22 January 2017

May: Lost in cyberspace

By Clifford D. May

Russia’s hacking of the Democratic National Committee was mischievous. Did it change the outcome of the 2016 elections? No evidence suggests that and the intelligence community isn’t claiming that. 

So those who are may be presumed to have an agenda: to establish the narrative that Donald Trump was not legitimately elected president. From that, it would follow that no one — not mayors, not governors, not members of Congress — is obliged to cooperate with him. They would be justified to “resist” his presidency instead. 

Ironically, or perhaps hypocritically, those who take this line are helping the Russians achieve their goal which, according to the declassified intelligence report released Friday, was to “undermine public faith in the U.S. democratic process.” 

Yes, the report also concludes that the Russians wanted to “denigrate” Hillary Clinton and “harm her electability and potential presidency.” But they had no expectation that the emails they lifted from DNC computers and released to the public would deliver a knockout blow. “When it appeared to Moscow that Secretary Clinton was likely to win the election,” the report notes, “the Russian influence campaign began to focus more on undermining her future presidency.” 

This is not how allies should treat allies — notwithstanding the fact that in 2015 President Obama sent taxpayer dollars to a group opposing the re-election of Israeli Prime Minister Benjamin Netanyahu. But it is how adversaries treat adversaries. And Russia under Vladimir Putin remains in that category. Mr. Trump believes a rapprochement is possible. So did President Obama and President Bush. Will the third time be the charm? I’m dubious. 

A little context: What we’re dealing with here is Information Warfare. In the 20th century, the Soviet Union and Nazi Germany were grand masters of IW. The U.S. was fairly adept during World War II and, at times, during the Cold War. Nowadays, not so much. 

Serious information warriors have always utilized whatever spies could steal for them. They manipulate journalists when they can. They spread propaganda, some of which may be what the Russians call dezinformatsiya. 

In this case, however, no such disinformation was released. The emails stolen revealed some of the embarrassing sausage-making inside the DNC and Clinton campaign but they didn’t constitute “fake news.” Had the same information been leaked by a disgruntled DNC staffer to an American reporter, would anyone argue that it should not have been published? 

What’s new here — or at least newish — is that both IW and espionage are now cyber-enabled. This is a serious concern, one to which President Obama failed to respond effectively over the past eight years. 

For example, in 2015 sensitive information on more than 20 million Americans — many of them applicants for government jobs requiring security clearances — was stolen from the Office of Personnel Management’s computer systems. The “leading suspect,” according to Director of National Intelligence James Clapper,” was China. Was China punished? Were there any significant changes in U.S. policy? Not as far as I’m aware. 

More important, as the controversy rages over whether Mrs. Clinton’s chance to return to the White House may have been diminished, we seem to be forgetting that beyond cyberespionage lies a far more serious threat: cyberwarfare: the use of cyber weapons to kill people and damage property, for example by causing massive electrical blackouts, wiping out financial records, disrupting the air transportation system or disabling defense and national security infrastructures. 

Director of National Intelligence James Clapper listens at left as National Security Agency and Cyber Command chief Adm. Michael Rogers testifies on Capitol Hill in Washington, Thursday, Jan. 5, 2017, before the Senate Armed Services Committee hearing: “Foreign Cyber Threats to the United States.” (AP Photo/Evan Vucci) 

The line between cyberespionage and cyberwarfare is sometimes fuzzy. Last year, the Justice Department accused seven hackers associated with the Iran’s Islamic Revolutionary Guard of penetrating American financial institutions and a computer system at a dam in New York State. Were they just poking around? Or were they making plans to disrupt operations? 

In 2012, Saudi Aramco, one of the world’s largest oil companies, was hacked — 35,000 computers partially or totally destroyed. U.S. officials suspect Iran was the culprit in this case as well. Iran suffered no consequences. 

And even earlier, in 2010, Mike McConnell, who served as director of the National Security Agency under President Clinton and as director of national intelligence under President Bush, told Congress that the risk America faces from cyberwarfare “rivals nuclear weapons in terms of seriousness.” Shouldn’t that have led to significant actions? 

After his meeting with “leaders of the Intelligence Community” last week, President-elect Trump issued a statement saying, “we need to aggressively combat and stop cyberattacks” — a word that, I infer, conflates cyberespionage and cyberwarfare. He added that he would “appoint a team to give me a plan within 90 days of taking office.” 

His team is likely to weigh two options. Alex Gibney, director of “Zero Days,” a powerful documentary on cyberwarfare, argues that treaties are the answer to cyber threats. I’m not persuaded. Treaties signed by Americans bind Americans. Our cyber adversaries — in particular Russia, China, Iran and North Korea — cannot be trusted, especially given the difficulties of verifying compliance in cyberspace. 

The alternative: Acknowledge that a cyber arms race must be run — and then win it. Lt. Gen. Robert Elder, an Air Force cyberwarfare expert, told Wired magazine in 2008 that the American mission should be “to control cyberspace both for attacks and defense.” Then-Air Force Secretary Michael Wynne added that the U.S. needs to get to the point where “no adversary should be able to engage the United States in cyberspace with any expectation of victory.” 

Because President Obama did not accomplish that mission Americans remain vulnerable. Isn’t that the more important story? If the team charged with preparing a cyber plan for Mr. Trump comes up with a viable strategy that, too, should be seen as big news. 

About Clifford D. May

Clifford D. May is president of the Foundation for Defense of Democracies (FDD) columnist for the Washington Times and member of the U.S. Commission on International Religious Freedom (USCIRF), an independent bipartisan federal body reporting to the president, secretary of state, and Congress. May's columns regularly appear in The Colorado Statesman.

No comments: