The delays reveal fundamental problems with U.S. cyberdefenses and deterrence that President-elect Donald Trump will begin to confront when he takes office.
WASHINGTON —
Of the many questions left unanswered by the U.S. intelligence agencies’ accusation that Russia’s president, Vladimir Putin, led a multilayered campaign to influence the 2016 presidential election, one stands out: Why did it take the Obama administration more than 16 months to develop a response?
The short answer, suggested by the report the agencies released Friday, is that the U.S. government is still responding at an analog pace to a low-grade, though escalating, digital conflict.
The report, compiled by the FBI, the CIA and the National Security Agency (NSA), makes no judgments about the decisions that the agencies or the Obama administration made as evidence of Russian activity mounted. But to anyone who reads between the lines and knows a bit of the back story not included in the report, the long lag times between detection and reaction are stunning.
Most Read Nation & World Stories
The delays reveal fundamental problems with U.S. cyberdefenses and deterrence that President-elect Donald Trump will begin to confront in two weeks, regardless of whether he continues to resist the report’s findings about Russia’s motives.
The intrusion hardly had the consequences of Pearl Harbor 75 years ago, when the incoming force was seen on radar and dismissed. But it had similar characteristics. Then, as now, a failure of imagination about the motives and plans of a longtime adversary meant that government officials were not fully alert to the possibility that Putin might try tactics here that have worked so well for him in Ukraine, the Baltics and other parts of Europe.
And while U.S. intelligence officials — who were focused primarily on the Islamic State group and other urgent threats such as China’s action in the South China Sea and North Korea’s nuclear and missile threat — saw what was happening, they came late to its broader implications.
It was telling that within an hour of the release of the report Friday, the secretary of homeland security, Jeh Johnson, declared for the first time that the U.S. election system — the underpinning of the nation’s democracy — would be added to the list of “critical infrastructure.” This after years of cyberattacks on campaigns and government agencies.
In the intelligence report’s most glaring example of the government’s lagging response, it says that “in July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks” and stayed there for 11 months, roaming freely and copying the contents of emails that it ultimately released during the election. Classified briefings circulating in Washington, D.C., indicate that British intelligence had alerted the United States to the intrusion by fall 2015.
Almost immediately, a low-level special agent with the FBI alerted the DNC’s cybersecurity firm, which doubted the call and did nothing for months. The FBI failed to escalate the issue, even though it was clear from the start that the attackers were almost certainly the same Russians who had mounted similar campaigns against the State Department, the White House and the Joint Chiefs of Staff.
At a news conference in December, President Obama made it clear that he was not aware of any of this until mid-2016, nearly a year after the hacking began and the British had sent up a flare.
“At the beginning of the summer,” Obama said, “we’re alerted to the possibility that the DNC has been hacked, and I immediately order law enforcement as well as our intelligence teams to find out everything about it” and to brief “potential victims” and “the relevant intelligence agencies.”
It was not until Oct. 7, 15 months after the initial hacking attack, that the intelligence agencies first publicly blamed Russia. Even then, Obama made it clear that he did not want to escalate the situation before the election, for fear of getting into a tit-for-tat cyberwar in which Russia might try to alter the vote tallying. (It did not.)
“We were just too slow, at every turn,” one of Obama’s top aides said in an interview late last year.
The director of the NSA, Adm. Michael Rogers, has said the problem was hardly limited to this case. “The biggest frustration to me is speed, speed, speed,” he told the Senate Armed Services Committee on Thursday, in response to a question from Sen. Jack Reed of Rhode Island, the top Democrat on the panel, about the obstacles to seeing a threat from abroad and acting on it in the United States.
“We have got to get faster; we’ve got to be more agile,” said Rogers, who clashed with White House officials when they thought he was acting too slowly against the Islamic State group. “We can’t be bound by history and tradition here. We have to be willing to look at alternatives.”
Putin played a weak hand skillfully, blending old information-warfare techniques with the echo chamber created by the internet. It is clear that Putin saw a huge vulnerability in the U.S. system that was ripe to be exploited.
The country’s highly partisan politics, with cable channels and websites devoted to pressing an agenda for the fully convinced and the half-convinced, made it more vulnerable to any disclosures that could capture a news cycle. Add to that the Russian combination of covert espionage and the disclosure of the emails it harvested, and the release of “kompromat” — compromising information about politicians and policymakers — and “fake news,” a tactic not above U.S. officials at times.
As the report released Friday makes clear, this is not the end of the story. Elections are coming up in France and Germany, where Putin has a great interest in the outcomes. Anything that weakens the NATO alliance, in the Russian government’s view, strengthens Russia’s hand.
And there is the next election cycle in this country.
Until now, when government officials thought about “critical infrastructure,” they usually thought of physical places and things: the power grid, the cellphone network, airports and even historical sites, such as the Washington Monument.
“Election infrastructure is vital to our national interests, and cyberattacks on this country are becoming more sophisticated, and bad cyberactors — ranging from nation-states, cybercriminals and hacktivists — are becoming more sophisticated and dangerous,” Johnson said.
The same words could have been written after the Chinese went into the networks of Obama’s campaign and that of his Republican opponent in 2008, Sen. John McCain of Arizona. They could have been written after the Iranians responded to the U.S.-Israeli attack on their nuclear facilities by attacking U.S. banks, or when the North Koreans went after Sony Pictures Entertainment in retaliation for a comic film that envisioned the assassination of Kim Jong Un, the nation’s leader.
And the warning about Russia — a public intelligence report like the one issued Friday — might have been written after the FSB and the GRU, the two major Russian intelligence agencies, struck the computer systems of the State Department, the White House and the Joint Chiefs of Staff.
Instead, the government decided not to publicly name who had been behind the attacks. That has changed, at least for now. It is unclear whether Trump will decide that disclosure or silence is the best policy.