBI that’s leading this investigation.
 
     Q    Would the administration consider using some authority that the President has to sanction overseas hackers and companies that knowingly the benefit from cyber attacks?
 
     MR. EARNEST:  Well, Darlene, you’ll recall that back in April, the President, using his executive authority, signed an executive order giving the Treasury Department additional authority to use economic sanctions to punish or hold accountable those who are either responsible for a cyber intrusion, or are benefitting from one.  This is an example of the President using his executive authority in a way that reflects and demonstrates his comprehension of how significant the cyber risk is right now.
 
     The federal government, as well as state governments, as well as private entities, including media organizations like yours, understand that we’re confronting a persistent and dedicated adversary.  The threat is ever-evolving.  And it is critically important for us to make sure that our defensive measures that are intended to prevent these kinds of intrusions reflect that ever-evolving risk.
 
     Q    Does what happened suggest in any way that all the work the President has done over the past few years to engage China and the government there, and the leadership on the cyber attack or the cybersecurity issues, that that has failed?
 
     MR. EARNEST:  Well, Darlene, again, I can’t get into any conclusions that have been reached about who or what country may be responsible for this particular incident.  But when it comes to China, you all know that the President has frequently -- including in every single meeting that he’s conducted with the current Chinese President -- raised China’s activities in cyberspace as a significant source of concern.
 
     I think this was on display for everybody last year when the Department of Justice announced the indictment of five Chinese military officials for cyber crimes.  That’s an indication that our law enforcement professionals certainly take the broader cyber threat very seriously and are aware of the threat that is emanating from China.  And the President will continue to raise these concerns and ensure that the federal government has defenses that reflect this threat.
 
     Roberta.
    
     Q    Does the government understand at this point how the hackers got in?
 
     MR. EARNEST:  At this point, Roberta, these are the kinds of questions that continue to be under investigation by the FBI.  So I don’t have information to share at this point.  Some of this information is -- or some of the details, these kinds of details are not yet known and are still under investigation.  Some of these details are starting to emerge from the investigation. 
 
But what’s also true anytime that these kinds of investigations are being conducted is that there is risk associated with making public what exactly our investigators have learned.  And the reason for that is that we’re dealing with a persistent adversary; and in some cases, the less they know about what we know about what they did, the better.  And so we’re certainly mindful of that as we talk about this in public.
 
At the same time, the federal government has an obligation -- and this is an obligation that we also take very seriously -- to communicate directly and promptly, and in as much detail as possible, with those who may be personally affected by this particular incident.
 
So, as you know, the Office of Personnel Management will begin, on Monday, informing individuals whose information may have been compromised in this particular incident.
 
Q    And will the government be able to tell the individuals exactly what information was compromised, or will it be kind of a general notification -- you may have been breached?  How much will people know about what information they lost to these hackers?
 
MR. EARNEST:  What we will strive to do is to provide as much information as possible, and that information will be as detailed and as personalized as possible.  But obviously we're talking -- the reports about the scope of this incident are significant and so there will be some limitations in our ability to do that.  But we will be as detailed and as specific as possible in providing information to those who may have personally been affected.
 
     Q    And once the FBI gets to the point in its investigation where it has a better sense of what exactly has happened, is it a given that there will be attribution?  Or will that be a decision made at that point?  I mean, I know that we know in the Sony case that there was attribution.  But was that the exception rather than the rule?
 
     MR. EARNEST:  Well, I think that even looking at the cyber incidents that have occurred over the last 18 months or so, I think there are a number of things about the Sony incident that make it unique.  And we treat each of these incidents both very seriously but also separately because each has their own degree to which they have an impact on the general public and on the broader policymaking process when it comes to ensuring that government resources are sufficiently defended from this kind of threat. 
 
     So we encounter these incidents when they occur and make specific decisions about what aspects of the investigation we're prepared to make public. 
 
     Q    So it's not a given that there will be attribution in this case?
 
     MR. EARNEST:  That's correct.
 
     Mike.
 
     Q    Two questions about the hacking.  There were apparently some pretty tough IG reports over the last few years that had said specifically that the security at OPM in their systems was woefully lacking.  And I guess I wonder how it is that a President who has been talking about this issue for so long has allowed the systems to remain unfixed and thus kind of open to this kind of attack.  And I have a second question.
 
     MR. EARNEST:  I’d point out a couple of things.  The first is that the federal government and certainly the Obama administration takes very seriously the need to defend federal government computer networks from cyber intrusions like this one.  The administration takes very seriously the need to mitigate those kinds of intrusions if and when they are detected on the network.  And we take very seriously, as evidenced by the executive order that I referred to earlier in the briefing, the need to have tools to respond appropriately to these kinds of incidents. 
 
     And when it comes to trying to protect these networks, the Department of Homeland Security does have a specific strategy that relates to both their CDM program -- this is the Continuous Diagnostics and Mitigation program.  This is essentially software that is shared with a wide variety of federal government agencies to protect their networks.  There also is the EINSTEIN program -- this is something that I know was included in many of your stories last night.  Einstein is essentially an intrusion detection and prevention system, and this is something that the Department of Homeland Security is working with federal agencies to implement.
 
     The thing that I can tell you is that there are iterations of this program, and as innovations and improvements to the program are made there is the need to implement those upgrades.  And what I can tell you is that sort of the third level, the third generation, if you will, of the EINSTEIN program was scheduled to be completed and implemented across federal government agencies in 2018.  That implementation period has been accelerated, and now we anticipate that what is essentially called “EINSTEIN 3” should be implemented across all federal civilian agencies next year.
 
