Pages

27 July 2018

Why the new plan to attribute foreign cyberattacks may not be enough

By: Justin Lynch

The Justice Department has pledged to attribute foreign cyberattacks, hacking and disinformation intended to sway American elections as part of a new policy. The hope is that by identifying the attackers it can help to avoid a repeat of the 2016 presidential campaign, when the Obama administration was largely silent on Russia’s influence operations.

But experts and government officials have raised questions about the effectiveness of the Justice Department’s new policy, released July 19.

The department said in a new report that it would consider a range of actions in the face of a foreign effort to undermine the democratic process. They might alert targets of the influence campaign. They could notify technology companies if they are being used to spread disinformation. They might just call out the influence operation in a public statement.


“Exposing schemes to the public is an important way to neutralize them,” said Deputy Attorney General Rod Rosenstein after the report was released, while speaking at the Aspen Security Forum.

Observers, however, have noted that the new plan’s impact may be limited. Even as Rosenstein announced the policy, he cautioned it would be “limited by our obligation to protect intelligence sources and methods.”

“We should not attribute activity to a source unless we possess high confidence that foreign agents are responsible for it,” Rosenstein said.

However, attribution is less than a perfect science.

“Despite what you might think, the popular notion of CSI: Cyber … it’s often not the instant that something happens” it can be attributed, said Tonya Ugoretz, head of the cyberthreat intelligence integration center at the office of the Director of National Intelligence. “We often learn details about activity later, out of order in bits and pieces.”

Asked during an event at the Washington Post on June 20 if the new attribution effort would have made a difference during the 2016 presidential campaign, Ugoretz was unsure.

“It’s hard to say,” she said, but added government agencies have learned from the Russian disinformation campaign.

The new guidance could be a more aggressive application of an old policy. For example, the top intelligence officials in the Obama administration said in October 2016 that the Russian government tried to interfere in the presidential election through hacks and a public influence operation. That was one month before the 2016 presidential election, although law enforcement agencies first suspected the Russian campaign earlier that summer.

The Justice Department report also said that, in some cases, public disclosure “may be counterproductive because it may amplify or otherwise exacerbate the foreign government’s messaging.”

“This won’t be easy,” tweeted Chris Painter, the former top cyber diplomat at the State Department.

Others were less diplomatic.

The plan is like saying “cleanup on aisle nine. By the way, you are getting ravaged and I just wanted to show up and tell you,” joked Mike Rogers, former Republican House intelligence committee chairman, at the Washington Post event. “That is the wrong time to be there, that’s why this is so important get ahead of this problem.”

Critics also point out that the Trump administration has not deterred Russia from continuing its influence campaigns in the first place.

“One of the things nobody has done a good job of so far is really imposing costs on bad state actors for their activity,” said Painter during the Washington Post event. “There are a lot of great people you talk to who are trying to protect their election systems. That’s another part of deterrence, but imposing those costs means that the actor thinks twice about it.”

No comments:

Post a Comment