In light of the intelligence report unequivocally attributing cyberattacks during the US presidential election to Russia, US President-elect Donald Trump must take stock of the magnitude and implications of the Kremlin’s actions, and react appropriately, according to John E. Herbst, director of the Atlantic Council’s Dinu Patriciu Eurasia Center.
“We are facing Mr. Putin, a world leader who is determined to weaken the American position, especially in Europe, but around the world,” said Herbst, a former US ambassador to Ukraine. “It’s very important the incoming administration recognize the seriousness of the problem and take decisive action to deter Russia aggression.”
On January 6, the US intelligence community released a report in which it concluded that Russian agencies, under the direction of Russian President Vladimir Putin, hacked into the servers of the Democratic National Committee (DNC) and released information with the intent of influencing the outcome of the US presidential election.
The Kremlin has denied the allegations, likening the intelligence report to a “witch hunt.”
E-mails from John Podesta, the chief of staff for Hillary Clinton’s presidential campaign, were released to WikiLeaks. Russian actors hacked the DNC “to undermine our elections, if not to push for Donald Trump as a winner in those elections,” said Herbst.
Trump has expressed skepticism about the report’s findings. However, on January 8, Reince Priebus, chief of staff for the president-elect, gave a statement saying Trump has accepted the findings of the report, and may take action in response. On January 10, legislation was introduced in Congress to impose more sanctions on Russia for its cyberattacks.
Herbst joined Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative; Jane Holl Lute, an Atlantic Council board director and chief executive officer at the Center for Internet Security; and Kenneth Geers, a senior fellow with the Cyber Statecraft Initiative, on a members call on January 9 to discuss the findings of the report, and its implications for the new administration’s stance toward cybersecurity and an increasingly revanchist Russia.
Lute said that “there’s a lot about what we are seeing and what we read in the report that is not new,” in particular an established pattern of Russian cyberattacks. Though there is an established pattern of the Kremlin’s use of cyberattacks to cultivate misinformation, “cyber fears have changed over the years,” said Geers.
“Everywhere you look… there are examples of attacks,” he said, adding, “If you’re in charge of any important network these days, you will be subjected to cyberattacks of a geopolitical source.” He said that cyber espionage is normal, when practiced in accordance with basic rules. However, “if you look at [the Russian hacking of the DNC] from an effects-based perspective, you can hardly get more serious that installing a US president in the Oval Office,” he added.
Geers emphasized the importance of deterrence in order to protect sovereignty and jurisdiction in cyberspace, two difficult and elusive concepts. “The US government, and other governments as well, will want to articulate some kind of deterrence,” he said.
Elections will be held in France, Germany, and the Netherlands this year.
Corman said there are a multitude of ways to influence the public consciousness, opportunities seized by the Russian government and its manipulation of the information gained through the hacking of the DNC servers.
According to Corman, there has been a great deal of conflation between the ideas of actually hacking vote tallies and ongoing propaganda and information operations. “In reality, as the US election shows us, social media may have been a much more malleable and lucrative space to operate than hacking a ballot box,” said Geers.
“We have not given the Russians a reason to stop,” said Herbst. “We have to establish a way to bring the cost to Moscow of aggressive cyber activity.”
In December, the Obama administration imposed new sanctions on Russian intelligence agencies, including individuals and entities, and expelled thirty-five Russian diplomats from the United States in response to the Kremlin-orchestrated cyberattacks. Kellyanne Conway, a senior adviser to Trump, called the US action a “disproportionate response” and predicted Trump would review the sanctions.
Ultimately, according to Herbst, “if we simply drop our hands… we are putting ourselves in an impossible situation that we cannot sustain.” Geers said that the United States “will see more attacks because… you press your advantage when your opponent is on their heels and you go for the throat.”
In light of the ongoing threat of attacks, it is essential that all stakeholders in connected technology take a firm stance on improving cybersecurity, said Lute.
“What is new is that we are now a fully integrated society online,” she said, claiming that the intelligence community’s stance on cybersecurity must change. “Bringing voting systems online and making more information available online, we have to confront our vulnerability,” she said. “It’s not as though the DNC appeared to have even made it hard for anyone who wanted to hack in.”
“We are the most dependent on connected technology of any nation,” according to Corman. However, he added, “we forget that we’ve got much more to lose.” Both Corman and Lute emphasized the importance of increased investment in the defense budget with regard to cybersecurity, as well as the need for all stakeholders to adopt cybersecurity hygiene regulations commensurate with the value of what is at stake.
“We should not be standing around waiting for the United States military to whisper in our ear,” said Lute. While the government and the military will “have a role to play,” she said, every enterprise needs to implement basic cyber hygiene. “Hygiene is not impossible. Good enough hygiene is not only possible, it’s essential,” she added.
Rachel Ansley is an editorial assistant at the Atlantic Council.