     And again, that reflects an acceleration of the previous plans to ensure that the necessary measures were in place to protect the federal computer system. 
 
     One last thing -- and I’ll let you get to your next question -- which is this, is that the threat that we face from our adversaries is a persistent one.  And anytime we’re talking about any kind of activity in cyberspace, we’re talking about activity that is frequently and regularly evolving.
 
     And we have seen our adversaries use innovative techniques and to learn from their previous efforts to try to find vulnerabilities in our system and to exploit them.  And that means that our defenses, and those who are responsible for protecting these systems, need to be vigilant about constantly updating and reviewing our security measures to make sure that our computer systems and the data that they hold are safe.
 
     Q    And I’ll just do this one since it’s on the same question.  That’s a general response to the sort of government -- a government-wide response.  Can you specifically respond to the fact that there were people telling you guys that specifically OPM’s computer networks were not secured and were inadequate to the task, and those changes weren’t made?  How come?
 
     MR. EARNEST:  Well, for those specifics, Mike, I’d refer you to OPM who can talk to you about any specific concerns that may have been raised by their system.  But I think what is relevant to this discussion --
 
     Q    -- had come to you then, you guys wouldn’t have been concerned about security at the --
 
     MR. EARNEST:  Of course we’re concerned about the security; that’s why we’ve taken the steps that I referred to earlier.  As it relates to the details that were in place to protect this one agency’s computer network, I’d refer you to that agency for more details about it.
 
     But what is always -- but I think as a general matter, what’s relevant to this discussion is the simple fact that the threat that we face is ever-evolving, and that means that our defenses need to be ever-evolving.  So to say that our computer systems in the federal government are at risk is not news.  We understand that there is this persistent risk out there. 
 
     This is a risk, by the way, that is shared by the private sector.  All of the computer networks at your organizations are also at risk.  And you have dedicated professionals that do the same thing, which is make sure that you’re using as much technology as possible and that you remain vigilant about protecting those systems and using defenses that can be regularly updated and modified to reflect the threat environment.
 
     Q    So somebody is going to dig that report out and make the changes that it suggests?
 
     MR. EARNEST:  Well, again, I haven’t seen the report.  You should talk to OPM about that.  My point is that even setting the report -- regardless of what it said -- aside, it is a simple fact that in the 21st century, that all of the computer networks on which we interact on a daily basis -- whether that’s at work, or when we’re checking our email, or purchasing an airline ticket -- that there is risk associated with that.  And that those computer networks that we rely on to obtain that email, or to buy that airline ticket, or to do our regular work at the office is conducted on computer networks that are under a persistent threat.
    
     And we rely on our technological -- our technology experts to make sure that we are vigilant about this threat and that we have defenses that reflect the persistent and ever-evolving threat that’s out there.
 
     Michelle.
 
     Q    In the past, with hacks like this, it’s been discussed sort of in a general sense, regardless of the potential source, of how the entry was gained.  Was it through somebody’s personal information, or was it a hack into the system -- whether it was through the front door, as cyber experts say or not.  Can you give us any more insight on this one -- whether it was through the obtaining of legitimate information that they got in, or through some other means?
 
     MR. EARNEST:  I don’t have that kind of detailed information about this specific matter.  As you know, Michelle, it continues to be under investigation by the FBI, and so I don’t have any information I can talk about publicly.
 
     Q    Okay.  And because it was discovered in April and it's only coming to light now, and the notifications start next week, why would the notifications start so late after discovery?
 
     MR. EARNEST:  Well, I think, Michelle, the thing that’s important is to understand exactly what this timeline is.  That based on what we know now, this intrusion into the OPM system occurred in December.  As a result of the ongoing efforts by the OPM and agencies across the federal government to update our defenses and update our ability to detect intrusions, the OPM detected this particular intrusion in April.  It wasn’t until May that they were able to determine that some data may have been compromised and potentially exfiltrated.
 
     And abiding by the best practices that we have urged private sector organizations to adopt, we’re taking steps to notify those who may have been potentially affected within 30 days of confirming that some of the information was compromised and potentially exfiltrated. 
 
     So we have worked very hard to live up to the high standard that we have established.  And that’s consistent with what industry experts tell us is a best practice and one that should be implemented both in the public sector but also in the private sector.
 
     Q    And how would the administration characterize the risk to the people who were affected?  I know in the sheet that the OPM sent out they mentioned monitoring your credit rating.  But do you see this as that kind of potential threat, that they would be looking for fraud?  I mean, U.S. investigators are already saying they believe it was the Chinese government.  And even if you can talk in a general sense to past hacks that we think came from a state, what do you see the target really being?  Why would hacks like this want that kind of information?
 
     MR. EARNEST:  Well, again, all these are legitimate questions, but the answer to these questions are exactly the kinds of things that are under investigation by the FBI right now.
 
     Q    But in past cases, where it’s believed to be a state actor looking for information about employees -- I mean, in some of the cases, it was obviously corporate was the target; in other cases it was the White House or State Department computers.  Can you even say in a general sense what you think such a target would be?
 
