Modern field guide to security and privacy
A view of the Kremlin in July through a construction fence
Maxim Zmeyev/Reuters | Caption

What's Obama's next move after blaming Moscow for hacks?

Now that the Homeland Security and the Office of the Director of National Intelligence officially accused the Russian government of conducting cyberattacks on US political targets, will the administration retaliate?

The Obama administration officially blamed Russia for attempting to interfere with US elections by directing cyberattacks at the Democratic National Committee and other political organizations.

The US intelligence community is "confident that the Russian government directed the recent compromises of emails from US persons and institutions, including from US political organizations," said a joint statement released Friday by the Department of Homeland Security and the Office of the Director of National Intelligence. 

"These thefts and disclosures are intended to interfere with the US election process," the statement continued. "We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities."

The decision to attribute the attacks follows months of pressure in Washington, ever since a breach of DNC servers revealed this summer and hackers dumped sensitive party emails on antisecrecy sites WikiLeaks and DCLeaks.com.

After cybersecurity firm Crowdstrike publicly fingered hacking groups linked to the Kremlin for the attack, experts and policymakers have pushed the administration to formally name the culprit – especially since just last month leaders on the House and Senate Intelligence committees released a statement that they also believed Russia was behind the breach. 

With just weeks to go before Election Day, the announcement of Russia's involvement now begs the question: How will the Obama administration respond?

After all, the Justice Department in 2014 charged five Chinese nationals with ties to China's People's Liberation Army for allegedly stealing sensitive information from American companies. This year, the US charged seven Iranians for hacking into a small New York dam and flooding dozens of US banks with phony web traffic.

The Obama administration has also deployed economic sanctions as a punishment for digital attacks; it sanctioned North Korea after the FBI found Pyongyang carried out the attack on Sony Pictures in 2014 that destroyed computers and servers and resulted in millions of dollars in damages to the company.

In this case, however, it remains unclear how – and whether – the Obama administration will deploy similar tactics now that it has attributed the spate of election-year hacking to Russia.

President Obama "has made it clear we will take action to protect our interests, including in cyberspace, and we will do so at a time and place of our choosing," said a senior administration official, when asked whether the attribution to Russia will be followed by economic sanctions, judicial indictments, or other consequences. "Consistent with the practice we have adopted in the past, the public should not assume that they will necessarily know what actions have been taken or what actions we will take."

The US government, the official added, "is committed to ensuring a secure election process and has robust capabilities to detect efforts to interfere with our elections" and "the American public and our democracy are resilient to foreign attempts to manipulate public opinion." 

A different national security official says that this kind of public attribution is in itself a consequence.

"Publicly announcing it is in part imposing a cost," said the official, who was not authorized to speak on the record about this topic. "You're saying to the rest of the world: We have proof the highest levels of the Russian government has acted against our interests to attempt to influence an election."

This approach highlights a significant transformation in how the US government handles national security incidents for digital attacks, the official added. "A couple of years ago, this would have been put in a top secret file and studied. That’s not an effective deterrent."

Today, the official says, "when there is an incident we want to investigate it, determine who did it, publicly announce it and impose cost .... In some cases there could be sanctions, or prosecution, or designations, and under certain circumstances, there could be military action. But there’s got to be something."

Also in the statement from DHS and the intelligence community, US states have also recently seen "scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company." However, the administration said, "we are not now in a position to attribute this activity to the Russian government." 

Even so, the administration believes it would be "extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyberattack or intrusion," according to the statement. "This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process." 

Meanwhile, some members of Congress are already pleased by the decision to name Russia as the source of attacks. 

"We should now work with our European allies who have been the victim of similar and even more malicious cyber interference by Russia to develop a concerted response that protects our institutions and deters further meddling," said Congressman Adam Schiff (D) of California, the top Democrat on the House Intelligence Committee. "All of us should be gravely concerned when a foreign power like Russia seeks to undermine our democratic institutions, and we must do everything in our power to guard against it." 

The Obama administration's acknowledgement that Russian intelligence agencies are trying to meddle in the elections and undermine public confidence "conveys the seriousness of the threat," says Senate Intelligence Committee Chairwoman Dianne Feinstein (D) of California. "Attempted hacking of our election system is intolerable, and it's critical to convince the Russian government to cease these activities. If it does not, we must develop a strong response."

With the US now moving to publicly name and shame Russia, some cybersecurity experts agree the White House's next move should be even more forceful. 

"The level of hostility and tradecraft and espionage is reaching levels we haven't seen since the 1950s," says Tom Kellermann, chief executive officer at Strategic Cyber Ventures, a Washington firm, adding that this summer's political negotiations surrounding the Syria crisis may have delayed US attributing the DNC attack to Russia. "I think the NSA needs to take its gloves off."

Jeff Stone contributed reporting for this article.