The Atlanta Journal-Constitution
Cyberattack responses: Questions loom
If hackers were found, what would the U.S. do about it?
— It has been ASPEN, COLO. an open secret throughout the Obama presidency that world powers have escalated their use of cyberpower. But the recent revelations of hacking into Democratic campaign computer systems in an apparent attempt to manipulate the 2016 election is forcing the White House to confront a new question: whether, and if so how, to retaliate.
So far, the administration has stopped short of publicly accusing the Russian government of President Vladimir Putin of engineering the theft of research and emails from the Democratic National Committee and hacking into other campaign computer systems. However, private investigators have identified the suspects, and U.S. intelligence agencies have told the White House that they have “high confidence” that the Russian government was responsible.
But suspecting such meddling is different from proving it with a certainty sufficient for the president to order a response.
Even if officials gather the proof, they may not be able to make their evidence public without tipping off Russia, or its proxies in cyberspace, about how deeply the National Security Agency has penetrated that country’s networks. And designing a response that will send a clear message, without prompting escalation or undermining efforts to work with Russia in places like Syria, where Russia is simultaneously an adversary and a partner, is even harder.
The Russians tried to make it tougher still Saturday when they declared that they had found evidence of U.S. activity in their government systems.
It was hardly a shocking revelation; Anyone who leafed through Edward Snowden’s revelations saw evidence of daily efforts to break into Russian spy agencies, nuclear installations and leadership compounds.
But in a talk Friday evening at the Aspen Security Forum, an annual gathering that draws many of the nation’s top intelligence and military officials, CIA Director John Brennan made clear that while spying on each other’s political institutions is fair game, making data public — in true or altered form — to influence an election is a new level of malicious activity, far different from ordinary spy vs. spy maneuvers.
“When it is determined who is responsible for this,” Brennan said, choosing his words carefully to avoid any direct implication of Russia, there “will be discussions at the highest levels of government about what the right course of action will be. Obviously interference in the U.S. election process is a very, very serious matter.”
The Russia problem is thorny, and persistent. Just four months into his presidency in 2009, President Barack Obama and his top national security advisers received a warning from U.S. intelligence agencies: Of all the nations targeting America’s computer networks, Russia had the most “robust, longstanding program that combines a patient, multidisciplinary approach to computer network operations with proven access and tradecraft.”
Obama might have been a bit distracted at the time. While setting up his new administration, he was also learning the dark arts of cyberwar, descending into the Situation Room to oversee a complex American-Israeli offensive operation to disable Iran’s nuclear centrifuges. He expressed concern to his aides that the operation would help fuel the escalation of cyberattacks and counterattacks.
The concern was justified. Since then, Iran has attacked Saudi Arabia, Russia has brought down a power grid in Ukraine, the North Koreans have attacked the South. The list gets longer every month.
But deterrence has been spotty. In the DNC case, two senior administration officials spoke on the condition of anonymity to discuss the options being considered by midlevel officials, ranging from counter cyberattacks on the FSB and the GRU, two competing Russian spy agencies at the center of the current hacking, to economic, travel and other sanctions aimed at suspected perpetrators.
But each approach has downsides: A counterattack, for example, one senior official said, “brings us to their level, and their moral code.”
At the same time, the cost of doing nothing could be high. As the United States and other nations move to more electronic voting systems, the opportunities for mischief rise exponentially. Imagine, for example, a vote as close as the 2000 presidential election between George W. Bush and Al Gore, but with accusations about impossible-to-trace foreign manipulation of the ballots or the vote count, leaving Americans wondering about the validity of the outcome.
For Obama, the president who has done the most to raise alarms about the risks of cyberattacks and the most to build up the U.S. Cyber Command, this territory is fraught with politics, intelligence trade-offs and questions of American values.
“I think that the administration needs to be ironclad on the evidence here to convince the American people that this is about policy, not politics,” said Jason Healey, a scholar at Columbia University who specializes in cyberconflict between nations. “This has got to be about defending a constitutional process, not a party.”
Obama often says the world of cyberconflict is still “the Wild West.” There are no treaties, no international laws, just a patchwork set of emerging “norms” of what constitutes acceptable behavior.
For example, Obama has pressed President Xi Jinping of China to work with the United States and other nations to develop rules about the theft of intellectual property, and about not interfering with a nation’s efforts to bring attacked systems back online.
Attacking another nation’s power grid in peacetime is considered out of bounds. But every new case brings a new and imaginative way to weaponize cyberpower.
Until November 2014, when North Korea hacked into the computers at Sony Pictures Entertainment in retaliation for a comedy that portrayed a CIA plot to assassinate Kim Jong Un, the country’s leader, no one seriously considered a movie studio to be “critical infrastructure.”
Yet the attack on Sony — which melted down 70 percent of its computing power — was the only case that brought the president to the White House press room to accuse another nation of launching a deliberate cyberattack, and to promise retaliation. Obama said he was driven to go public by the fact that North Korea was trying to suppress free speech and intimidate Americans with threats if they went to the theater.
It is unclear how the United States may have retaliated against the North in secret, if it even did so. But the public punishment, the announcement of some mild economic sanctions, seemed highly ineffective. They were lost in the sea of other sanctions imposed on the North since the signing of the armistice that halted, but did not end, the Korean War 63 years ago.