As more information is released about the hack on the DNC servers – and I don’t mean the dribbling out of emails with people’s personal identifying information (PII) at Wikileaks – it is becoming much, much clearer that the attacks were broader and deeper than originally estimated. As has been reported, the FBI is investigating the attack as an act of cyber espionage. Specifically, that the hack is a Russian Intelligence cyber operation and US government officials have begun to speculate that it was done to impact the upcoming Presidential election in a manner preferred by the Russian government and Vladimir Putin. This has also been suggested by Clinton campaign officials. CNN has reported this morning that the DNC was warned by US government officials of the weakness of their system during a time period when similar attacks were being made against the White House and other US government systems. Russia seems to be intensifying its attacks against US cyber systems similar to state sponsored active measures used to achieve political effects:
“The release of emails just as the Democratic National Convention is getting underway this week has the hallmarks of a Russian active measures campaign,” David Shedd, a former director of the Defense Intelligence Agency, told The Daily Beast. Shedd said that additional leaks were likely, echoing an opinion expressed by U.S. officials and experts who said that the release of emails on Friday may just be an opening salvo.
It is important to note that despite the compelling, but circumstantial case that Josh Marshall has laid out at TPM, that Putin’s preference for a Trump Administration may be solely rooted in the simple fact that Trump has long espoused views about American involvement in the global system that overlap with Putin’s understanding of Russia’s interests and his strategy for achieving them. In 1987 Trump spent about a $100,000 to pay for ads in several major newspapers attacking the Reagan Administration for allowing our allies and partners – NATO and non-NATO – for taking advantage of us and not treating us fairly. You can see a copy of the ad below:
Trump’s anti-NATO and anti other alliance position is not something that he just adopted last Fall or because one of his advisors with ties to Russia suggested it. Rather it is a very long standing position of his and I’m not sure anyone knows how he came by it. Given two candidates for President of the United States, one who has expressed a willingness to be somewhat more hawkish than the current President in US-Russian relations and the other who has, for at least 30 years, held the position that the US is being taken advantage of by its NATO allies, as well by its non-NATO allies and partners, it would make sense that Putin would prefer the latter to the former as the next President of the United States. In the most basic terms: Trump has long held views that Putin shares, Putin is smart enough to know this, therefore Putin using his resources to independently try to assist Trump would make perfect sense. Given what we know of both men’s long standing preferences on US involvement with NATO and other alliances there is no need to go looking for dots to connect here on the affinity of one for the other on this issue.
What this leaves us with is a very important concern: what does the US do now to protect the integrity of its electoral system and election infrastructure. Dave Aitel, the CEO of Immunity Inc., in a very thought provoking guest editorial at Ars Technica, makes the argument that the Russian Intel hack on the DNC is very clearly an act of cyber war. And that it raises critical questions about the ability to safeguard the integrity of the upcoming election. Here’s an excerpt, but you should really click across and read the whole thing:
The US government has a decision to make here. If it does not come out strongly against this action by the Russian intelligence services now, then when will it? How is our election system not to be considered “critical infrastructure” that foreign governments are forbidden to interfere with, unless they wish to trigger a serious confrontation with the US? If hacking a presidential campaign and dumping its strategy on the Web is not interference and disruption of a critical institution, then what is? Should we wait until foreign operatives interfere with the primary process? Is the red line only to be drawn around hacking actual voting machines and changing the results?
Bottom line: the US must have an escalatory policy in place for this type of foreign interference. If we do not respond strongly to Russia’s actions in this election cycle, then we risk weakening our country’s deterrence and opening the door to future attacks, which may be even more disruptive to this country’s most fundamental democratic process—that of electing new leaders. Likewise, we should reach an agreement with other nations that we will not interfere with the nuts and bolts of their electoral processes, either. It’s either that, or we need to invest in robust cyber-protections for all presidential candidates at the federal level, stretching our already understaffed Secret Service.
People in the policy area often consider “cyberwar” actions limited to things that causes physical harm or casualties, or things that can replace a 500 pound bomb. But if you cannot manage your people, or protect the American economy, or elect a new President, you have lost a war.
