The U.S. finally is ramping up its response to Russian cyberattacks. Good.
The bad news is our response shows how ill thought-out both our strategy toward Russia and our policies for retaliating against malicious cyber operations are.
Russia has been linked to many cyber incidents, most notably the hack of the Democratic National Committee and subsequent email leak that led to the resignation of Rep. Debbie Wasserman Schultz, D-Fla., as party chairman.
Vice President Joe Biden, Director of National Intelligence James Clapper, Homeland Security Secretary Jeh Johnson, and other parts of the U.S. intelligence community now publicly blame Russia for these breaches.
The response from the U.S. should have been as swift as possible. But better late than never.
Russia’s cyber aggression recently has been aimed at the U.S. presidential election, making many Americans concerned about Russian interference in our political system. Indeed, that’s the point: Russia long has used information and psychological warfare to attack and undermine those who oppose it.
In an interview with NBC’s Chuck Todd recorded Oct. 13, Biden said an upcoming retaliatory strike “will be at the time of our choosing, and under the circumstances that will have the greatest impact.”
The vice president said he hoped it would go unnoticed by the American public. Openly hinting that a covert action soon may be underway probably wasn’t the best decision, though.
The United States has indicted hackers from China and Iran in the recent past.
In 2014, the Justice Department filed charges against five Chinese military hackers for computer hacking and economic espionage. It was the first time in American history that the government charged a state actor for that type of hacking.
In March 2016, the government charged seven Iranian hackers for conducting a coordinated campaign of cyberattacks against the U.S. financial sector.
But while indicting hackers is a step in the right direction, these limited responses from the U.S. are not effectively deterring countries such as Russia.
So it’s good to see the Obama administration seriously contemplating how to retaliate for Russian aggression in cyberspace. However, it already should have had a strategy in place for how it would respond. The U.S. has faced ever-increasing cyberespionage, breaches, and attacks over the past decade, but does not yet know what it will do.
The response from the U.S. should have been as swift as possible, using one of many tools at our disposal: cyber action of our own, legal action, sanctions, increased support to nations threatened by Russia, and so on. But better late than never.
And this should not be a one-time deal. The U.S. should make this type of retaliation a more regular occurrence.
While retaliation and providing evidence to justify it must be balanced with keeping intelligence secrets, the U.S. has done little to publicly push back against bad actors. More must be done.
Nor should the U.S. be alone in this effort. The U.S. should coordinate with allies and other partners affected by malicious cyber operations in pushing back against the nations behind that aggression. More effective responses will help deter these nations from acting so aggressively in the first place.
When foreign governments compromise our nation’s cybersecurity, the United States cannot rely on words or speeches as deterrence. A firm response sends a clear message and conveys American resolve.