Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

How Should US React to Alleged Hacks by Russia?

Range of Options Isn't Limited to a Cyber Response
How Should US React to Alleged Hacks by Russia?
Will Obama's response to Russian hacks target Putin?

It's not a matter of if, but when and how the United States government will respond to Russia's purported hacks of America's public figures and electoral system (see Did Russia - or Russian-Built Malware - Hack the DNC?).

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

"While hitting back may be satisfying and worthwhile, whether and how to do it is hardly a simple matter," says Martin Libicki, a cyber and national security expert at the think tank The Rand Corp. "Many questions need to be addressed, perhaps answered before going ahead."

President Barack Obama is committed to responding to the hacking of computers at the Democratic National Committee and other political organizations involved in this year's presidential election. "The range of responses that are available to the president aren't just limited to the cyber sphere," White House Press Secretary Josh Earnest says. "There are other responses, including the use of financial sanctions."

At stake is the credibility of the essence of America's democracy: its electoral system. The hack of the DNC and the leaks of damning information about Democratic presidential nominee Hillary Clinton raise concerns about the integrity of the electoral process. "It's throwing chaos into the system," says Herb Lin, senior research scholar for cyber policy and security at the Center for International Security and Cooperation, a think tank at Stanford University.

Sending a Very, Very Strong Message

How should the U.S. respond to the alleged Russian hacks? One effective response would target the Russians where it would hurt their government and leaders, including Russian President Vladimir Putin. Using information culled from cyber probes targeting Russian government computers by the CIA or National Security Agency or through other espionage channels could ridicule Putin's leadership.

"When you think about influencing operations when you disparage a leader, it's a very significant thing in an authoritarian regime, much more so than a democratic regime," says Sean Kanuck, former national intelligence officer for cyber issues in the Office of the Director of National Intelligence. "If we're trying to send a very, very strong message, then that is obviously a point of sensitivity that would not go unnoticed. I can assure you that, if that's where the response was targeted."

Lin says embarrassing Putin might deter the Russian leader from ordering future hacks of America's electoral system, but the Stanford researcher also voices some doubts. "The [Russian] people by and large support him," Lin says. "It would be very easy for him to spin any information we gave as a bunch of lies. Why should the Russian people believe us instead of him?

Influencing Putin

Other retaliatory option could be to identify individuals conducting the hacks for the Russian government and indict them, as the U.S. did against Chinese hackers of U.S. businesses, or get NATO nations and other allies to restrict their travel. These actions seem to deter other nation-states creating mischief in cyberspace (see U.S. Charges 5 Chinese with Hacking). "The threat of sanctions really influenced the cyber behavior of the Chinese, as it turned out," says Jason Healey, senior research scholar at Columbia University's School for International and Public Affairs. "But we know Putin doesn't care about sanctions. We can't imagine it would make a difference in Russian behavior."

Instead, Healey says the U.S. Cyber Command's National Mission Teams could stymie the cyberattacking capabilities of Cozy Bear and Fuzzy Bear, the two hacking groups apparently backed by the Russian government that are believed to have breached the Democratic Party's information network. "It's not a (direct) attack against Russia," Healey says. "But getting in there, we can disrupt their command and control so they can't disrupt us. That's one reason we formed the National Mission Team. NSA will look at what those groups are doing; Cyber Command is equipped to go in and actively disrupt."

Healey says disrupting Moscow's agents, and not the Russian government itself, could curtail an escalation in retaliatory actions.

Defending Democracy, Not Democrats

Regardless of how the United States responds, Healey says, "it's important that President Obama - and his administration talks about this - [lets] people know this is about policy, not politics. This is about policy defending democracy, not the Democrats."

Whatever action the American government takes in response to the hacks of the U.S. electoral system, the public may never learn of it. Vice President Joseph Biden, answering a question on the TV program "Meet the Press" about whether the Obama administration will publicize its response, replied: "Hope not."

Should the rest of the world know Russia is being punished? "My own view is that our response shouldn't be covert - it should be overt, for everybody to see," former CIA Deputy Director Michael Morell tells NBC News. But publicly acknowledging a response against the Russians could generate a counter-response, which could escalate into a tit-for-tat confrontation. "Being punished and not responding leads to a loss of face before others," Rand's Libicki says. Past experience with the former Soviet Union, he says, suggests keeping America's response secret. "With Russia," Libicki says, "the case tilts to a hidden response because the two countries have experience in covertly signaling one another - during the Cold War - when bounds looked as if they were overstepped."

Setting a Cyber Precedent

A face-to-face engagement with the Russians, especially if the U.S. responds in cyberspace, is relatively new territory between the two traditional adversaries. Kanuck, the former national intelligence officer, says there have been few situations in which the United States and Russian governments have been pitted against one another in cyberspace.

"This case is a little bit of strategic posturing," Kanuck says. "There may be a little bluffing on both sides. This is a chess game. We don't have a lot of historical experience on how this plays out in the cyber realm. ... I think [the U.S. response] will serve as a precedent for future issues of what is and is not acceptable in cyberspace."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.