Aitel’s editorial raises the important question: what do we do about this? We know that our electronic voting machines are vulnerable to hacking. Given that we decentralize our elections to the state and local level, we have 50 states and 3,144 counties that use different electoral systems, processes, and machines. This makes US elections highly vulnerable because there isn’t just one system that needs patching or one process that needs to be reviewed in regard to its security protocols be they cyber, personnel, or material. Florida and Utah have already seen cyber attacks on elections, elections processes/systems, or governmental processes/systems in those states.
One of the real concerns going forward, apart from embarrassing email chains with PII being posted on Wikileaks, is not just that Russian Intelligence can get in and look around and take information out of these systems in the US, but what happens if they decide to mess with what’s there? Voter registration information, voter donation information, electoral results, and more are all stored electronically. The next attack may not be interested in embarrassing staffers and causing a few days of reporting about what they wrote. Rather it might seek to remove voters from the rolls or change the reported results of an election in specific locations before they can be reported. And since our system is decentralized, securing all of it is going to be difficult and expensive.
I’m not a cyber expert. I have taught a course on cyber crime and cyber terrorism and supervised graduate research on these issues, but the technical side of this is not my bailiwick. That said the US, as Aitel identifies, has to respond. And here we are back to where I’m familiar: ends, ways, and means. The end state – the objective to be achieved – is deterrence against these attacks. This deterrence must take two different forms. The first is to get the best possible safeguards in place to protect the numerous and varied systems and processes in place at the Federal, state, and county level in the US. The second is to respond to Russia’s cyber attack in such a way that they get the point that they’ve gone to far and any future attempts will be dealt with quickly and harshly, but without causing an escalation of the cyber warfare or, even worse, moving the skirmish from the cyber domain into the actual Land, Sea, and Air domains. Again, I have no idea how this should be done, let alone what is even possible, but the objective has to fall within these two reinforcing dimensions of defensive and offensive deterrence. Ways and means are a bit tougher to estimate as so much of what is done in this arena is just not known even to the vast majority of people with clearances. We all joke about the NSA being unwilling to send us backups of our hard drives and/or complain that they’re probably listening to our calls, but this is what we have the NSA for! And several other agencies and departments of the US government and counterparts at the state level. The subject matter experts and technical specialists in these departments and agencies must be tasked to develop the ways and means to achieve these ends. Even if its just randomly turning the lights on and off wherever Putin is trying to sleep at any given time or making the meow mix theme song play on a repeating loop every time he turns on the TV, radio, or his iPod until he gets the message that the US can reach out and touch him in the cyber domain as well whenever it wants to.
The other thing that has to happen is that the news media needs to stay on top of this as an important, ongoing event to be investigated and reported on within this year’s election. Americans need to be kept fully informed that for once the often used, but seldom accurate, assertion that someone is tampering with a US election is actually true this time. Americans have been primed for decades to worry about voter fraud and vote tampering because of partisan efforts to use the almost non-existent threat of voter fraud, and the news media’s obsession with scandal, for partisan ends. Staying on top of this story, a story that is about electoral manipulation for a foreign power’s advantage, is right in the news media’s sweet spot.
It was interesting to watch Chris Matthews last night make a parallel comparison to the actual Watergate break in. He explained to his panelists that that was a physical break in on the DNC and this was a virtual break in. When Michael Steele correctly indicated that Watergate was really about the corruption of the President/Presidency, Matthews responded that this is about the corruption of electing a President. A lot of journalists, both reporters and commentators, came up during Watergate and view the news media’s reporting as a clear sign of how to do proper journalism. Many who came up after Watergate do as well – almost too much given the chasing of every possible shiny object as a potential scandal to be reported on creating the next Woodward, Bernstein, and Hersch and giving us “gate” affixed to everything. This story seems to be developing legs and the longer the news media stays on it, the better it will actually be for Americans and the upcoming election. It will keep the pressure on to secure our electoral systems and processes. And it could, if handled correctly, lead to long needed reforms to better secure these systems in the future in order to ensure that every eligible voter that wants to vote and does so, has that vote accurately counted and faithfully restored.