US cyber efforts need to focus on blocking “Russia and other adversaries from causing chaos” in elections, Obama administration cyber chief Michael Daniel told The Jerusalem Post.
Daniel, now president of the Cyber Threat Alliance, spoke to the Post on Monday, on the sidelines of the Tel Aviv University cyber conference, both about future threats and how he and the Obama team handled past cyber issues.
Regarding whether he and the Obama team could have retaliated more strongly against Russia’s hacking of the 2016 US presidential election, he said “deterrence policy in general is still at a very early stage of how to do” it correctly.
Mild-mannered and professorial, but with an unmistakable command of the cyber arena, he explained that “part of the issue is that deterrence came to mean a very specific thing during the Cold War,” mainly theory dealing with nuclear weapons.
Cold War era nuclear deterrence models “are not very useful” for a multipolar cyber threats world, he said.
Daniel did admit that, “from my limited vantage point, I would have preferred to push back harder. But I don’t want to second guess folks looking at the broader context.”
Explaining some of the roadblocks the Obama administration ran into in responding to Russia, he said though “I am no stranger to politics... I was shocked from the response from [US] states” rejecting federal intervention once federal intelligence agencies discovered Russian hacking.
“Folks at the top, the president and [then-White House chief of staff Denis] McDonough had that lenses and were seeing something that was very real” in terms of resistance by Republicans and Republican-run states to characterizing Russia as hacking the election and more on Trump’s side.
Also, he said overreacting to Russia’s hack “could do their work for them by casting doubt on the confidence in the elections.”
As a first principle in improving responses, he said, “deterring cyber with cyber might not be the most effective tool. You might want to incorporate all aspects of your national power to impose costs on an adversary as well as using cyber capabilities to address non-cyber issues.”
Any response to Russia’s cyber attacks needs to be “put in the full context of relations with Russia... We need to push back hard on the Russians in a number of arenas including diplomatic, but also by building coalitions with like-minded to respond collectively,” just as a coalition opposed Russia’s actions in Crimea, he said.
The former cyber chief said it was important to understand what “the Russians are seeking” and to figure out “how do you work with them in a way that does try to address their security concerns..., though it doesn’t mean you cave in to” them.
Asked if the US should rewind to using non-electronic voting machines to sidestep the hacking threat, Daniel said that voting machines are “only part of it. I am a strong supporter that there should be a suitable paper trail... but there are a lot of entry points” to impact election results and sow chaos.
Next, he was asked whether it was problematic that in speeches earlier at the same conference, two top Trump administration officials on cyber issues, Rob Joyce and Thomas Bossert, had failed to mention elections when listing critical infrastructure and had failed to mention Russia’s hacking.
Daniel pointed out that Obama’s Homeland Security Secretary Jeh Johnson had already made elections critical infrastructure under law.
Also, after all of the political jousting over Russia’s cyber attacks on the US, he said that on most issues, Trump’s cyber executive order is continuing Obama’s policies.
One difference is the Trump cyber team has said it may forgo continued efforts to cooperate through the UN to combat cyber attacks and form outside coalitions. But Daniel said that he and Obama’s team might have considered this path also.
Moving on to discussing his current endeavor with the Cyber Threat Alliance, he said his organization is an “attempt by the cyber security industry to stop talking about threat intelligence sharing and to start doing it.
“At our heart, the CTA built a platform to enable members to share threat intelligence at speed and at scale in standard formats,” he said.
Members’ “products and services will be better. You can draw on a pool of information and we can take that information to build playbooks of an adversary. How does an adversary think about coming to the game?” Using that information, Daniel said that CTA’s members along with the US government can defend better and even try to disrupt cyber attackers’ business model, including their financing.
Currently, CTA has 12 members with it only having been fully launched this past January, and Daniel expects to get to 40-50 members within a couple of years. There are already two to three dozen potential members in the pipeline, he said.
CTA is part of what brought Daniel to Israel, with major Israeli company Check Point being a founding member.
Asked about Israel’s impact on the cyber arena, Daniel said, “It is really fascinating. Israel has leveraged real assets it has and has punched well above your weight class.
“The level of innovation going on here, building the technological village in Beersheba, that’s some really impressive work. The innovation scene is really strong here and this is one of the big cyber security conferences,” he said.