11 November 2016

Under the Din of the Presidential Race Lies a Once and Future Threat: Cyberwarfare


NOV. 6, 2016

President Obama at the National Cybersecurity and Communications Integration Center in 2015 in Arlington, Va. CreditStephen Crowley/The New York Times

MANCHESTER, N.H. — The 2016 presidential race will be remembered for many ugly moments, but the most lasting historical marker may be one that neither voters nor American intelligence agencies saw coming: It is the first time that a foreign power has unleashed cyberweapons to disrupt, or perhaps influence, a United States election.

And there is a foreboding sense that, in elections to come, there is no turning back.

The steady drumbeat of allegations of Russian troublemaking — leaks from stolen emails and probes of election-system defenses — has continued through the campaign’s last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

“Most of the biggest stories of this election cycle have had a cybercomponent to them — or the use of information warfare techniques that the Russians, in particular, honed over decades,” said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. “From stolen emails, to WikiLeaks, to the hacking of the N.S.A.’s tools, and even the debate about how much of this the Russians are responsible for, it’s dominated in a way that we haven’t seen in any prior election.”

The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access. Yet the lessons have ranged from the intensely personal to the geostrategic.

The latest news and analysis of the candidates and issues shaping the presidential race. 

Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. Election systems, the underpinning of democracy, seem to be at such risk that it is unimaginable that the United States will go into another national election without treating them as “critical infrastructure.”

But President Obama has been oddly quiet on these issues. He delivered a private warning to President Vladimir V. Putin of Russia during their final face-to-face encounter two months ago, aides say. Still, Mr. Obama has barely spoken publicly about the implications of foreign meddling in the election. His instincts, those who have worked with him on cyberissues say, are to deal with the problem by developing new norms of international behavior or authorizing covert action rather than direct confrontation.

After a series of debates in the Situation Room, Mr. Obama and his aides concluded that any public retaliation should be postponed until after the election — to avoid the appearance that politics influenced his decision and to avoid provoking Russian counterstrikes while voting is underway. It remains unclear whether Mr. Obama will act after Tuesday, as his aides hint, or leave the decision about a “proportional response” to his successor.

Cybersleuths, historians and strategists will debate for years whether Russia’s actions reflected a grand campaign of interference or mere opportunism on the part of Mr. Putin. While the administration has warned for years about the possibility of catastrophic attacks, what has happened in the past six months has been far more subtle.

Russia has used the techniques — what they call “hybrid war,” mixing new technologies with old-fashioned propaganda, misinformation and disruption — for years in former Soviet states and elsewhere in Europe. The only surprise was that Mr. Putin, as he intensified confrontations with Washington as part of a nationalist campaign to solidify his own power amid a deteriorating economy, was willing to take them to American shores.

The most common theory is that while the Russian leader would prefer the election of Donald J. Trump — in part because Mr. Trump has suggested that NATO is irrelevant and that the United States should pull its troops back to American shores — his primary motive is to undercut what he views as a smug American sense of superiority about its democratic processes.

Madeleine K. Albright, a former secretary of state who is vigorously supporting Hillary Clinton, wrote recently that Mr. Putin’s goal was “to create doubt about the validity of the U.S. election results, and to make us seem hypocritical when we question the conduct of elections in other countries.”

If so, this is a very different use of power than what the Obama administration has long prepared the nation for.

Four years ago, Leon E. Panetta, the defense secretary at the time, warned of an impending “cyber Pearl Harbor” in which enemies could “contaminate the water supply in major cities or shut down the power grid across large parts of the country,” perhaps in conjunction with a conventional attack.

That is still a risk, of course — one that the Pentagon and its United States Cyber Command spend billions of dollars trying to deter. Yet America’s main adversaries know those steps would constitute an act of war, most likely prompting an overwhelming military response.

What has come instead — doling out stolen emails, testing the defenses of the voting system — clearly caught the administration off guard.

“The unprecedented use of cyberintrusions to influence this election should galvanize our country to act,” said John P. Carlin, who left the Justice Department two weeks ago as assistant attorney general for national security, a post in which he helped oversee legal responses to major Chinese and Iranian attacks on American banks and other institutions. “Whoever is elected, how to regulate, defend and deter in cyberspace must be at the top of the national security agenda.”

Yet he noted that “in a campaign where cyberintrusions and threats dominated the news more than any other in American history, there has been surprisingly little discussion on how our country should confront the problem going forward.”

The severity of the challenge has been particularly evident even in the final days of the campaign.

The Department of Homeland Security invited reporters on Friday to tour its war room, a vast monitoring center that is buried deep in a nondescript building in Virginia and is connected to the National Security Agency and sensors running through government networks. The center is supposed to be the internet equivalent of the giant North American Aerospace Defense Command in Cheyenne Mountain, just outside Colorado Springs, which opened almost exactly 50 years ago to scan the skies and warn of incoming Soviet nuclear missiles.

The National Cybersecurity and Communications Integration Center is expected to do the same thing, but its vision is limited to federal computer systems. Officials conceded that if a foreign power began tinkering with the registration rolls or vote-tallying systems on Tuesday — a process run by the states — it was unlikely that direct evidence would show up on the center’s screens.

“Our partners would have to call us,” one senior official conceded.

Here on Sunday night in the battleground state of New Hampshire, Mrs. Clinton held one of the final rallies of her campaign just miles from the headquarters of a company that was taken out two weeks ago in a “denial of service” attack that paralyzed websites along the East Coast.

Officials at the company, Dyn DNS, and others like it are frantically looking for ways to ward off another attack on Election Day out of fear that it could freeze up websites used for getting out the vote, showing people how to get to polling places or reporting results.

And just a few hours before she arrived here, Mrs. Clinton got news that the F.B.I. director, James B. Comey, had informed Congress that his agency’s review of the latest batch of her emails, found on the computer of former Representative Anthony D. Weiner of New York, the estranged husband of one of Mrs. Clinton’s top aides, did nothing to change his view of the case.

Mrs. Clinton’s decision to use a private email server, of course, was the original digital act of this election season — the decision by Mrs. Clinton that, to keep her personal emails private, she would conduct her government business from a private server.

Mr. Comey has never conclusively determined whether the Russians, or any other foreign power, broke into that server, which was kept in the Clintons’ home in Chappaqua, N.Y. But the Russians had been behind many other break-ins, his investigators noted, including of the unclassified systems of the State Department, the White House and the Joint Chiefs of Staff. If they skipped Mrs. Clinton’s server, one investigator noted, it must have been an oversight.

No comments: