By Jack Detsch
Earlier this month, the US intelligence community released a report that blamed President Vladimir Putin for ordering a campaign of cyberattacks, propaganda, and fake news to undermine public confidence in the democratic process and discredit Hillary Clinton’s campaign.
In light of this, Passcode’s group of digital security and privacy experts said President Trump should roundly condemn the hacks – and impose serious consequences.
“If the Russians had physically sent agents into the offices of the Democratic National Committee to steal files or into polling stations to stuff ballot boxes, they would have done so certain of consequences if those agents were caught: they’d be imprisoned and probably tried,” said Nate Fick, chief executive officer of Endgame, a cybersecurity company. “Until the US government makes explicitly clear that the full weight of American power is available to respond to hostile cyber adventurism, we can expect the assaults on our institutions to continue.”
The Obama administration’s response included economic sanctions, the expulsion of 35 diplomats, the designation of voting systems as critical infrastructure, and strong hints of covert retaliation. Yet some members of Congress criticized Mr. Obama’s response to the hacks – coming six months after suspected Russian breaches into the Democratic National Committee were detected – as too slow.
It’s not yet clear how Mr. Trump plans to deal with the issue.
The new commander-in-chief has said he agrees with the intelligence community’s united assessment that Moscow was behind the suspected digital attacks and leaking of confidential emails to the antisecrecy site WikiLeaks, but has so far declined to publicly condemn Russia for its actions. Some Trump advisers have suggested the post-hack sanctions may even have gone too far – though some of Trump’s cabinet choices, such as CIA Director Mike Pompeo and Defense Secretary James Mattis, have taken a harder line.
Some Influencers are worried that Trump might not act – and are calling on Congress to step in. “Congress should pass bipartisan sanctions against Russia to inflict additional costs and prevent those costs from being easily reversed by the Trump administration,” said Chris Finan, chief executive officer of Manifold Technology.
Peter Singer, a senior fellow at New America think tank, sees the next phase as a test for the Republican-controlled government. “The Obama administration’s recent moves to sanction Russia for targeting US democracy were a good start, albeit too little and too late — criticism that the Republican congressional leadership was quick, and right, to make,” Mr. Singer says. “A test of its sincerity will be whether Congress backs its words with action, by turning the sanctions into law and strengthening them further.”
For his part, Congressional Cybersecurity Caucus cochair Rep. Jim Langevin (D) of Rhode Island says he supported the Obama administration’s actions – but will advocate in the legislative branch for more action. “I do believe that the actions made public to date are not commensurate with the enormity of the attack on the fundamental underpinnings of our democracy,” Mr. Langevin said. “I will continue to support efforts by the Congress and the new Administration to ensure that Russia does not again threaten our electoral systems.”
The US has a variety of tools besides sanctions at its disposal. One Influencer is calling for a “tit-for-tat” response. “There should be a price for their actions, and it should involve doxing powerful Russians connected to the Kremlin so they get the point,” said the expert, calling for a kind of cyberattack ultimately aimed at exposing sensitive information. (Passcode’s Influencers can choose to keep their responses anonymous to preserve their candor.)
A lack of a strong public response will only encourage “bolder behavior” from Russia, added Eric Burger, a computer science professor and director of the Center for Secure Communications at Georgetown University. The US arsenal ranges “from hacking back and exposing Botox use all the way through kinetic warfare, with things like sanctions, public shaming, and the like in between,” he adds.
The probe into suspected Russian digital interference into US elections isn’t over yet: The House and Senate Intelligence committees are investigating the hack.
Even so, Passcode’s experts largely believe that by taking a strong stand now, the US can play an important role in creating rules of the road for cyberspace – or internationally accepted norms of behavior. That process has moved slowly in international bodies such as the United Nations, but experts say a public response to the high-profile hacks could spur some momentum.
“Let’s call it what it is: a digital attack on one a foundational element of societal confidence,” said Steve Weber, a professor at the School of Information at the University of California at Berkeley of this summer’s cyberattacks against the DNC and other Democratic political organizations.
“Now is the time to set some norms about how states use the internet to create corrosion in the social contract of other states. We shouldn’t wait for norms to ‘evolve’ – we should state clearly what we consider out-of-bounds behaviors, not engage in them ourselves, and punish those who do with serious costs and pain.”
However, some experts insist it’s too early to begin talking about further penalties for the suspected Russian digital attacks. A small but vocal 24 percent minority of Influencers said it wasn’t the right time to respond, given a lack of what they said was compelling evidence.
“Until we actually see the evidence of Russian political hacking, this entire episode remains unverified.” says Sascha Meinrath, who heads up X-Lab, a Washington-based venture focused on technology policy and innovation. “Anyone promoting retaliation is doing so in ignorance.” While the intelligence community’s declassified report on Russian hacks featured some technical indicators, such as internet protocol addresses, the public evidence did little to satisfy some security researchers.
Some of Passcode’s experts think that by retaliating more strongly – or mounting a digital counterattack against Russia – the US could make itself vulnerable by exposing its own digital espionage operations to potential criticism.
“Offensive operations are a critical part of nation-state intelligence,” says Nick Selby, from US cybersecurity firm Secure Ideas. “Feigning outrage at operations results in embarrassing propaganda campaigns in which we must ‘demonstrate’ how awful it all is.”
The US intelligence community in its report found that Russian digital interference in global politics could be the “new normal.” With suspected Russian cyberattack campaigns potentially targeting elections in Germany, France, and the Netherlands this year, some Influencers say it’s time to buckle in for the long haul – and focus on defense.
“It was inevitable that traditional espionage would evolve to utilize the Internet,” says Scott Montgomery, vice president and chief technical strategist at Intel Security. “The energy spent on ‘retaliation’ would be better served improving defensive posture and training personnel.”