WASHINGTON (AP) – All fingers point to Russia as the source of the worst hack by U.S. government agencies. But so far, President Donald Trump, wary of blaming Moscow for the cyberattacks, has been silent.
The lack of any statement that wants to hold Russia accountable calls into question the likelihood of a quick response and suggests any retaliation, whether through sanctions, criminal charges or cyber actions, will remain in the hands of incoming President-elect Joe Biden. .
“I imagine the incoming administration wants a menu of what the options are and then it will choose,” said Sarah Mendelson, a professor of public policy at Carnegie Mellon University and a former U.S. ambassador to the Economic and Social Council. UN. “Is there a graded aggression? Is there a total assault? How much do you want to get out the door? “
Of course, it’s not uncommon for administrations to refrain from blaming public accusations of hacker guilt until they accumulate enough evidence. Here, U.S. officials say they recently learned of the devastating violations of various government agencies in which foreign intelligence agents took root undetected for up to nine months. But Trump’s response, or lack thereof, is being closely monitored because of his concern about an unsuccessful effort to overturn last month’s election results and his refusal to publicly acknowledge that Russian hackers they interfered in the 2016 presidential election in his favor.
It is unclear exactly what action Biden could take or how his response could be shaped by criticism that the Obama administration did not act aggressively enough to thwart interference in 2016. He offered clues in a statement Thursday, saying his administration would be proactive in preventing cyberattacks. and impose costs on any opponent behind it.
U.S. government statements so far have not mentioned Russia. Asked about Russia’s involvement in a radio interview on Monday, Secretary of State Mike Pompeo acknowledged that Russia is constantly trying to penetrate U.S. servers, but that it quickly influenced China’s and Korea’s threats. North.
Democratic Sen. Dick Durbin and Richard Blumenthal, who were briefed Tuesday on the hacking campaign at a classified session of the Armed Services Committee, were unequivocal in blaming Russia.
There are other signs within the administration of a clear recognition of the severity of the attack, which happened after elite cyberspies injected malicious code into the software of a company providing network services. The civilian cybersecurity agency warned on Thursday in a consultative warning that hacking posed a “serious risk” to government and private networks.
One answer could begin with a public statement that Russia is believed to be responsible, already an assessment widely shared by the U.S. government and the cybersecurity community. These claims are often not immediate. It took weeks after the incidents were made public for the Obama administration to use North Korea for Sony Pictures Entertainment piracy in 2014 and then-national intelligence director James Clapper to confirm China as the “main suspect “of the Pirates of the Personnel Management Office.
Public denomination and shame are always part of the playbook. Trump’s former national security adviser, Thomas Bossert, wrote this week in a New York Times opinion piece that “the United States, and ideally its allies, should publicly and formally attribute responsibility for these hackers “. Republican Sen. Mitt Romney said in an interview on SiriusXM radio that it was “extraordinary” that the White House had not spoken.
Another possibility is a federal indictment, assuming investigators can accumulate enough evidence to implicate individual hackers. These cases require a lot of manpower and often take years, and while they may have little chance of processing in the courtroom, the Justice Department considers them to have powerful deterrent effects.
Sanctions, an honorable punishment in time, can lead to even more bites and Biden is sure to weigh them. President Barack Obama expelled Russian diplomats for the 2016 election interference and the Trump administration and Western allies took similar measures against Moscow for its alleged poisoning of an ex-officer in Britain.
Exposing the Kremlin’s corruption, including the way Russian President Vladimir Putin accumulates and hides his wealth, can lead to even more formidable retaliation.
“It’s not just an act of hacking or re-hacking their systems,” said Mendelson, the former ambassador. “It’s, ‘Let’s look for what really matters to you, and what really matters to you are the funds that are saved, and they reveal the biggest network and how it is connected to the Kremlin.’
The U.S. may also retaliate in cyberspace, a path facilitated by an authorization from the Trump administration that has already led to some operations.
Former national security adviser John Bolton told reporters in a 2018 briefing that offensive cyber operations against foreign rivals would now be part of the U.S. arsenal and that the U.S. response would cease to be primarily defensive.
“We can completely merge their home networks,” said Jason Healey, an academic in cyber-conflict at Columbia University. “And every time we see their operators show up they know we’re going to go after them, wherever they are.”
The U.S. Cyber Command has also taken more proactive measures, getting involved in what officials call “forward-hunting” operations that allow them to detect cyber threats in other countries before they reach the intended target. Military cyber combatants, for example, partnered with Estonia in the weeks leading up to the US presidential election in a joint operation aimed at identifying and defending Russia’s threats.
While the United States is also prolific in its offensive cyber intelligence collection (touching the phones of Allied foreign leaders and inserting spyware into commercial routers, for example), these efforts are measured compared to the infection of 18,000 government and private sector organizations in the SolarWinds hack, ”Healey said.
The best answer, since espionage itself is not a crime, is to triple defensive cybersecurity, Healey said.
David Simon, a cybersecurity expert and former defense attorney for the Department of Defense, said there should be consequences for those responsible for the attacks and that the Trump administration “has been very short on holding the Kremlin accountable.”
“Until it becomes clear that the United States will impose significant costs on opponents,” he said in an email, “there is likely to be no material change in the Kremlin’s behavior.”