     MR. EARNEST:  Well, again, as a general matter, we know that there are a variety of actors that pose a threat to our computer networks.  In some cases, there are state actors.  In some cases, there are individuals that are acting on behalf of states.  In some cases, these are simply criminal enterprises.  And the goals of each of those organizations or individuals is different.  In some cases, it's simple espionage that a foreign government is conducting.
 
     We’ve raised significant concerns about economic espionage that some companies -- and even some states -- engage in.  This is something that -- this is the concern that we have frequently raised with the Chinese government.  In some cases, we’re just talking about raw criminal enterprises; that there are individuals that are out there looking to steal somebody’s identity so that they can use that information to get money that they otherwise aren’t entitled to. 
 
     So we’re very aware of the variety of actors that are out there and the variety of motivations that would prompt these individuals or entities to take action.  Again, trying to determine who the individuals were in this case and what their motivation is in this case is something that continues to be investigated by the FBI.
 
     Q    We just heard a former Deputy Secretary of the Department of Homeland Security saying, just in the past hour, that there is much more we could be doing -- this is Jane Lute saying this -- but we’re not doing it.  How would you respond to that?
 
     MR. EARNEST:  Well, I would respond to that by urging all of you to take a look back at the President’s schedule over the last four or five months, and I think that will give you a very clear sense of how focused he has been on this particular issue.  You’ll recall that shortly after returning from the holidays, that the President rolled out specific cybersecurity legislation that we called on Congress to pass.  This is information -- or this is legislation that would make it easier for the private sector to share information about cyber threats.  It would establish this national uniform standard for 30-day notification for individuals that may be affected by a cyber intrusion.  It would also update the tools that our law enforcement professionals can use to defend our computer networks but also to hold accountable those who are responsible for carrying out these acts.
 
     The President mentioned this cybersecurity legislation in the State of the Union address and urged Congress to pass it.  The thing I would point out is that since the President submitted those specific three pieces of legislation to Congress in January, and since he challenged them to pass it in his State of the Union address, we’ve seen very little action from Congress.  And the fact of the matter is, what we need is we need not just improved efforts on the part of the federal government; we actually need to see improved coordination between the government and the private sector on these matters.  And that effort to coordinate requires congressional action. 
 
And the fact is, we need the United States Congress to come out of the Dark Ages and actually join us here in the 21st century to make sure that we have the kinds of defenses that are necessary to protect a modern computer system.  And we have not seen that kind of action in Congress.
 
     But the President has continued to act.  The President, you’ll recall, convened a cybersecurity summit at Stanford University in February.  This was an opportunity for him to bring together leaders in the public and private sector -- individuals who are responsible for maintaining corporate computer networks, as well as experts in technology to discuss this issue and to discuss how the public sector and private sector can work more effectively together to protect the American people and to protect both public and private computer networks from this threat.
 
     You’ll recall that while he was at the cyber summit, the President signed an executive order that would streamline information sharing across the federal government to make sure that we were nimbly responding to threats that one particular agency may be seeing.  You’ll recall at the end of February that the President, again, took executive action to create the Cyber Threat Intelligence Integration Center.  This essentially is an interagency working group that’s modeled on the National Counterterrorism Center.  The idea behind this is essentially that there are a variety of government agencies -- some of them law enforcement agencies, some of them not -- that are responsible for responding to these kinds of incidents.  And by making sure that there are representatives of those organizations at the table, we can make sure that information is shared among agencies and that the responses can be more efficient and that necessary steps can be taken more quickly.
 
     And then, as I mentioned in response to Darlene’s question, back in April the President signed an executive order authorizing the Department of the Treasury to use financial sanctions to hold accountable those individuals who may have perpetrated a particular incident or may benefit from it.
 
     So the fact is, the President has been very focused on this and taken a number of steps to demonstrate how seriously he takes this issue, but we haven’t seen Congress do a single thing.  And the fact is, this is a very serious matter.  It does pose a significant threat not just to the American people, but also to our national security and to our economy.  And the President has done a lot of the hard work here.  He and his team have actually written legislation.  All we need Congress to do is take the vote to pass it.  And hopefully news of this particular incident and the seriousness with which it’s being treated, not just by the administration but by the news media, will prompt some rare congressional action.
 
Mark.
 
Q    Yes, Josh, I want to go back to the EINSTEIN program that you were talking to Michael about.  The acceleration you described, was that in reaction to this specific incident?
 
MR. EARNEST:  No, this is actually something that our -- that DHS officials had recently concluded that they could do; that essentially they had this longer-term period for trying to implement this software across federal civilian agencies, and they recognized that there was a need to accelerate this implementation.
 
Q    How recently?
 
MR. EARNEST:  I would say in recent months.  I don’t know -- I don’t have an exact date for you.
 
Q    Has it been concluded that this EINSTEIN 3.0, if that’s what it is, would that have actually stopped this intrusion or caught this intrusion?
 
MR. EARNEST:  Well, again, we’re still trying to determine exactly the scope of this particular intrusion and how precisely some individual or group of individuals was able to obtain access to the system.  So it’s too early to say exactly what impact the Einstein system would have had.
 
But there’s no denying that making sure that we have cutting-edge technology to reflect the evolving threat that we see in cyberspace is critically important to the safety and security of our computer networks.  And that’s why it’s being deployed.
 
Q    One more broader question, if I may.  What you’ve described, that step and some of the other steps you’ve talked about seem awfully reactive, closing the barn door.  Are we ever going to get to the point where we’re ahead of the curve on this?
 
