Russia meddled in a US election in the past. Will the US be able to stop Moscow when it tries to repeat that action in the future?
That important question has been a subtext in a number of big Russia-related congressional hearings in recent days. Former acting Attorney General Sally Yates, ex-Director of National Intelligence James Clapper, and then-FBI Director James Comey (before he was abruptly fired May 9), have all testified before Senate committees this month.
Necessarily much of this public time has been spent talking about FBI investigations, the nature of ex-National Security Advisor Michael Flynn’s Russian communications, and other specifics. But at some point these current and former officials have all stopped and said that it’s important to remember the foundational problem of the hacking scandal that’s shaken American politics.
“The transcendent issue here is the Russian interference in our election process, and what that means to the erosion of the fundamental fabric of our democracy,” former DNI Clapper told the Senate Judiciary Committee on May 8. “And that to me is a huge deal. And they’re going to continue to do it. And why not? It proved successful.”
Russia’s success in sowing discord perhaps makes it harder for the US to focus on and fight the cyber intrusion that officials say stole Democratic Party emails and planted false news stories about the election. The purpose of this operation was to amplify division and turmoil in US politics. Well, mission accomplished.
As US politics is riven by partisanship like never before, and Washington fights over investigations into Russia’s connections with the Trump campaign, it seems as if the nation can’t wrap up the forensic analysis related to 2016 and unify against the threat to the 2018, and beyond.
“If we need to be focused on preventing this in the future, when are we going to get to the point where we get to do that?” says Chris Edelson, an associate professor of government at American University who specializes in presidential national security power.
The bad news is that the various probes into Russia’s attempt to manipulate the US system seem likely to stretch on for months. In the House, the Intelligence Committee investigation seems completely stalled by partisan bickering. In the Senate, a counterpart effort is plodding along, methodically. Meanwhile, the FBI is conducting its own investigation in secret.
The good news is that paralysis at the top doesn’t immobilize the entire US government. In spite of the suspected Russian influence campaign that used hacks, leaks, and fake news to undermine faith in the US political process and harm Hillary Clinton’s electability, the US has a growing menu of options to respond to digital attacks targeting the polls.
One main approach might be called active defense. This might mean fusing intelligence, cyberdefense, sanctions, diplomacy, and other policy tools together to respond to foreign hackers.
“You may not want to respond through cyber means if you have greater pressure and leverage in other areas,” says Frank Cilluffo, director of the Center for Cyber and Homeland Security at the George Washington University and a top homeland security adviser in George W. Bush’s White House.
After all, other nations might have great cyber capabilities, but the US is a superpower that maintains unique political, military, and economic advantages. That’s helped US cyber defense in the past.
In 2015, The Washington Post reported that the US used the threat of sanctions against China before working out a deal curbing economic cyberespionage. The US had identified Beijing as the leading suspect in breaches of Office of Personnel Management databases containing 22 million government records.
In response to Russia’s 2016 election meddling, the Obama administration expelled 35 diplomats from the US, designated voting systems as critical infrastructure, and offered strong hints of covert retaliation.
“There are periods in history when new technologies make conflict offense-friendly, when it’s easier to cause harm than prevent harm,” says Nathaniel Gleicher, a former director for cybersecurity policy on the National Security Council in the Obama administration and head of cybersecurity at Illumio. “If you look throughout history, we don’t correct this imbalance by focusing more on offense – we correct it by developing a new kind of defense.”
But to actively defend against digital attacks, some lawmakers argue, there are structural problems that need to be solved, too.
The military’s top offensive hacking unit, US Cyber Command, still remains subordinate to US Strategic Command, and its leader also heads up the National Security Agency, giving it less independent authority than other US agencies with cybersecurity authorities.
Though the last Obama-era defense budget sought to give Cyber Command more independent authority, it’s not yet clear that the Trump administration will honor that pledge. Some cyber experts would like to see greater leverage to respond.
Naming and shaming nation-state hackers that target American networks might be another aspect of defense against future electoral cyber offenses.
During the Obama administration, the Justice Department often used that approach to deter Russian, Chinese, and Iranian cyberespionage.
In 2014, the Justice Department charged five hackers associated with China’s People’s Liberation Army for allegedly breaching US companies, for instance. Last year the Justice Department charged seven Iranian hackers allegedly tied to Iran’s powerful Islamic Revolutionary Guard Corps with breaking into the computer network of a small New York dam and attacking more than 40 US companies last year.
But digital defenders aren't always up to speed on watching US networks. To better defend against national-level influence campaigns, US agencies need to have a clearer picture about what’s going on with their networks.
“They lack the rich picture of an orchestra leader bringing all of the pieces together,” says Frank Cilluffo of the Center for Cyber and Homeland Security. “The reality is technology far outpaces the ability to protect technology.”
This has led to cybersecurity experts doubting US law enforcement digital forensics in the past. Some were unconvinced by the FBI’s charge that North Korea was behind the devastating 2014 hack into the Sony Pictures network. Then Thomas Rid, a professor of security studies at King’s College London, found an encryption clue that backed up the FBI’s conclusion.
“We’re getting much better at attribution,” says Illumio’s Mr. Gleicher. “The challenge is that we have to agree as a community on what we accept – what is the proof we buy?”
After a last-minute hack of presidential candidate Emmanuel Macron’s campaign emails before French voters went to the polls on Sunday, National Security Agency Director Adm. Michael Rogers told the Senate Armed Services committee on Tuesday that the NSA tipped off French officials about malicious cyberactivity on their networks ahead of the vote.
While Admiral Rogers did not officially blame Russia, he said it appeared to be the handiwork of Russian hackers – suggesting that the US still possesses tremendous ability to track its digital adversaries as they break into and move through computer networks.
"We're watching the Russians, we're seeing them penetrate some of your infrastructure," Mr. Rogers told the committee, recalling the warnings relayed to French officials.
A third part of a national cyber defense might be diplomacy. Right now, the US-Russia relationship is at a “low point,” as Secretary of State Rex Tillerson said at a press conference in Moscow last month.
But the Trump administration may have put its finger on a key aspect of deterring election hacks in the future: US-Russia diplomacy. Yet if recent history is any guide, diplomacy can have an impact on reducing digital attacks on American targets.
In 2015, the US and China signed a landmark deal to halt cyberespionage against each other’s corporations. Last summer, the cybersecurity firm FireEye reported that Chinese hacks aimed at stealing US intellectual property fell significantly after the agreement was inked.
“I just don’t think that there’s a serious effort to engage the Russians,” says Bruce McConnell, global vice president at the East-West Institute and a former deputy under secretary for cybersecurity in the Obama-era Department of Homeland Security. “It’s really a question [if] you want to work on the relationship and improve it, or whether you want to remain in a standoff, which we’re in right now.”
There’s already some precedent for US-Russia diplomacy in cyberspace.
On the international stage, the United Nations Group of Governmental Experts, a 20-country bloc led by the US, Russia, and China, has developed a set of cybersecurity “norms” that encourage members to tamp down on foreign cyberattacks, respect sovereignty in cyberspace, and steer clear of attacks on critical infrastructure.
And it appears that efforts to build upon those rules could go even further. The latest version of the Tallinn Manual, a study convened by NATO’s Cooperative Cyber Defence Centre of Excellence, aims to apply international law to digital attacks that occur when troops aren’t fighting each other on the battlefield.
“What we’re seeing in the DNC hack is that the Russians have figured out where that gray zone is and they’re operating in it,” says Exeter University professor Michael Schmitt, one of the authors of the new manual. “Now it’s up to states to clarify those gray areas.”
Part of clearing up some of the ambiguity when it comes to international conduct in cyberconflict will be defining a digital act of war. That’s something that a new Senate subcommittee, led by Sen. Mike Rounds (R) of South Dakota, plans to begin tackling later this year.
But the political situation in the US isn’t making it easier. In the movies, people are united by the appearance of a mutual adversary – the US and the USSR would come together to fight aliens, say. But that’s not happening in Washington, as President Trump continues to appear to question whether Russia was even behind the DNC hack.
Meanwhile, US spy agencies are becoming increasingly vigilant about foreign hackers aiming to sway the vote.
“What does this mean in terms of how we move ahead?” says Chris Edelson of American University.