2 August 2016

U.S. Wrestles With How to Fight Back Against Cyberattacks

By DAVID E. SANGER
JULY 30, 2016

President Obama during a visit to a government cybersecurity center in Arlington, Va., in 2015.CreditStephen Crowley/The New York Times

ASPEN, Colo. — It has been an open secret throughout the Obama presidency that world powers have escalated their use of cyberpower. But the recent revelations of hacking into Democratic campaign computer systems in an apparent attempt to manipulate the 2016 election is forcing the White House to confront a new question: whether, and if so how, to retaliate.

So far, the administration has stopped short of publicly accusing the Russian government of President Vladimir V. Putin of engineering the theft of research and emails from the Democratic National Committee and hacking into other campaign computer systems. However, private investigators have identified the suspects, and American intelligence agencies have told the White House that they have “high confidence” that the Russian government was responsible.

Less certain is who is behind the selective leaks of the material, and whether they have a clear political objective. Suspecting such meddling is different from proving it with a certainty sufficient for any American president to order a response.

Even if officials gather the proof, they may not be able to make their evidence public without tipping off Russia, or its proxies in cyberspace, about how deeply the National Security Agency has penetrated that country’s networks. And designing a response that will send a clear message, without prompting escalation or undermining efforts to work with Russia in places like Syria, where Russia is simultaneously an adversary and a partner, is even harder.

The Russians tried to make it tougher still on Saturday when they declared that they had found evidence of American activity in their government systems.

It was hardly a shocking revelation; anyone who leafed through Edward J. Snowden’s revelations saw evidence of daily efforts to break into Russian spy agencies, nuclear installations and leadership compounds.

But in a talk on Friday evening at the Aspen Security Forum, an annual gathering that draws many of the nation’s top intelligence and military officials, John O. Brennan, the director of the Central Intelligence Agency, made clear that while spying on each other’s political institutions is fair game, making data public — in true or altered form — to influence an election is a new level of malicious activity, far different from ordinary spy vs. spy maneuvers.

“When it is determined who is responsible for this,” Mr. Brennan said, choosing his words carefully to avoid any direct implication of Russia, there “will be discussions at the highest levels of government about what the right course of action will be. Obviously interference in the U.S. election process is a very, very serious matter.”

The Russia problem is thorny, and persistent. Just four months into his presidency in 2009, President Obama and his top national security advisers received a warning from American intelligence agencies: Of all the nations targeting America’s computer networks, a National Intelligence Estimatewarned, Russia had the most “robust, longstanding program that combines a patient, multidisciplinary approach to computer network operations with proven access and tradecraft.”

Mr. Obama might have been a bit distracted at the time. While setting up his new administration, he was also learning the dark arts of cyberwar, descending into the Situation Room to oversee a complex American-Israeli offensive operation to disable Iran’s nuclear centrifuges. He expressed concern to his aides that the operation would help fuel the escalation of cyberattacks and counterattacks.

The concern was justified. Since then, Iran has attacked Saudi Arabia, Russia has brought down a power grid in Ukraine, the North Koreans have attacked the South. The list gets longer every month.

But deterrence has been spotty. In the Democratic National Committee case, two senior administration officials spoke on the condition of anonymity to discuss the options, ranging from countercyberattacks on the F.S.B. and the G.R.U., two competing Russian spy agencies at the center of the current hacking, to economic, travel and other sanctions aimed at suspected perpetrators.

At the event in Aspen on Saturday afternoon, Lisa O. Monaco, Mr. Obama’s homeland security adviser, sidestepped specific discussion of the D.N.C. hacking but acknowledged that the administration might soon have to consider whether the United States’ electoral system constitutes “critical infrastructure,” like the power grid or the cellphone network.

“I think it’s a serious question,” she said, especially if there is “coercion, destruction, manipulation of data.” Ms. Monaco noted that whenever the United States thinks about retaliation, “the danger of escalation and misinterpretation is such that we have to be responsible about it.” But she also said that if an event were serious enough, “we have to be very clear we will respond.”