MR. EARNEST:  Well, I think -- that’s a good question.  And there are a couple of ways I think that we can do that. 
 
The first -- this may seem like it’s a reactive step, but it actually is a way for us to be very proactive in responding to this threat, and I think it’s in some ways a good illustration of what we face.  Because our adversaries out there are so persistent and, frankly, very innovative, that one thing that we know that we can do -- that our experts say would greatly enhance not just the government’s computer networks but also private sector networks -- is to improve information sharing.  What we see is we see that computer hackers will often use the same kind of technique to exploit a wide variety of computer systems.
 
So if we can get to a situation where if one particular company recognizes this particular, specific kind of intrusion or a strategy that’s being adopted by an adversary to try to penetrate their computer networks, rapidly sharing that information across the federal government and throughout the private sector can make sure that all of these other agencies and all of these other companies are oriented to respond to that particular threat.
 
So in some ways, that is responding quickly to one particular incident, but it is a way for us to allow a wide variety of government agencies and private sector networks to actually get ahead of the curve in trying to prevent an incursion on their network. 
 
The problem is that in order to facilitate that kind of information sharing between the private sector and the federal government, including law enforcement authorities, it requires an act of Congress.  And we have not seen Congress take that step.  But again, we’re hopeful that an incident like this might prompt some rare congressional action in this field.
 
Jim.
 
Q    There’s been some speculation that this is a different kind of cyber attack; that this is an attack that involves simply information gathering, perhaps not for criminal activity.  What is the current analysis from the White House and from the intelligence agencies about what they might be looking for?  What should Americans know about what the bottom line is at the end of this, if they’re just gathering information about us?
 
MR. EARNEST:  Well, this is -- trying to determine who exactly was responsible and what their motivation may have been is something that is still being looked at by the FBI.  And so I wouldn’t speculate at this point what exactly that is. 
 
What I can tell you, though, is that regardless of who it is and regardless of what their ultimate aim is, the administration takes this very seriously and recognizes it as a threat to our national security and a threat -- potentially a threat to our economy, but certainly some risk that is being put upon a significant number of current and former federal government employees.  And we take this very seriously, and I think that’s why you’ve seen such a serious response from the federal government in reaction to it.
 
Q    But you don’t know or can’t say at this point what might be at the end of the line -- if they’re just gathering personal information not to steal identities or to use it in a criminal way -- what they would be looking for.  Why would they be wanting to have this huge database of names and addresses and Social Security numbers and other things?
 
MR. EARNEST:  Well, as I mentioned, Jim, at this point we’re still trying to assess who exactly was responsible for this incident and what their motivation may have been.  It’s possible, though not guaranteed, that as this investigation progresses and as we are able to settle on some more information about the identity of these individuals and their motivation, we might be able to share more of that in public.  But it’s not something I can promise at this point.
 
Q    Can you say now, is it a cyber attack?  Is this what the United States would consider an act of war?
 
MR. EARNEST:  Well, again, it’s not clear yet who exactly the perpetrators are.  It’s unclear whether or not this was a state actor or a group of individuals, or an individual acting on behalf of a state, or if this was just a more run-of-the-mill criminal enterprise.  So again, at this point it’s hard to say something as definitive about it as you just did.
 
Q    But if it was a state actor, does that, by definition, in fact make -- does the White House consider that an act of war?
 
MR. EARNEST:  Well, again, I wouldn’t speculate at this point what our reaction would be.  But this is something we take very seriously.  It is a high priority.  And again, setting this particular incident aside, we have raised concerns in the past, with China in particular, about their behavior and their activity in cyberspace, and it resulted in one instance, last summer, of five military officials -- five Chinese military officials being indicted by the Department of Justice for their activities in cyberspace.
 
Wyatt.  Nice to see you.
 
Q    Thank you.  Earlier, administration sources, though, were pointing a very strong finger at China.  They were saying that it was strongly suspected that there were direct or indirect links to China.  So can I understand what you’re saying right now -- is that no longer true?
 
MR. EARNEST:  What I’m saying is that this is an incident that continues to be under investigation by the FBI, and part of their investigation includes trying to get to the bottom of who exactly was responsible for this incident, and what is it that they were representing.  Were they just part of a criminal enterprise?  Were they acting alone?  Were they acting in support of a particular foreign government?  We are gathering more information that’s related to reaching that conclusion, but that’s not something that we’re prepared to discuss right now.
 
The other thing that I will say is that even if a conclusion is reached about who is responsible, I can’t guarantee necessarily that our law enforcement professionals will assess that making that information public is in the best interest of their investigation.
 
Q    But can I understand whether given the strong suspicions that these officials indicated before, are you walking that back?
 
MR. EARNEST:  What I’m saying is that I don’t have information that I can provide to you about who precisely was responsible for this incident.  I can merely tell you that the FBI is conducting an investigation as to determine who precisely was responsible and what their motivation was.
 
Q    You know that the Chinese Foreign Ministry earlier today called the finger-pointing and the blame toward China irresponsible on the part of the United States.  Can you respond to that?
 
MR. EARNEST:  Well, since that’s not something that I’m doing, I’m not going to respond to that.
 
Let’s move around to the back.  Steve.
 
Q    A couple days ago, the House passed an amendment with 297 votes, which is a veto-proof majority that would prohibit prosecutions against people who possess cannabis oil for children with seizures.  This is an issue that a lot of state legislatures have now legalized this.  People are moving their families to places like Colorado so that their kids -- they say the seizures end when they get this drug.  Is this something that the White House is interested in pursuing and might be willing to sign?
 
MR. EARNEST:  Steve, I have to admit I’m not aware of this particular piece of legislation; it sounds like an amendment to some other piece of legislation.  But we can look into that for you and see if that’s something that we’d be willing to sign.
 
Q    And on another issue, which sort of falls on Cheryl’s question yesterday about trying to get a budget deal.  The thing that the Speaker continually asks the White House for some clarity on is whether the White House is willing to do something that it did on the doc fix, which is come up with a solution for the sequester that deals with entitlements, cuts entitlements in the future, and doesn’t include a tax increase.  That's something that happened on the doc fix.  Is that something that would be acceptable to the White House as negotiations go forward on the budget?
 
     MR. EARNEST:  Steve, we've long been clear that any sort of effort to try to continue to protect our fiscal situation -- we've obviously made substantial progress in reducing our deficit.  Since President Obama took office, we've reduced the deficit by nearly two-thirds.  And that is a result of a variety of steps that the administration has taken and that the administration has worked with Congress to achieve.  And that's everything from reducing spending to actually raising tax rates on the wealthiest Americans.  Responsibly drawing down a large number of military personnel from Iraq and Afghanistan also play a part in that as well.
 
     And the President is justifiably proud of the record of fiscal responsibility that he’s imposed even in the midst of a lot of economic turmoil.  And to be in a situation where we both prevent a second Great Depression and currently enjoy the longest uninterrupted streak of private sector jobs growth -- as a result of the report today, we're now up to 63 consecutive months -- while also reducing our deficit by two-thirds I think is a testament to the leadership that this President has shown when it comes to healing what was a very broken economy when he took office.
 
     What we have urged Congress to do is to consider a bipartisan agreement that would allow us to make the necessary investments both in our national security and in programs that are critical to our economy -- particularly middle-class families.  And the kinds of budget proposals that we've seen from Congress would make significant cuts in both those areas, and in some cases they would actually use accounting gimmicks to try to get around the sequester limits that were previously imposed. 
 
     What the President has advocated is a balanced approach, not asking middle-class families to bear the entire weight of trying to confront these situations in a fiscally responsible way.  And we continue to be confident that if Democrats and Republicans are willing to sit down together on Capitol Hill and reach a bipartisan agreement, that that would be in the best interest of the country, it would be in the best interest of our economy, and I suspect they’d be able to find something that the President would be able to sign.
 
     Q    The doc fix deal did not have a tax increase.  It did cut entitlements.  Is that potentially a model the White House could live with?  Even though I know you want the Buffett Rule, you want to have some taxes on the wealthy, are there ways that you could envision a package that the President would sign that’s not going to have a tax increase as a prerequisite?
 
     MR. EARNEST:  Well, Steve --
 
     Q    Because the Speaker says this is a deal-breaker:  If the President is not willing to say this at the beginning, we don't really have anything to talk about. 
 
     MR. EARNEST:  Well, again, I guess then I would ask him what position then is he going to take to try to advance the budget legislation.  We've seen -- and this was true last year and there are early indications that it's true this year -- I think there are plenty of members of the House Appropriations Committee who’d tell you that based on the specific sequester levels that are established in the Republican budget, that they can’t pass specific appropriations bills at those levels.  They can’t even pass them through committees that are dominated by Republicans.  How are they ever going to get 60 votes for those bills in the United States Senate?  They simply won’t be able to. 
 
And that’s why it’s not just the President’s preference; it’s going to be necessary for Democrats and Republicans to sit down together and figure out funding levels that are in the best interest of our national security and the best interest of our economy.
 
     I know that Speaker Boehner has indicated an openness to this kind of approach already.  This is an approach that was used very effectively a couple of years ago when it was led by Senator Murray and Chairman Paul Ryan.  And we’re hopeful that a similar strategy can be designed this time around to achieve a similar result.
 
     Q    You’re not saying from the podium a tax increase has to be part of this?
 
     MR. EARNEST:  Well, I don’t recall that a tax increase was associated with the Murray-Ryan agreements either.  I could be wrong about that.  What we have said is that that is the model that should be pursued. 
 
     Ed.  Nice to see you, Ed.
 
     Q    Good to see you.  On the Iran nuclear deal, is June 30th a firm deadline, yes or no?
 
     MR. EARNEST:  Ed, what we have been clear about is that over the course of the last year and a half, the United States and our P5+1 partners -- this is essentially the permanent members of the United Nations Security Council and Germany -- have been negotiating with Iran to try to find a diplomatic solution to preventing them from obtaining a nuclear weapon.
 
     Q    And that deadline of June 30th.
 
MR. EARNEST:  Yes, and what we have said is that after a year and a half, or what will be close to two years by the time June 30th rolls around, we should be able to reach an agreement. Now, what’s also true is that at the end of April -- or at the end of March, which was the deadline for the political agreement, it took an extra day or two in order for us to move this across the finish line.  But we do regard June 30th as a firm deadline.
 
     Q    So it is, maybe a couple days into July, but that’s it?
 
     MR. EARNEST:  Yes.
 
     Q    Taliban 5.  Did the U.S. government try to turn the Taliban 5 into intelligence assets?
 
