By Jim Langevin
Last week, the website WikiLeaks posted thousands of emails illegally obtained from the Democratic National Committee. Some contained sensitive information about donors, while others provided a disturbing look into a potential bias underpinning internal deliberations and operational decisions at the DNC.
As a Democrat, I am distressed by the appearance of favoritism in any form. However, as an American, I am deeply worried that our nation is still not adequately prepared for the new security challenges we face in cyberspace.
When I founded the Congressional Cybersecurity Caucus in 2008, my foremost concern was that a cyberattack on critical infrastructure could result in physical damage, a fear made real with the attack on Ukraine’s electric utilities last December. While leading the caucus, I have also seen hackers break into databases in pursuit of financial information, trade secrets, and even personal details of government employees. All of these targets remain at risk.
But I’m afraid that our understanding of the threats in cyberspace is not keeping pace with the rapid advances in technology and the avenues of attack they enable. The DNC email leak, for instance, bears all the hallmarks of an information warfare operation, timed as it was to coincide with announcement of the Democratic vice presidential pick and the commencement of the convention.
The doctrine of information war is not new. We saw it used extensively during the cold war and it continues to be used today. During the illegal Russian annexation of Crimea, local news outlets were flooded with false stories of repression of ethnic Russian populations. The Russian television network RT that broadcasts in English, Arabic, and Spanish has deliberately disseminated inaccurate stories favorable to the Russian regime. New media have also been targets of recent campaigns: Witness the Russian “troll armies” who sow confusion on comment boards across the internet.
But these examples apply 20th-century thinking to 21st-century technology. In Crimea and with RT, Russia simply owns the television channels and can thus schedule programming as it wishes. The comment trolls rely on the free speech protections enshrined in many societies for decades or centuries. And, in this age of choose-your-own content, they rely on readers, viewers, or listeners making an active choice to tune in. This reliance hampers their ability to cause harm: after all, how many Americans watch RT?
The DNC hack is different. The content is fresh, salacious, and stolen, which means American news outlets are more than happy to do most of the dissemination. Though the data passed through foreign servers and may have been modified, many of the emails are, undoubtedly, authentic: They are impossible to dismiss as purely propaganda. They are also anonymous – the face of the leaks to this point has been WikiLeaks founder Julian Assange, who was almost certainly not involved in the theft of the emails.
All of which means we are likely to see many more hacks in this style. There has been a lot of speculation that Russia was behind the breach and the leak, and I have full confidence that government investigators will find those responsible. But whether the attack was carried out by the Russian government, at its behest, or by an independent party, the consequences of the hack are all too real.
Those opposed to our interests know all this. They also know that the cost of attacking us in cyberspace is low. While attribution is steadily getting better, it has been complemented with the rise of state-sanctioned private hackers whose ties to governments are murky at best.
So we have our work cut out for us. We need to raise our cyberdefenses in government and in the private sector, to make attackers work harder to get into our systems. We need to develop norms of nation state behavior in cyberspace that preclude attacks on civilian infrastructure and allow us to hold actors accountable. And we need to build resilience to lessen the payoff when breaches inevitably do happen.
In the eight years I have been working on cybersecurity, I have seen the issue gradually take on prominence. Most of my colleagues in Washington understand that the benefits we reap from our interconnected economy bring risks as well. But despite breach after breach, there is still not a sufficient urgency to the discussion. Cybersecurity is the security challenge of the Information Age. Our adversaries clearly know it; shouldn’t we?
Congressman Jim Langevin, a Democrat from Rhode Island, is the cofounder and cochair of the Congressional Cybersecurity Caucus, and a senior member of the House Armed Services and Homeland Security Committees.