The evidence of a broad, systemic effort by Russian government hackers and disinformation specialists – on instructions from President Vladimir Putin — to undermine the U.S. electoral process and ensure a Trump victory in November 2016 is incontrovertible, and it is mounting.
This mountain of evidence – based on technical means, human sources, and cyber forensics – has led all of the U.S. intelligence and law enforcement agencies to conclude that Putin’s effort to undermine the U.S. democracy was not only audacious in its conception, but also unprecedented in its scope and ambition.
Rolf Mowatt-Larssen, the director of Belfer Center’s Intelligence and Defense Project at Harvard Kennedy School, served as director of intelligence and counterintelligence at the U.S. Department of Energy, before that was a distinguished intelligence officer in the CIAfor two decades.
He told the Harvard Gazette:
It has become clear that the Russian intention was to attempt to enter into a collaborative or cooperative relationship with the Trump campaign in order to sabotage Hillary Clinton’s campaign to their mutual benefit. To that end, the Russian government employed hacking activity to collect information and then embarked on an ambitious intelligence operation to leak that information to Trump’s advantage and to Clinton’s detriment. The question that remains, and is most important to answer, is did the Trump campaign willfully accept this assistance from the Russian government and enter into a conspiracy to benefit the campaign?
I would say it’s the most consequential Russian intelligence operation in my lifetime in terms of the attempted scope of their intention to penetrate our domestic politics and influence an American election. I can’t recall a precedent where they were that ambitious and that aggressive in pursuing that kind of goal. It’s hard to imagine that they would have done so with a completely unwilling partner.
The unanimous conclusion of the U.S. intelligence community, now headed by two stalwart Republicans – former Indiana senator Dan Coats as director of national intelligence and former Kansas congressman Mike Pompeo as CIA director — has not persuaded President Donald Trump, however. He cites Putin’s denial of the Russian cyber effort as a reason why he – Trump — does not trust the unanimous conclusions of the U.S. intelligence community.
Cyber experts say that Trump’s refusal to accept the reality of the 2016 Russian government hacking and disinformation campaign is creating a dangerous policy vacuum. This vacuum, the security experts fear, is only encouraging more cyber warfare.
The Jakarta Globe reports that in the past three months, hackers breached the official websites in Qatar to insert a fake news story, thus helping to create a Gulf regional crisis; suspected North Korean-backed hackers paralyzed British hospitals with ransomware; and a cyberattack by Russian government hackers deleted data on thousands of computers in the Ukraine.
The governments of Britain, France, and Germany have publicly and pointedly accused Russia of trying to undermine the democratic systems in their countries processes, but the other twenty-six members of the 29-member NATO have been dragging their feet when it comes publicly to accuse Russia of cyber-meddling.
No Western leader, however, has done what Trump has done: publicly disparage and ridicule the U.S. intelligence services’ professional assessment of Russian practices and methods.
And no other Western leader has used Putin’s denial of Russian meddling as “proof” that the intelligence services were wrong.
“The White House is currently embroiled in a cyber crisis of existential proportion, and for the moment probably just wants ‘cyber’ to go away, at least as it relates to politics,” said Kenneth Geers, a security researcher who until recently lived in Ukraine and works at NATO’s think tank on cyber defense. “This will have unfortunate side effects for international cybersecurity.”
Experts say that not calling out the perpetrators makes it inevitable that more hacking attacks will come.
“I see no dynamics of deterrence,” said ex-White House cybersecurity officer Jason Healey, now at Columbia University.
Analysts note that the reluctance by the White House to confront Russia over Russian government hacking has spread beyond the Whited House. At the end of July, Chris Painter, the official responsible for coordinating U.S. diplomacy on cybersecurity, will leave his position, and no replacement has been named. Moreover, news emerged that Secretary of State Rex Tillerson is considering abolishing the State Department unit responsible for dealing with cybersecurity.
The White House said that the administration will replace the Obama era’s strategy of trying to build global cyber norms and rules of conduct, and instead focus on negotiating bilateral agreements. Following the two meetings between Trump and Putin ad the G20 conference, the administration announced it was discussing with Russia the creation of a cybersecurity group, but the proposal was met with harsh criticism in Congress. Lawmakers said that the proposal would amount to inviting the fox to guard the henhouse.
Another manifestation of what critics describe as the administration’s lack of interest in pursuing a broad and determined cybersecurity strategy is the administration’s minimal presence at the Black Hat and Def Con security conferences being held this week in Las Vegas. Past administration sent heavy weights from DHS, the NSA, and other agencies to these conferences to discuss cybersecurity policies and initiatives.
Reuters reports that the policy vacuum left by the administration has also had a chilling effect on private security firms. Many private firms say they have grown more careful in publicly attributing cyberattacks to nation-states for fear of drawing fire from the Trump administration.
For example, in an April interview, Trump raised questions about the trustworthiness of the security firm CrowdStrike, which investigated the hack of the Democratic National Committee by Russian government hackers. Trump said he was told the company was controlled by a Ukrainian. Trump’s charge was false. The company is not controlled by a Ukrainian.
Security experts are alarmed by the fact that the United States and NATO failed to respond to the destructive NotPetya attack the Russian government launched against Ukraine in June.
Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies (CSIS), said that the lack of response by the United States and NATO only invites more attack.
Others agree. “If you are not ringing alarm bells in an eloquent way, then I think you’re dropping the ball,” said retired CIA officer Daniel Hoffman, who worked on Russian issues. “When we fail to do enough, that just emboldens them.”