     MR. EARNEST:  Ed, I have to admit I’m surprised you asked because the intelligence matters are not matters that I frequently discuss from here and so there’s obviously very little I can say about that.
 
     Q    I wasn’t asking for details, but in general.  I mean, the President took a lot of heat for that deal.  Was there another element to it that made him think this could be worth it despite the political heat?
 
     MR. EARNEST:  Well, even as a general matter, this is an intelligence matter that I won’t be able to discuss from here.
 
     Q    Okay.  Several times, on the hack, you talked about this being a threat to national security and that our adversaries were penetrating the computer networks of the government and private companies and whatnot.  Given all of that, do you think it made sense for the President’s Secretary of State Hillary Clinton to have a private server?
 
     MR. EARNEST:  Well, Ed, that’s a creative way to inject that line of questioning into this discussion.  (Laughter.)
 
     Q    Perhaps.  On the other hand --
 
     MR. EARNEST:  I’ll give you credit for that.  I mean that as a compliment, not as a criticism.  What I would say is I’m not qualified to render judgment about what sort of vulnerability that may have created.  But I suspect there’s a Fox News analyst that does have sufficient technical capabilities to render a judgment on that, but that’s not --
 
     Q    You repeatedly at this podium just in the last 40 minutes or so -- threat to national security, our adversaries are out to get us.  Does the current Secretary of State have a private server?
 
     MR. EARNEST:  I think the point is, Ed, that this is a threat that is faced by federal government computer networks.  It’s a threat that is faced by state government computer networks.  It’s also a threat that is faced by private sector computer networks.  It’s also a threat that is faced by news media organizations and their computer networks.  And so we’re mindful of all of that, and we take that risk very seriously.
 
Q    Couple of quick ones on this.  Since you used the word “adversary” several times, does the President consider China to be an adversary?
 
MR. EARNEST:  Well, again, particularly because we have raised concerns about -- let me just be real -- I want to be real clear about this.  I can’t speak to who may or may not have been responsible for this particular incident, but just as a general matter, we have raised significant concerns about the way that China and individuals acting on behalf of the state of China have acted in cyberspace.  And that has actually resulted in our law enforcement professionals deciding to indict five Chinese military officers because of their conduct in cyberspace, because of concerns -- or because of evidence that they had that their illicit cyber activities were actually in pursuit of cyber espionage and possibly even economic espionage.
 
So we take this threat very seriously, and we do have legitimate concerns about the way that China has acted in this regard.  And there are specific steps that we have asked them to take to improve their behavior.
 
Q    But when the President hosted President Xi at Sunnylands two years ago this month, I believe it was, for a little summit, he talked about cooperation and working together. And so, since you keep throwing around the word “adversary” and your concerns potentially about China and others, are you still planning to host President Xi for a state visit this year?
 
MR. EARNEST:  Yes, of course.  And there are a variety of areas where China has worked effectively with the United States to pursue our national security interests.  The Iran negotiations that we were just talking about -- the P5+1, our partners who are conducting these negotiations, includes China, and they have been an effective partner as we have pressured Iran to come to the negotiating table and take serious this opportunity for us to prevent Iran from obtaining a nuclear weapon through diplomacy.
 
And there are a variety of countries in the world, including China, where we have significant concerns about some aspects of their behavior.  But our relationship is complex enough that there are areas where we can continue to cooperate.
 
Kelly.  Nice to see you, too.
 
Q    Thanks.  Good to be with you.  You talked about the timeline, that December was when the first infiltration took place and by May you knew that there had been exfiltration of data.  Is it your understanding this was sort of a rolling breach where those perpetrators were able to kind of root around inside the system for multiple attempts?  Or was it just a long period of time between December to May to discern what had been taken?
 
MR. EARNEST:  I think it is -- that’s a difficult question to answer because so much of this continues to be under investigation.  I think what is true is that, based on what we know now, we do believe that this individual or group of individuals intruded on the system back in December.  And while we were in the process of continuing to update the defenses of the OPM computer network, in April, we detected that intrusion, and in May, we determined that some of the data may potentially have been exfiltrated.  And in response to that potential, we’ve taken the steps that were announced last night to begin notifying those individuals who may potentially have been affected.
 
Q    So it’s a single event, not a perpetrator using the same door in again and again.
 
MR. EARNEST:  Well, again, I wouldn’t rule out -- trying to determine the scope of what this adversary may have done is something that is under investigation.
 
Q    When you consider the timeline of when the President was notified, any difference in practices here at the White House or for senior administration or key departments based on once you were aware of this breach in terms of some of the IT security?
 
MR. EARNEST:  Well, I can say, as a general matter, that even our IT professionals here in the federal government work very hard, pursuant to the executive order that the President signed earlier this year, to make sure that they are quickly and efficiently sharing information so that other agencies can be oriented to the threats that are out in cyberspace. 
 
And I don’t have any specific steps that I can share with you at this point about measures that have been taken to shore up our defenses in response to this threat.  But certainly our computer security professionals are aware of how significant this particular incident is and will want to take the necessary steps to ensure that an incident like this doesn’t happen again on this network, but also doesn’t happen on other federal government networks.  But that’s going to require the continued vigilance of our national security team to make sure that the kinds of defenses that need to be in place to protect our networks are regularly updated and that they’re revised to reflect the ever-evolving threat that we face.
 
