BY:
Sanctions and retaliatory cyber strikes should, but won’t, be the American response
Cyber
actors linked to Russia’s intelligence service carried out a sophisticated
cyber attack against Democratic National Committee computer networks in a bold
attempt to influence the U.S. presidential election.
That’s the
consensus view of U.S. intelligence agencies and private computer security
firms regarding the covert intrusions by Moscow into DNC networks over the
course of at least one year that resulted in the theft and release of sensitive
internal information.
As with
other state-sponsored cyber attacks, the White House is refusing to condemn the
incident or take action despite ample electronic intelligence indicating the
DNC hacking was a Russian cyber operation.
It is not
the first major Russian cyber attack. Others in recent months have included
cyber penetrations of the Pentagon’s Joint Staff email server and infiltrations
of unclassified networks at the White House and State Department.
White
House National Security Council spokesman Mark E. Stroh told The Cyber Threat
it does not regard the DNC hacking operation as a Russian state-sponsored cyber
attack. “That’s a supposition,” he said. “The USG has not made that
determination.”
The
comment suggests that the Obama administration is again avoiding any action in
response to major and damaging cyber attack against the United States. Its
questionable rationale is that the DNC attack cannot be linked to Russia
without courtroom-level evidence, despite intelligence indicating that it is.
The issue of attack attribution—the ability of intelligence agencies to
conclusively link cyber intrusions to known state sponsors of cyber attacks—is
once against letting the bad guys off the hook.
China’s
large-scale cyber attacks, notably attacks against the Office of Personnel
Management and an American health care provider discovered last year, are among
the most damaging cyber attacks by a foreign state. However, President Obama
and his aides refused to hold Beijing accountable despite policies and the
president’s own executive orders calling for the imposition of sanctions or
diplomatic and financial costs against foreign hackers. Economic sanctions
against China were considered but rejected last September.
The only
state-sponsored cyber attack the president has identified publicly was the
North Korean hack of Sony Pictures Entertainment in November 2014. That cyber
attack destroyed computer networks, publicly disclosed sensitive corporate
information, and sought to influence the release of a comedy film critical of
North Korean dictator Kim Jong Un. The attack was made public because the
National Security Agency had been able to break into North Korean hacking
networks and map their activities. Again, almost no action was taken in
response, other than the imposition of meaningless sanctions on several North
Korean officials.
Lt. Gen. James K. “Kevin” McLaughlin, deputy commander of the U.S. Cyber
Command, said this week that Obama attributed the Sony hack to the North
Koreans because of interagency cooperation. “It’s pretty rare that that kind of
strong attribution is able to be done,” McLaughlin told the Wall Street Journal. “I think
the fact that all of us on the government side were sharing information, it
allowed the leadership of the nation to make some rapid decisions on how they
wanted to respond to it.”
McLaughlin
said Cyber Command did not have a direct role in investigating the Sony hack
but that it could play a role in the future. The general noted that “we learned
a lot from how the military and cyber community participate rapidly with our
interagency partners.”
The DNC
hack reveals that Russian intelligence agencies are learning to game the
weakness of the White House by adding a new layer to advanced cyber attack
operations: Deception.
Russian
intelligence agencies, either the Federal Security Service or GRU military
intelligence service, are steeped in the tradition of deception stemming from
Soviet-era strategic disinformation operations.
In the DNC
hack, Russian hackers diverted the NSA’s attention and masked the origin of the
attack by claiming the perpetrator was a lone hacker who was connected to
Guccifer, the Romanian hacker who claims to have hacked the private email
server used by former Secretary of State Hillary Clinton. Someone claiming to
be Guccifer 2.0 tried to take credit for breaking into the Democratic Party’s
servers.
Former NSA cyber analyst Dave Aitel believes the DNC hack was not just a cyber
intelligence-gathering operation. It was a cyber warfare strike against
critical U.S. infrastructure, namely the political party system of the United
States.
Aitel, CEO
of the cyber security firm Immunity Inc., sees the DNC hack and the release of
sensitive information obtained from it on a WordPress website as “more than an
act of cyber espionage or harmless mischief.”
“It meets
the definition of an act of cyberwar, and the U.S. government should respond as
such,” Aitel stated. Claims that the lone attacker Guccifer 2.0 conducted the
action are not credible. “Of course, anything is possible, but the attack looks
to be an operation conducted by Russian intelligence services,” he said.
A cyber
attack limited to intelligence-gathering would reduce the need for an urgent
response under the notion that electronic spying is fair game. But the DNC
attack is different. It exceeded the threshold for cyber warfare. The Russians
deliberately dumped the Clinton campaign’s opposition research playbook on a
public website for the purpose of spreading misinformation about the source of
the intrusion, while meddling in the U.S. presidential campaign.
“The U.S.
government has a decision to make here,” Aitel asserts. “If it does not come
out strongly against this action by the Russian intelligence services now, then
when will it?”
It’s no
secret that Russian President Vladimir Putin favors likely Republican nominee
Donald Trump. Trump has said he has always felt “fine” about Putin and regards
him as a strong leader.
Like the
1996 Chinagate scandal involving covert Chinese efforts to back the reelection
of Bill Clinton and Al Gore, foreign intelligence operations during the
presidential season are not unprecedented.
But the
global information infrastructure in 1996 was nothing like it is today, and the
Russian cyber gambit threatens the integrity of the American election system.
To prevent foreign influence operations, the U.S. government must declare
political parties and their networks to be worthy of strategic protection as
part of its critical infrastructure protection strategy. Other examples of
critical infrastructure include the electric grid, financial system, and
transportation and telecommunications networks.
The
Russians need to be punished—with sanctions, at a minimum—for their cyber
attacks.
Better
yet, to foster a deterrent-based dissuasion strategy, the NSA and Cyber Command
should be unleashed to conduct retaliatory cyber attacks on Russian government
and private sector networks. U.S. cyber capabilities, as shown by Edward
Snowden’s pilfered NSA documents, are impressive and could easily penetrate
Russian computer networks.
Revealing some of Russia’s most cherished secrets would go a long way
toward deterring future actions in cyberspace. Key targets could include
internal Russian government communications exposing Putin’s strategy to create
a pan-Eurasian sphere of influence stretching from the Pacific to the Atlantic.
And stealing and publishing details of the Russian leader’s hidden wealth,
estimated to be at least $20 billion, would send a message to the Kremlin that
attacking U.S. networks is not cost free. A third target could be details about
Russian arms control violations, such as recent breaches of the 1987 Intermediate-Range Nuclear Forces
Treaty and cheating on SS-25 missile dismantlement that
violates the terms of the 2010 New START strategic arms accord.
As
McLaughlin put it, Russia and China are “very, very capable cyber actors” whose
hackers pose the threat of “taking full control of our networks” and passing
themselves off as trusted users once inside.
“On the
military side, you can imagine the difficulty that would cause a commander, if
he didn’t trust his own network or his data,” he said.
The
continued failure by President Obama to ignore Russian and Chinese cyber
attacks guarantees that further and possibly more damaging attacks will be
carried out.
No comments:
Post a Comment