US aims to draw line with Russia over hacking
With reprisals against Russia over what it says was meddling in the US presidential election, the Obama administration aims to draw a virtual line in the sand without sparking a war — cyber or otherwise.
The measures announced Thursday by President Barack Obama, who accused Moscow of “efforts to harm US interests,” include the expulsion of 35 intelligence agents and financial sanctions on Russia’s top intelligence agencies.
Obama also warned of additional, unspecified actions “at a time and place of our choosing, some of which will not be publicized.”
Analysts say Washington is seeking to punish Russia and warn other nations against taking similar action.
“While the direct impact of the actions may be limited, it puts a marker in the sand (or silicon) that hostile cyber activity targeting the US has consequences,” said Frank Cilluffo, who heads the Center for Cyber and Homeland Security at George Washington University.
“In addition to responding to Russia’s activities, it also puts others on notice, signaling that one cannot turn to significant cyber attacks with impunity,” he said.
“It also serves as a starting point for articulating a set of strategies and policies we desperately need… a cyber deterrence strategy.”
– Avoiding escalation –
While US officials have boasted of their ability to use “cyber weapons” when appropriate, security analysts say such a course of action is unlikely because of the risk of escalation — from more dangerous cyberattacks into the possible use of traditional, deadly weapons, or “kinetic” warfare.
“I don’t think you’ll see the use of cyber weapons,” said James Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies, a Washington think tank.
“There is a strong desire to avoid escalating this conflict.”
Lewis said Obama’s actions are appropriate “as a first step” and in light of Russia’s actions, and that any further measures — which Obama said may be forthcoming — could be restrained.
“The Russians didn’t attack us — they used coercion, espionage, politics — and we could do the same thing,” he said.
Susan Hennessey, a Brookings Institution fellow and editor of the national security blog Lawfare, said she expects a further “nonpublic” response, possibly in the cyber domain, to send a message to Russian President Vladimir Putin.
The White House announcement “is a welcome and sufficient move, but only if it is paired with some additional nonpublic countermeasure,” Hennessey said.
She added that while Washington may want to demonstrate to Moscow its capacity for cyber actions, it also would want to avoid establishing a norm for cyber disruption that other nations could follow.
This would likely rule out a spectacular hack attack or release of embarrassing information.
But Hennessey said she expected a response “to be potentially scary to Kremlin officials to let them know we can reach places they didn’t think we could reach.”
Steve Grobman, chief technical officer at Intel Security, agreed that Obama’s measures are intended to send a message without sparking a crisis, and added that if any cyber measures are implemented, they should be carefully calibrated.
“The covert offensive cyber component must be well thought out and executed such that it is precise and does not inflict collateral damage on non-target systems,” he said.
“Escalation of offensive cyber activities by either party could lead to a kinetic conflict.”
– What happens now? –
It remains unclear what impact the actions will have as Obama prepares to leave office in three weeks, when Donald Trump takes the oath of office.
Claude Barfield, a resident fellow at the American Enterprise Institute, argued that Obama’s “dawdling and agonizing for months over Russian cyber intrusions” could have “damaging consequences for cyber deterrence policy.”
“The Obama administration had claimed that it did not want to retaliate against the Russians before the election for fear of provoking further disruption of the campaigns,” Barfield said in a blog post.
“But it waited a full month after the election before the president finally ordered a full review of the Russian attack by the entire US intelligence apparatus.”
This suggests “that the president and his security advisers aim to make such a tight case that it will be impossible for the next administration to ignore the evidence or back away from the sanctions,” Barfield said.
But he noted that “it will be critical for the government to improve US cyber defenses moving forward if we are to prevent similar incidents from happening in the new year and beyond.”