Q    One last one.  If it comes to the point where you can assess who the perpetrators are and it is a state actor, or whatever the circumstances may be, given the amount of attention, does the U.S. response or retaliation need to be something you identify publicly?  Whether it’s diplomatic or it would be a counter cyber-attack, would you identify it publicly so the American people would know how you respond?
 
MR. EARNEST:  Not necessarily -- again, for a couple of reasons.  The first is that our law enforcement professionals who are conducting this investigation may determine that it’s not in the best interest of that investigation to make public some aspects of this operation that they’ve learned about.  And that may include them determining that they don’t want to talk extensively in public about who exactly is responsible.  But if we have information on this that we can share, we’ll try to do that.
 
Carol.
 
Q    When you talk about the legislation that’s pending in Congress, the cyber security legislation, are you saying that that would have prevented an attack on the United States?
 
MR. EARNEST:  It’s too early to determine at this point what precisely would have prevented this particular cyber intrusion.  But what is beyond argument is that these three pieces of legislation that the President sent to Congress five months ago would significantly improve the cyber security of the United States -- not just the federal government’s cyber security, but even our ability to protect private computer networks.
 
And that’s because there is information -- or there is legislative action that’s required essentially to require the kind of information-sharing that we would like to see between law enforcement officials and the private sector, to mandate a 30-day national standard for notification, and to make sure that our law enforcement officials have all the tools they need to both defend these networks but also to hold accountable those who try to infiltrate them. 
 
Q    And can you provide some clarity on the information that was taken and not taken?  For instance, did it involve people’s security clearances?
 
MR. EARNEST:  What I can tell you is that the Office of Personnel Management holds a lot of personally identifiable information of both current and former federal government employees.  I’d refer you to them for more details about what exactly may have been exfiltrated from their system.  But given the information that they hold, we take very seriously the threat that is associated with this particular intrusion. 
 
Angela.
 
Q    Thanks, Josh.  On the data that has been breached, following up on that question, how much is actually known?  Even if you can’t say whether security clearance information was taken, is it known precisely what data was compromised?
 
MR. EARNEST:  Well, let me answer that in two ways.  The first is that the precise scope of this particular activity is something that’s still under investigation.  So I don’t think that we can tell you with a whole lot of detail what precisely was taken.  We are aware that this breach may have resulted in a substantial amount of data potentially being exfiltrated, and we’re concerned about that.  For more details about what exact data may have been exfiltrated, I’d refer you to OPM who may be able to give you some more details.  But I don’t think that they’ll be able to speak with any precision about the amount or specifics about what was taken.
 
Q    What about government contractors?  Does this apply to them, too, or just to actual government employees?
 
MR. EARNEST:  I believe that this only applied to federal government employees, but you should confirm that with OPM. 
 
Q    And then, finally, on the timeline.  You mentioned that the FBI continues to investigate.  Is there an idea of how long it will take to reach a conclusion on the motives and perpetrators of this?
 
MR. EARNEST:  I don’t have a timeline to share with you, but you can check with the FBI, who is conducting the investigation, and they may have a timeline they can give you.
 
Jim.
 
Q    Was the breach discovered by EINSTEIN 2?  And is EINSTEIN 2 considered obsolete now that you’re planning to replace it with EINSTEIN 3?  And if so, what’s the shelf life of an EINSTEIN?  (Laughter.)  
 
MR. EARNEST:  I don’t have information about what exactly resulted in the detection of this particular intrusion.  I know that the Department of Homeland Security and a variety of federal agencies have found both the Einstein system and the CDM system useful in protecting these systems and mitigating intrusions, and in some cases, even preventing intrusions.  But in this particular instance, I can’t say with any specificity exactly what prevented -- or what led to the detection of this particular incident.
 
What I would say about EINSTEIN 2 is that it still provides valuable protection from threats that we face.  What our national security professionals are committed to is making sure that we are capitalizing on every innovation out there and spreading it as widely as possible to try to offer the best possible protection of federal computer networks.  And so that’s why they’ve accelerated the timeline in which they expect to implement EINSTEIN 3.
 
John. 
 
Q    Thanks a lot, Josh.  Tomorrow, the President, prior to traveling to Germany for the G-7, in the morning he’s going to travel up to Wilmington to attend the service of Beau Biden.  What are the President’s thoughts as he’s set to deliver the eulogy on what will clearly be a very somber day?
 
MR. EARNEST:  John, I have not had the opportunity to talk to the President specifically about what he’s planning to convey in his eulogy.  I can say, as a general matter, that over the last seven or eight years the Obama family has grown very close to the Biden family and the President did have a personal relationship with Beau Biden.  I think it was evident from the written statement that we issued on Saturday night shortly after the Biden family announced Beau’s passing that the President was feeling, in a very personal way, this loss.  And while he is -- and his family are, of course, saddened by Beau’s death, I know he’s also looking forward to spending some time tomorrow celebrating Beau’s life, that he was a remarkable individual, he was a remarkable public servant, and talking in a personal way about his knowledge of who Beau was, about his character, about the way that he felt about his family, about the way that he felt about his country.  I think it will make for a pretty powerful morning tomorrow morning. 
 
Goyal.
 
Q    Thank you.  Two questions -- thank you very much.  One celebrations have been going on in India one year after Prime Minister Modi’s (inaudible) and he has been traveling a number of countries as (inaudible) in India and also talking about business and the economy and the relationship.  And of course, he was in the U.S.  If the President has spoken with him recently as far as U.S.-India relations are concerned on his agenda?
 
