Washington (AFP) All fingers point to Russia as the source of the worst-ever penetration of US government agencies. But President Donald Trump, who has long been wary of holding Moscow responsible for the cyber attacks, has so far remained silent.
The absence of any statement seeking to hold Russia accountable casts doubt on the possibility of a swift response and indicates that any retaliation – whether through sanctions, criminal charges or electronic measures – will be left in the hands of the incoming administration of President-elect Joe Biden.
“I imagine the next administration wants a list of options and then it will choose,” said Sarah Mendelson, a professor of public policy at Carnegie Mellon University and a former US ambassador to the United Nations Economic and Social Council. Is there a progressive assault? Is there an all-out attack? How much do you want to do outside the gate? “
Certainly, it is not uncommon for administrations to refrain from publicly accusing them of blame for the breaches until sufficient evidence has been gathered. Here, US officials say they recently learned of the devastating abuses committed at various government agencies in which foreign intelligence agents took root undetected for up to nine months. But Trump’s response, or lack thereof, is being closely watched because of his preoccupation with a fruitless effort to cancel last month’s election results and his refusal to publicly acknowledge that Russian hackers interfered in the 2016 presidential election in his favor.
Exactly what action Biden might take is unclear, or how his response might be shaped by criticism that the Obama administration did not act aggressively enough to thwart the intervention in 2016. He provided evidence in Thursday’s statement, saying his administration would be proactive in preventing cyberattacks. And impose costs on any liabilities behind them.
The US government’s statements have not yet mentioned Russia. Asked about Russia’s participation in a radio interview on Monday, Secretary of State Mike Pompeo acknowledged that Russia was constantly trying to hack American servers, but it quickly turned into threats from China and North Korea.
Democratic Senators Dick Durbin and Richard Blumenthal, who were briefed on Tuesday about the hacking campaign at a secret Armed Forces Committee session, were clear about blaming Russia.
There are other signs within the administration of a clear awareness of the severity of the attack, which happened after an elite group of cyber spies injected malicious code into the program of a network service company. The civilian Cybersecurity Agency warned in an advisory report on Thursday that hacking poses a “grave risk” to government and private networks.
The response could begin with a public declaration that Russia is responsible for this, which is already a widely shared assessment in the US government and the cybersecurity community. Statements like these are often not immediate. It took weeks after these incidents became public for the Obama administration to point its finger at North Korea for the Sony Pictures Entertainment hack in 2014 and for then-Director of National Intelligence James Clapper to assert China as the “prime suspect” in the Office of Personnel Management hacks. .
Public naming and defamation are always part of the rules of the game. “The United States, and its allies, ideally, should be publicly and formally blamed for these breaches,” former Trump homeland security adviser Thomas Busert wrote this week in an opinion piece in The New York Times. Republican Senator Mitt Romney said in a radio interview with SiriusXM that it was “extraordinary” that the White House had not spoken.
Another possibility is to file a federal indictment, assuming investigators can gather sufficient evidence to implicate individual hackers. Such cases are labor-intensive and often take years, and although they may carry slim chances of a courtroom prosecution, the Ministry of Justice considers them to have strong deterrent effects.
Sanctions, a respectable punishment over time, could have more bite and Biden will almost certainly contemplate them. President Barack Obama expelled Russian diplomats over interference in the 2016 elections, and the Trump administration and its Western allies have taken similar measures against Moscow over its alleged poisoning of a former intelligence officer in Britain.
Exposing Kremlin corruption, including how Russian President Vladimir Putin accumulated and concealed his wealth, may amount to greater revenge.
“This is not just a revenge operation or a breach in their systems,” said Mendelson, the former ambassador. It is, ‘We will seek what you really care about, what you really care about is the hidden money, revealing the larger network and how it relates to the Kremlin. “
The United States could also retaliate in cyberspace, a path made easier by the Trump administration licensing that has already led to some operations.
Former National Security Adviser John Bolton told reporters at a 2018 news conference that offensive cyber operations against foreign competitors would now be part of the US arsenal and that the US response would not be primarily defensive.
“We can completely dismantle their home networks,” said Jason Healy, a cyber conflict scientist at Columbia University. “And any time we see their operators appear, they know we will pursue them wherever they are.”
The US Cyber Command also took more proactive measures, as it participated in what officials describe as “tracking” operations that allow them to detect cyber threats in other countries before they reach their intended target. For example, in the weeks leading up to the US presidential election, military cyber fighters engaged Estonia in a joint operation aimed at identifying and defending threats from Russia.
While the United States is also prolific in offensive cyber intelligence gathering operations – tapping the phones of allied foreign leaders and introducing spyware into commercial routers, for example – these efforts are benchmarked against the 18,000 infection of government and private enterprises in hacking SolarWinds, Haley said.
Healy said a better response – since espionage itself is not a crime – is to double down on defense cybersecurity.
David Simon, a cybersecurity expert and former Defense Department special adviser, said there must be consequences for those responsible for the attacks – and the Trump administration “has fallen far short of holding the Kremlin to account.”
“Until it becomes clear that the United States will impose significant costs on the liabilities, it is unlikely that we will see a fundamental change in the behavior of the Kremlin,” he said in an email.