TRUMP MUST RESPOND TO RUSSIA ABOUT CYBERATTACK
WASHINGTON — Both Secretary of State Mike Pompeo and Attorney General William Barr say Russia was behind the massive cyberattack that compromised 18,000 U.S. companies and government agencies, but President Donald Trump isn’t buying it. “Russia, Russia, Russia is the priority chant when anything happens,” Trump tweeted, adding “it may” be China or “a hit on our ridiculous voting machines during the election, which is now obvious that I won big.”
No, it wasn’t either of these things. And by tweeting this nonsense, Trump is not only failing to respond forcefully and restore deterrence in cyberspace — he is missing an opportunity to claim vindication about Washington’s obsession with Russian electoral interference.
Were U.S. intelligence officials so focused on detecting and deterring Moscow’s election interference that they missed the Kremlin’s real target — a massive cyber penetration of U.S. businesses and government agencies? That’s the case Trump should be making. Undetected, Russian hackers penetrated SolarWinds, a company that produces network management software used by many Fortune 500 companies and government agencies, in October 2019, and began attaching a computer virus to the software updates the company pushed out to its clients.
The Russian hack was discovered by accident, when an employee at a compromised company saw their credentials had been used to log into the company’s network from an unrecognized device. In other words, our intelligence community was overly focused on the wrong target. Rather than deny what took place, Trump should be arguing that Washington’s four-year fixation with Russian interference in our elections provided the perfect cover for this unprecedented Russian cyberattack.
The lesson is that cyberattackers are like terrorists — they take advantage of our free and open society to infiltrate and attack America. And the lesson we learned after Sept. 11, 2001, is that we cannot defend perfectly in every place and at all times against every possible technique. The only way to stop or deter them is to go on offense. “We cannot let this stand. We have the capability to attack back and we should. … When you impose costs … your adversary is going to think twice before doing something,” said retired four-star Army Gen. Jack Keane. He points out that the United States has the most powerful offensive cyber-capabilities in the world.
Based on what is now in the public sphere, Trump appears to have used America’s offensive cyber capabilities more than any previous president. In August 2019, The New York Times reported that he ordered “a secret cyberattack against Iran in June [that] wiped out a critical database used by Iran’s paramilitary arm to plot attacks against oil tankers.” In an interview with me last fall, Trump acknowledged for the first time that he had launched a cyberattack on Russia to prevent its interference in the 2018 midterm elections. But he has clearly not used them nearly enough to deter attacks like this one.
The primary reason we have gone almost two decades without another 9/11style attack on the homeland is because America has been on offense across the world, taking out terrorists with targeted drone strikes, denying them sanctuary. We need to do the same in cyberspace. Our adversaries need to know that the United States will preemptively take out cyber capabilities of state or non-state actors we believe threaten us.
Trump has pulled the trigger in cyberspace before. He can do it again. But to do so, he must stop denying Russia’s complicity, stop obsessing with overturning the election, defend our country and restore deterrence in cyberspace.