MR. EARNEST:  Goyal, I don’t have any recent presidential conversations to share with you.  I do know that the President, as he discussed on his trip to India back in January, is committed to further intensifying the relations between our two countries.  I know that Secretary Ash Carter was in India earlier this week, and I think that reflects the depth of the relationship between the United States and India, that so many of the issues that we often talk about are related to how we can expand economic opportunity in both of our countries.  There’s also an opportunity for us to deepen our security cooperation, and that was the subject of some discussion when Secretary Carter was in India earlier this week.
 
Q    And second, now India has a new ambassador, Mr. Arun Singh, in Washington, and also the U.S. has a new ambassador in Delhi, Mr. Richard Rahul Verma.  Mr. Verma -- Ambassador Verma was recently speaking at Carnegie and also today at the CSIS.  And of course, Ambassador Singh was speaking at the U.S.-India Business Council across the street.  Both of them were saying about making the relationship -- about moving forward U.S.-India relations and all.  My question is, as far as Secretary Carter and these two ambassadors, was it carrying any messages from the President back and forth?
 
MR. EARNEST:  No, I’m not aware of any specific messages that they were carrying.  But I do think, again, the fact of Secretary Carter’s trip I think is a pretty clear indication of the national security priority that the President has placed on enhancing the security cooperation between the United States and India.
 
Q    -- especially talking about moving forward the relations between the two countries.  Ambassadors play, I understand, a big role as far as relations between the two countries and to the President and Prime Minister.
 
MR. EARNEST:  Well, Goyal, as you know, Ambassador Verma has only been on the job about six months or so.  He took that job shortly before the President’s visit back in January.  And we are pleased by the work that he has already done in that short period of time to strengthen relations between our two countries.  He’s been a very effective advocate for the American people over in India, and I think having an Indian-American serving in that role I think has also sent a pretty powerful message to the Indian people about the deep cultural ties between our people.
 
So Ambassador Verma, over a short period of time, has proven to be an extraordinarily effective advocate for the United States and India, and we look forward to his continued good work.
 
So with that, let me go to the week ahead and then you can all get started on your weekends -- those of you at least who aren’t traveling to Germany. 
 
As John mentioned, on Saturday morning, the First Family will attend services honoring the life of Beau Biden at a Mass of Christian Burial at St. Anthony of Padua Roman Catholic Church.  President Obama will deliver a eulogy in honor of Beau Biden at this mass.  Afterward, the First Family will return to Washington, D.C.  In the afternoon, the President will travel to Munich, Germany for the G-7 Summit.
 
On Saturday morning, we’ll wake up -- we’ll arrive in Germany, and the press will participate in an --
 
Q    Sunday.
 
MR. EARNEST:  I’m sorry, on Sunday.  I’ve already got my days confused. 
 
On Sunday morning, the President will arrive in Germany, and he will participate in an event and walk through Krün with German Chancellor Angela Merkel.  They will have the opportunity there to meet with some of the residents of that Bavarian village and to make brief remarks about the U.S.-German alliance.
 
Afterward, the President will hold a bilateral meeting with Chancellor Merkel to review a number of regional and global issues.  In the afternoon, the President will participate in the G-7 arrival ceremony.  After that, the President will attend a G-7 meeting on the global economy, followed by a G-7 meeting on trade.
 
Following the working sessions, the President will join G-7 leaders for an official family photo.  And in the evening, the President will attend a cultural performance followed by a G-7 leaders working dinner on a variety of foreign and security issues.
 
On Monday, the President will attend a G-7 meeting on energy and climate, and a separate G-7 meeting with outreach guests on terrorism.  I think it’s already been reported and many of you know that Iraqi Prime Minister Abadi is planning to participate in that session.
 
Afterward, the President will participate in a family photo with the other outreach guests.  He’ll also attend a working lunch on a range of development issues.  In the afternoon, the President will hold a news conference in Germany before returning to Washington, D.C.  The President is scheduled to arrive back here at the White House around 9:00 p.m. on Monday evening.  So a whirlwind trip to Germany.
 
On Tuesday, the President will attend the Catholic Hospital Association Conference in Washington, D.C.  The President will discuss what health care reform has meant to millions of Americans, not only in terms of improved and affordable coverage options for individuals, but in terms of new rights and protections for all consumers, rising quality of care, and the transformative impact on the economy as a whole.  That’s a speech the President, I believe, is scheduled to deliver on Tuesday afternoon.
 
In terms of Wednesday through Friday, I don’t have many details about the President’s schedule to share.  I can tell you the President does not plan to travel outside of the Washington area on those three days.  On Thursday, the President will participate in a DNC fundraising event here in Washington. 
 
And with that, I wish you all a good weekend.
 
Q    Josh, what’s he doing all day today?
 
MR. EARNEST:  The President is working on -- doing a number of meetings with staff.  I know that he’s also spending some time working on the eulogy for tomorrow.
 
Q    Are you able to say what he -- his weekly address subject is tomorrow?
 
MR. EARNEST:  I’m not at this point, but we’ll try to get that out at a decent hour this afternoon so you can see it.  But it will be embargoed until 6:00 a.m. tomorrow.
 
Q    Even the subject?
 
MR. EARNEST:  Yes.  Thanks, everybody.
 
                        END         2:07 P.M. EDT

White House Shareables