US President Donald Trump’s statement on Saturday contradicting all his cyber and law enforcement agencies, as well as his loyal Secretary of State, Mike Pompeo, about Russia’s massive cyberattack on the US, has probably crossed into dangerous territory.
That danger is that the Trump is refusing to name the country that has escalated cyber war against America to unprecedented proportions.
Trump has declared that “everything is under control” when all experts have said that the damage may take months or years to calculate.
How can the US fight back when its leader is actively trying to pull its punches against its current lead cyber adversary?
Hours after Pompeo on Saturday confirmed leaks by all of Trump’s cyber and law enforcement officials that Moscow was the culprit and that the hack had infiltrated even American nuclear agencies, Trump brushed it all off.
He wrote on Twitter: “The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control.”
“Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),” he continued.
Trump is probably correct that these days, Democrats are happier to blame Russia for national security problems, and Republicans are happier to blame China.
This dynamic, if it politicizes national security, may turn out to be a tragedy for both parties since the truth is that both countries have taken major cyber shots at the US in different ways.
Also, there will be a permanent, substantive debate in US politics about whether the FBI’s Russia probe of Trump and his campaign aides during the 2016 election, with many being convicted of crimes involving Moscow, but not specifically election collusion, was the right call.
Moreover, it is true that about five years ago, China undertook a massive hack of the US government and regularly uses cyber capabilities to seize US technology and data.
But the cyber and law enforcement people in place now, and Pompeo, all of whom have this time named Russia as the attacker, are as loyal as Trump could ever hope for.
During the course of the hack, which dates back to March, some of the most sensitive personnel and operations in the US, including at least two US nuclear agencies, have been exposed.
It started in early December with an announcement by Fireye, a top cyber security firm that usually blocks and diagnoses attacks from Russia, Iran and other cyber powerhouses, that it had suffered an unprecedented hack.
Now, Russia can use Fireye’s tools to hack the US at will.
But within days, it turned out that Fireye was only hacked because its trusted third-party software supplier SolarWinds that had been hacked sometime in March. SolarWinds also supplies software to many US government agencies and top companies.
US nuclear agencies, the US Department of Homeland Security (DHS), the Pentagon, the Treasury Department, the Commerce Department, the National Institutes of Health and a host of other agencies, have announced they were compromised.
That means that Russia has access to the US’s cyber defense strategy, to aspects of the nuclear weapons program, to coronavirus vaccine issues and much other critical data.
Both US and Israeli experts have made it clear that the time, investment and sophistication in these attacks was far behind anything they had seen before.
A hack of the NSA’s cyber tools in 2016 is being tossed around as comparable, with that costing an estimated $10 billion once Russia and North Korea turned the NSA’s tools on the West.
Trump’s national security adviser, Robert O’Brien, even cut short a European trip on Tuesday and rushed back to Washington to deal with the attack.
Even before this attack, while the US has improved its cyber efforts since 2016, US Cyber Command chief Gen. Paul Nakasone said in July that American cyber efforts are underfunded if there is a desire to take a more offensive posture. His predecessor, Keith Alexander, has concurred.
The questions which should be consuming Trump in his final days in office is how to defend the US’s digital space and what counter strikes, cyber or even military-physical, are needed to deter similar future potential mega cyberattacks.
But neither full-fledged defending or offense is possible when the Commander-in-Chief contradicts his entire administration about the attacker’s identity.
At this point, it seems that the real response will be left to the incoming Biden administration, although a five-week delay in responding is plain dangerous.
It will already show American weakness at a time when probably the only way to force Russia to reduce its cyberattacks is some kind of escalated retaliation.
Trump is correct that the US must also be ready to respond to China when its next round of cyberattacks come.
But that is beside the point.Unless Moscow worries that the cost of attacking the US and stealing crucial classified data, even in the nuclear arena, is too steep, there will be no reason for it to stop.