22 October 2016

What Options Does the U.S. Have After Accusing Russia of Hacks?


By DAVID E. SANGER and NICOLE PERLROTH 
OCTOBER 8, 2016 

President Obama and top officials are proceeding cautiously after formally accusing Russia of trying to meddle in the election. 

WASHINGTON — Now that the White House has formally accused Russia of meddling in the presidential election with cutting-edge cyberattacks and age-old information warfare, devising a response might seem fairly easy: unleash the government’s cyberwarriors to give the Kremlin a dose of its own malware.

Technologically, that would not be too difficult, American officials say. But as a matter of strategy and politics, formulating the right kind of counterstrike is not that straightforward.

President Obama’s options range from the mild — naming and shaming the Russians, as he did on Friday — to the more severe, like invoking for the first time a series of economic sanctions that he created by executive order after North Korea’s attack on Sony Pictures Entertainment. The Justice Department could indict the Russians behind the attacks on the Democratic National Committee and the email accounts of prominent individuals, as it did with members of China’s People’s Liberation Army, who have been charged with stealing industrial secrets.

The Run-Up

The podcast that makes sense of the most delirious stretch of the 2016 campaign. 

Or Mr. Obama could sign a secret intelligence finding — similar to many he has issued to authorize Central Intelligence Agency efforts in Syria or drone strikes against the Islamic State — to attack and disable Russian computer servers or expose the financial dealings of President Vladimir V. Putin and his oligarch friends.

While the last option is tempting, officials say, it would carry risks with the election just a month away. Attacks on online voter registration rolls could sow chaos at polling places, and the election infrastructure has never truly been tested against a power like Russia. The system that underpins American democracy is not even listed as an element of the nation’s critical infrastructure, a list that includes movie theaters and the Jefferson Memorial, among other monuments.

Just as Henry Kissinger and other American strategists argued decades ago whether it was possible to wage a limited nuclear war, officials at the Pentagon and intelligence agencies, as well as outside experts, have been debating whether it is possible to control the escalation of a cyberconflict.

In the nuclear era, seven decades passed with no answer, despite some close calls. Online, where the damage is less lethal but cheap, and attacks are hard to trace and easy to carry out, Mr. Obama and other top officials are proceeding cautiously. Well-armed cyberpowers face few limits to their ability to escalate attacks. And it is unclear how the United States can establish what the generals call “escalation dominance” — the assurance that America can ultimately control how a conflict ends.

Michael J. Morell, a former deputy director of the C.I.A. and a veteran of many debates on the growing cyberweapon arsenal in the Bush and Obama administrations, said on Saturday that the American response had to strike at something that Mr. Putin held dear. But, he added, unleashing a counterattack may not be the answer.

“Our response needs to be proportionate to the attack,” said Mr. Morell, who now advises Hillary Clinton on national security matters and is widely believed to be in line for a top intelligence post if she is elected president. Criminal indictments and sanctions against individuals “are only a slap on the wrist,” he said, adding that “offensive cyberactions can’t be seen and are inconsistent with the norms we want to set in the world on cyber.”

Mr. Morell advocated two approaches: deep sanctions on the entire Russian economy and an “aggressive Voice of America program in Russian to tell the Russian people that Putin is only interested in his own aggrandizement” and is threatening the only hope for the country’s economy: integration with the West.

But the challenges, as Mr. Morell acknowledges, are clear. Europe is unlikely to go along with sanctions if that means cutting off their access to the Russian gas that keeps them warm. And Voice of America programs, a relic of the Cold War, are slow to work, if they can work at all in the internet age.

At its core, the problem that the Obama administration faces is this: What the Russians have done in hacking into American political institutions — and perhaps accessing voter registration rolls — is a digital form of hybrid warfare. In Ukraine, this took the form of Russian soldiers engaging in quiet guerrilla actions out of uniform to undermine the government. (Russia also turned off the electric grid in part of Ukraine last December, mostly to show that they could.)

Leaking emails and phone conversations, and generally stirring chaos around elections, have been a well-honed Russian art form in Europe, especially in former Soviet states. Such actions walk the line between harassment and low-level state-versus-state conflict. Now, they have come to American shores.

That, at least, was the assessment of the director of national intelligence and the Department of Homeland Security on Friday, though they did not show their evidence. “We believed, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” the statement said.

In background conversations, officials strongly hinted that the evidence had come, in part, from data collected by the National Security Agency’s implants in foreign computer networks, presumably including Russia’s.

The question, said James Lewis, a former government official who specializes in cybersecurity, espionage and warfare at the Center for Strategic and International Studies in Washington, is how to deter future attacks while maintaining escalation dominance.

“We don’t necessarily want to start a war with Russia,” he said.

Mr. Lewis said he doubted that using intelligence findings to embarrass Mr. Putin — leaking details of his financial dealings, his personal life or his relationships with the moneyed elite who help keep him in power — would be the solution.

“If we couldn’t deter Moscow from going into the Ukraine, we’re not going to deter them from hacking us,” Mr. Lewis said.

For a declining power like Russia, whose economy has been battered by falling oil prices and economic sanctions, cyberattacks are an easy answer. They usually happen below the radar. And for the past two years, Russian hackers operating at the behest of, or directly for, the state have had a string of successes against foreign targets, even testing the limits of the American doctrine that destructive hacking attacks could be considered acts of war.

Russian hackers were identified by German intelligence officials as the culprits behind a cyberattack that damaged a blast furnace owned by ThyssenKrupp, Germany’s biggest steel maker. Forensics experts discovered malware in the plant’s system that had previously been tied to a well-known Russian espionage group.

That same group was later found to be responsible for a cyberattack on a major French television network, TV5Monde, last year that brought down the station for several days and cost tens of millions of dollars in repairs. And the Russian group, known in the cybersecurity community as APT28 or Fancy Bear, was responsible for a string of cyberattacks on the White House, the State Department and the Joint Chiefs of Staff.

Mr. Obama decided not to name the Russians in those attacks. “The Russians have had a string of unbroken successes against U.S. targets, and they haven’t paid much of a price,” Mr. Lewis said. That may have created an impression in the Kremlin that cyberattacks would carry no consequences.

The deeper concern is that Russia, like other major powers, has a long playbook ready for potential future attacks. Security experts point to evidence that a well-funded Russian hacking group, known as Energetic Bear, has been probing the networks of power grid operators and energy and oil companies in the United States, Europe and Canada. That could be exploration — or it could be preparation of the battle space in the event of a future conflict.

This summer, hackers calling themselves the Shadow Brokers released a trove of N.S.A. tools that the agency had used to break into and spy on foreign networks. Though it is not yet clear who was behind the attack, some speculated that an N.S.A. insider had leaked the trove, while others said it may have been Russian state-sponsored hackers putting the United States on notice.

Mr. Obama seems likely to invoke some kind of financial sanctions under the new executive order, which allows the Treasury secretary to freeze the financial assets of individuals tied to hacking attacks or prevent them from conducting financial transactions.

The White House considered applying the sanctions against the Chinese companies and individuals involved in the hacking of the Office of Personnel Management last year, but ultimately decided against it after China pledged that it would not conduct economic espionage against the United States and arrested several individuals.

But a similar deal with Russia seems hard to imagine. “How can we choose not to use the sanctions?” Mr. Lewis said. “The question is if we name and punish these guys, will Russians take the hint? My sense is no.”

David E. Sanger reported from Washington, and Nicole Perlroth from San Francisco.

No comments: