The Office of Personnel Management (OPM) building in Washington. (Shawn Thew/European Pressphoto Agency)

Remember how President Obama failed to enforce his “red line” in Syria? Well, it’s happening again — this time in cyberspace.

On April 1, Obama drew a cyber “red line” in the sand when he signed an executive order authorizing sanctions against individuals or entities who carry out cyberattacks or cyberespionage against the United States. “Starting today,” Obama declared, “we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit.”

A senior administration official told The Post that the new order would put our enemies in cyberspace on notice that “if you think you can just hide behind borders . . . that’s just not going to be the case. . . . [W]e can hit where it hurts in terms of a financial impact.” The order authorizes the treasury secretary to freeze financial assets, bar commercial transactions and impose a visa ban on those involved in significant cyberattacks.

“As of today, the United States has a new tool to protect our nation, our companies, and our citizens ,” Obama declared, “and in the days and years ahead, we will use it.”

Except he’s not using it. In the days after he spoke those words, the United States discovered that Chinese government hackers had broken into the computer networks of the Office of Personnel Management — stealing the personnel records of as many as 18 million Americans.

Experts told me it was the most devastating cyberattack in the history of our country. One retired four-star general and cybersecurity expert described the OPM hack as a “Cyber 9/11.”

So how has the Obama administration responded? Did it follow through on Obama’s threat and impose sanctions on those responsible? Not even close. For weeks, the administration would not even acknowledge that China was behind the attack. Then, last Thursday, Director of National Intelligence James Clapper finally admitted China was to blame, telling an intelligence conference “You have to kind of salute the Chinese for what they did.”

Salute them? No, you don’t. You have to sanction the Chinese for what they did.

The OPM breach is catastrophic, both for our national security and for the individuals whose information has been compromised. China has stolen the personal data on countless Americans with top-secret security clearances. The regime in Beijing now possesses their Social Security and passport numbers; the names and addresses of relatives; every place they have ever lived, worked or went to school; details of their military service (including whether they worked in intelligence); all the people they “know well,” including their “foreign contacts,” and details on their “foreign activities” and “foreign travel”; all the details of their “psychological and emotional health,” including any mental health treatment; any police records “regardless of whether the record . . . has been sealed, expunged, or otherwise stricken from the court record, or dismissed”; details of any “illegal use of drugs and drug activity” and “use of alcohol”; as well as detailed financial records, including any past bankruptcies and “non-criminal court actions.” In other words, Beijing now possesses everything a foreign intelligence service could possibly need to blackmail those holding some of the United States’ most sensitive secrets.

Not only can this information be used to undermine national security, it can also be used to retaliate against those who criticized China — for example, people working for U.S. government “freedom radio” stations, such as Radio Free Asia, who use aliases to protect themselves and their relatives back home. Beijing now may have the real identities of those broadcasters and those of their family members in China.

Stolen OPM data reportedly has been found for sale on the “dark net ” — the online network used by criminals and terrorists across the globe. This is unsurprising, considering that the Obama administration discovered the breach in April but did not announce it until June 4 — giving cybercriminals a running head start to exploit stolen data while keeping those affected in the dark. And what is the administration doing now to protect those whose personal information they failed to protect? They are offering — get this — 18 months of “free” credit monitoring service and identity theft insurance. Eighteen months? The loss of personal information lasts a lifetime — and sometimes longer for family members and others whose personal information was included in the stolen data.

The failure to protect this information is appalling. But the failure to respond to an attack of this magnitude is inexcusable. In April, Obama warned that “from now on” his administration would “go after bad actors” who carry out cyberattacks on the United States. China responded by launching the most audacious attack in history.

So, Mr. President, what are you going to do about it?

Read more from Marc Thiessen’s archive, follow him on Twitter or subscribe to his updates on Facebook.