The cost of doing nothing could be high. As the United States and other nations move to more electronic voting systems, the opportunities for mischief rise. Imagine, for example, a vote as close as the 2000 presidential election between George W. Bush and Al Gore, but with accusations about impossible-to-trace foreign manipulation of the ballots or the vote count, leaving Americans wondering about the validity of the outcome.

For Mr. Obama, the president who has done the most to raise alarms about the risks of cyberattacks and the most to build up the United States Cyber Command, this territory is fraught with politics, intelligence trade-offs and questions of American values.

“I think that the administration needs to be ironclad on the evidence here to convince the American people that this is about policy, not politics,” said Jason Healey, a scholar at Columbia University who specializes in cyberconflict between nations. “This has got to be about defending a constitutional process, not a party.”

Last week, two California Democrats who specialize in intelligence issues, Representative Adam B. Schiff and Senator Dianne Feinstein, sent Mr. Obama a letter urging him to make public the intelligence assessments on the Democratic National Committee hacking.

Mr. Obama often says the world of cyberconflict is still “the Wild West.” There are no treaties, no international laws, just a patchwork set of emerging “norms” of what constitutes acceptable behavior.

For example, Mr. Obama has pressed President Xi Jinping of China to work with the United States and other nations to develop rules about the theft of intellectual property, and about not interfering with a nation’s efforts to bring attacked systems back online. Attacking another nation’s power grid in peacetime is considered out of bounds.

But every new case brings a new and imaginative way to weaponize cyberpower. Until November 2014, when North Korea hacked into the computers at Sony Pictures Entertainment in retaliation for a comedy that portrayed a C.I.A. plot to assassinate Kim Jong-un, the country’s leader, no one seriously considered a movie studio to be “critical infrastructure.”

Yet the attack on Sony — which melted down 70 percent of its computing power — was the only case that brought the president to the White House press room to accuse another nation of launching a deliberate cyberattack, and to promise retaliation. Mr. Obama said he was driven to go public by the fact that North Korea was trying to suppress free speech and intimidate Americans with threats if they went to the theater.

It is unclear how the United States may have retaliated against the North in secret, if it even did so. But the public punishment, the announcement of some mild economic sanctions, seemed highly ineffective. They were lost in the sea of other sanctions imposed on the North since the signing of the armistice that halted, but did not end, the Korean War 63 years ago.

Yet the decision to name North Korea — a country with which the United States does no other real business — was an outlier.

China was never formally named in the theft of the security clearance files on more than 21 million Americans, revealing fingerprints, personal financial details and the personal data about family, friends and former lovers. To James R. Clapper Jr., the director of national intelligence, that was not an “attack,” it was just very good espionage. Given the chance, he said last year, “we would have done the same thing.”

Similarly, the administration decided not to call out Russia when the same intelligence agencies implicated in the D.N.C. attack were believed to be behind the siphoning of tens of thousands of unclassified emails from the systems of the State Department and the White House. There was also a more targeted cyberespionage operation, which investigators attributed to the same actors, aimed at the Joint Chiefs of Staff. But again, it was considered within the bounds of spy vs. spy.

Speaking at the Aspen forum on Thursday, Mr. Clapper, while stepping around who had conducted the hacking, said that in Mr. Putin’s mind, the United States had meddled in Russian politics, in Ukraine and Georgia — all part of former Soviet territory. (Mr. Putin complained that Hillary Clinton, in 2011, helped spark protests over a Russian parliamentary election that the United States considered riddled with voter fraud.)

“Of course they see a U.S. conspiracy behind every bush and ascribe far more impact than we’re actually guilty of, but that’s their mind-set,” Mr. Clapper said. “And so I think their approach is they believe we are trying to influence political developments in Russia, trying to effect change, and so their natural response is to retaliate and do unto us as they think we’ve done unto them.”

He later described Mr. Putin as “paranoid” and said “he is less of a throwback to the Communist era, than to the czars.” He added later: “He wants to be seen as the leader of a great power, coequal with the United States.”

No comments: