Cybersecurity , Data Breach , Risk Management
U.S. Election Meddling May Just Be Russian Payback How Can - or Should - the U.S. Respond?The hacking and intrusions directed against U.S. political parties and government election authorities has caused deep concern in the U.S. The Washington Post reported on Sept. 5 that the U.S. intelligence and law enforcement agencies are investigating whether the intrusions are part of a broad covert campaign by Russia intended to undermine the U.S. elections in November.
See Also: A Smarter Approach to Third-Party Vendor Risk: A Case Study
The case against Russia is far from complete. While several private computer security firms have said the attacks against the Democratic Party organizations and Hillary Clinton's campaign have forensic clues that link to actors believed to be Russian, it's still a fuzzy picture. Other experts have cautioned that stronger evidence is needed (see Did Russia - or Russian-Built Malware - Hack the DNC?).
"If you know the pattern and digital footprint of an adversary, you can easily mimic the traits that they possess, so spoofing a breach to make it look like it's somebody else is extremely simple if you have a profile on the actor," says James Scott, a senior fellow at the Institute for Critical Infrastructure Technology.
The U.S. has confidently attributed cyber activity before, although with limited technical evidence. In mid-2014, the U.S. Department of Justice filed an indictment against five Chinese Army members, accusing them of stealing intellectual property from U.S. companies. Later that year, it also quickly blamed North Korea for the devastating attacks against Sony Pictures Entertainment that stole gigabytes of internal data and wrecked computers (see FBI Defends Sony Hack Attribution).
If Russia's alleged interference is a demonstration of power, it wouldn't be beyond its capabilities to do much worse than just reveal embarrassing Democratic Party emails. Scott recently co-authored a paper, Hacking Elections is Easy!, which contends that voting and e-voting machines have so many technical problems that it wouldn't take a large, orchestrated attack to affect an election outcome. In fact, targeting voting machines in just one county in a crucial swing state could be enough to tip a U.S. presidential election.
Angry Bear
Tensions between the U.S. and Russia have steadily increased since 2008, with Russia growing more irritated with what it believes is U.S. interference with its domestic affairs, says Greg Austin, professor in the Australian Centre for Cyber Security at the University of New South Wales in Canberra.
"There is definitely a war of sorts going on between the United States and Russia," Austin says. "We have reached a new level of low-intensity political skirmishes."
Among the historical bad feelings: The U.S. advocated for the inclusion of Ukraine in NATO in 2008, in part, by sending military and political leaders there for support. Russia pushed against it, and Ukraine later decided against joining. Then in 2014, Russia annexed Crimea, asserting its dominance over a former region of the Soviet Union.
The U.S. also has directly accused Russian President Vladimir Putin of amassing an ill-gotten fortune. In a January interview with the BBC, Adam Szubin, the U.S. Treasury's acting under secretary for terrorism and financial intelligence, said Putin's annual salary as president - around $110,000 - is not an accurate reflection of the his wealth. When asked if Putin was corrupt, Szubin said "In our view, yes."
Austin says that if Russia is behind the cyberattacks, the intrusions might be best classified as payback for a string of U.S. actions and policies that have caused offense.
U.S. Response
Nations have only started to tackle in the last decade the question of how to respond to cyberattacks. In 2008, the NATO Cooperative Cyber Defense Center of Excellence was set up in Tallinn, Estonia, to research, in part, how cyberattacks and cyber provocations should be handled under existing treaties dealing with warfare.
The U.S. is refining its cyberattack response tools. Soon after North Korea was pinned to the Sony attacks, President Barack Obama signed an executive order with a new round of sanctions against the nation (see Obama Imposes Sanctions on North Korea for Hack).
With the recent election-related hacks, it's difficult to tell what the motivation is. But influencing elections is something countries regularly attempt to do, notes Martin Libicki, an adjunct management scientist at the RAND Corporation. For example, Obama visited the U.K. earlier this year just ahead of the referendum to advocate that the nation stay in the European Union.
Tampering with elections is far more serious but more difficult to detect beforehand, Libicki says. But the line between tampering and influencing may be blurred in the cyber arena, making it difficult to establish a mutually respected boundary.
"You want our activities in the acceptable pot and what we would like to see banned in the unacceptable pot," Libicki says. "Ultimately, this starts to argue for restrictions on what countries can do with the information that they get from cyber-espionage (e.g. no doxing)."