Cyber hackers [illustrative].
Bizarre became surreal this week when the Obama administration expelled 35 Russian diplomats and closed two central Russian facilities in the US in response to Russian cyber interference in the US election, and Russia responded with New Year’s invitations to US diplomats’ children.
Since October, the US intelligence community had concluded that Russia interfered in the US presidential election.
President-elect Donald Trump continues to contest that conclusion, especially the seemingly close to unanimous additional conclusion that the purpose of the cyber attacks was to help him.
Some analysts do say that it is unclear if Russia was trying to get Trump elected or just to weaken Hillary Clinton, whom most expected to win the election.
As early as October, Vice President Joseph Biden promised covert responses to Russian hacking, and President Barack Obama has echoed the threat, including on Thursday – saying that the diplomats’ expulsion was only one measure.
Yet, the absence of a public cyber response by Obama, or at least the leaking of reports that Russia suffered a recent cyber attack without anyone publicly taking responsibility, shows that the outgoing administration never settled on an effective counter-attacking strategy.
In contrast, while the US never publicly confirmed it, analysts agree that 10 hours’ disruption of North Korea’s Internet in December 2014, an attack which did become public, was the Obama administration’s response to North Korea’s hacking of Sony’s computer systems.
There have not been reports of major hacks by North Korea against the US since then.
Of course, maybe the US has already hit Russia with covert cyber attacks and the Russians are keeping it quiet to avoid embarrassment. But usually someone leaks details of a major successful attack, even if there is never an official confirmation.
There is reason to think that any US cyber counter-attacks have been or will be limited.
Numerous media reports, which were clearly the product of off-record briefings by US officials, repeatedly emphasized the concern not to overreact to massive cyber attacks by China and Russia.
If the test of a counter-punch is whether the puncher continues to hit you or back-off, then the Obama administration’s strategy has failed: there are no signs that Russia or China have stopped cyber punching the US.
Much of the media are covering the last Obama-Putin exchange as Vladimir Putin either outfoxing Obama by looking magnanimous or Putin taking a hit to try to set relations with Trump on firmer footing.
But the fact is that Obama’s actions, as public and loud as they were, in no way drew cyber or diplomatic blood at a level that would really bother Putin or alter his cyber policy regarding the US.
How could Obama have brought the cyber pain to Russia a bit more acutely (or be bringing it if it is being done covertly)? The US could attack finances and hard drives, expose where hackers operate in the “dark web” and reveal classified material belonging to Russia’s intelligence community, such as the FSB and the GRU.
Further, US cyber operatives could initiate attacks to bring down websites or networks and manipulate their data, including hacking into private companies linked to Putin and to Russian intelligence.
The US could go further and bring down wider swaths of Russia’s Internet, sabotage noncritical infrastructure or even carry out targeted military cover operations.
With many observers saying the US’s attempts to formulate policies to deal with this newer and more aggressive cyber hacking era have failed to date, top US Republican Senator John McCain will hold hearings on Thursday as Congress starts to weigh in more strongly.
It is unclear where the even greater focus on cyber policy will lead, particularly with the complication of Trump disagreeing with much of his own party about how to treat Russia’s attacks.
To taking a page out of Middle East power dynamics and Israeli strategy, sometimes proportionality is perceived as weakness and aggressors only back down when the counter- attack is disproportionate.
Since cyber weapons can be used even disproportionately without endangering lives and with the hawkish wing of the Republican Party in Congress getting more involved, US cyber policy will very likely become more aggressive.
Relevant to your professional network? Please share on Linkedin