How To Win The Cyberwar Against Russia

Uploaded on 2016-10-27 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, NEWS-News Analysis, TECHNOLOGY--Hackers

The basic facts about Russia’s election-year hacking of the American political system are clear. For more than a year, the Russian government has repeatedly infiltrated the computers of both parties’ presidential campaigns to steal data and emails to influence the outcome of the election.

In response, the Obama administration has promised a “proportional” response against Russia.

What’s much less clear is what a “proportional” response could mean. This is an unprecedented situation for the American national security establishment — which means the Obama administration’s response will set a precedent for future foreign-directed cyber-plots.

The first thing the US government will have to determine is whether the Russian actions rise to the level of an attack, something that would require a direct US response. There are many examples of cyber-infiltration that fall short of that designation, qualifying rather as nuisance activities or even garden-variety espionage. The activities in question, however, cross an important political and operational threshold by attempting to influence the American public on behalf of one of the candidates for the presidency. Most egregiously, the release of internal Clinton campaign emails violates a wide variety of US laws, and the potential release of material related to her email server investigation late in the campaign season could have extraordinary impact on the election.

These are actions that affect the heart of the US democratic process. They may not exhibit physical damage of the sort that we saw in North Korea’s attack on Sony Pictures, which did millions of dollars of damage to hardware. But the political and symbolic meaning of Russia’s actions nonetheless elevate them to something requiring a response.

When an attack has been identified, the next step is to attribute it, to determine whom to hold responsible. US intelligence officials seem to have already done this, at least to the satisfaction of the White House. But it’s worth remembering that attribution is especially challenging in the world of cyber-conflict. 

The Russians have managed to cling to a veneer of deniability, at least in public, by relying on a clever pattern of cut-out agents, ranging from Russian cyber-criminals to WikiLeaks founder Julian Assange. This is a version of the hybrid warfare we’ve seen used so effectively in the attacks in Ukraine and the annexation of Crimea, essentially using the cyber-equivalent of the unmarked soldiers (so-called little green men) that led the fight into Ukraine.

After attribution, the final step is to craft a response. The cyber-sphere is not immune to the universal legal norms that require a nation to respond to an attack in proportional fashion. In other words, you can’t destroy the Russian electric grid in response to email hacks. From a strategic perspective, the response should also be timely (although at a time and place of the responder’s choice) and distinctive, that is, it should bear a clear and specific relationship to the original attack that is recognizable to all.

With all this in mind, there are a variety of responses that the Obama administration should be considering against Russia. The first response should be a definitive exposure of the Russian government’s presumably high-level involvement in the attacks. The US case against Russia may be convincing, but the White House has chosen so far to keep parts of it classified.

Revealing the names of the officials who authorized the cyberattacks against the United States would put Moscow in an extremely uncomfortable position. Ideally, the United States could reveal emails or conversations between Russian officials that demonstrated their intent to undermine the US electoral process. Such revelations would likely lead to UN condemnations and further economic sanctions against Russia, inflicting additional damage to its economy. They would also potentially expose US intelligence sources and methods, but there are ways to sanitize the material to minimize those risks.

Second, the United States could undermine the Russian government’s reliance on a wide variety of cyber tools to censor the web within its own country by exposing them to the public. While not actively manipulating the Russian web, the National Security Agency could “out” the code and tool sets used by the Kremlin, thus permitting activists (and citizens) to avoid the manipulation and censorship more effectively. As a response to the Russian attacks on the US democratic system, this would be both proportional and distinctive.

A third and more aggressive approach would be to use US cyber-capabilities to expose the overseas banking accounts and financial resources of high-level Russian government officials, up to and including President Vladimir Putin, who is widely rumored to hold billions of dollars in offshore accounts shielded from his public. While Washington should refrain from destroying or manipulating financial records, which would be an escalation, simply exposing the level of corruption among the officials who authorized the political cyberattacks in the United States would be strategically and morally sound.

Fourth, the United States could use its own offensive cyber-tools to punish Russian hackers by knocking them off-line or even damaging their hardware. This response would be open to objections that it represents an unwarranted escalation. But under prevailing international law, if a nation has information of a nexus of offensive activity, has requested it to stop, and the offending nation declines to do so, that offensive center is liable for attack. The burden of proof for attribution would be higher in crafting such a response; it would be viable only if Washington had definitive information on the command and control centers that launched the hacking activity. But given the brazen level of Russian activity, this at least warrants a serious discussion by the US government.

Fifth, and finally, the United States should think about how our allies can be helpful in this situation. NATO partners have significant capability and could be helpful in much of this.

All democratic nations have a stake in pushing back against this blatant interference in the democratic political process.

All of this should be done in a very careful, measured fashion. The potential for miscalculation and escalation is high. But that potential pertains both to a possible overreaction as well as an under-reaction by the US government. 

The president and his senior national security and economic teams will have to seriously deliberate on a course of action. And the NSA and US Cyber Command should prepare to carry out whatever actions they settle on. (Whatever else happens, these events have already proved why it’s to everyone’s benefit that Cyber Command will soon be elevated by the military to the status of a full combatant command.)

An old Russian saying is: “Probe with bayonets. If you encounter steel, withdraw. If you encounter mush, continue.” The bayonets of today are the bits of the cyber-sphere.

The United States needs to show some steel or face much worse to come.

Foreign Policy

 

« Meet The Fancy Bears
Europol Warning: Crypto-Ransomware Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.