politics

Can Biden whack Russia for its latest big hack?

“We have a lot of options,” said Dave Kennedy, a former NSA hacker who founded the cybersecurity company TrustedSec. He pointed to sanctions, retaliatory cyberattacks and disinformation campaigns as some of the tools in NSA and Cyber Command’s toolbox that the incoming administration should consider utilizing.

“There really is no international agreement about what constitutes cyber warfare,” Kennedy said. Legally, he added, “it’s the wild, wild west. … When it comes to going after foreign government agencies, there’s not much in terms of what we cannot do.”

Foreign policy experts cautioned that it will be difficult for the U.S. to calibrate an appropriate response to an espionage campaign that hasn’t resulted in loss of life or shut down critical infrastructure. The Russians’ motivations have yet to be determined, and a disproportionate reaction by the U.S. could be risky considering how extensively the intelligence community itself relies on cyberespionage for intelligence collection on foreign adversaries.

“I think it’s going to be very hard for them,” said Adam Segal, a cybersecurity expert at the Council on Foreign Relations, referring to the incoming Biden team. “People have been saying for a long time that we need to, especially with cyberspace, get to some kind of agreement on what type of behavior is appropriate and which is not.”

Biden told CBS last Thursday that the hackers “will be held accountable” and vowed to impose “financial repercussions” on “individuals as well as entities.” He said in a separate written statement that his administration “will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector and expand our investment in the infrastructure and people we need to defend against malicious cyber attacks.”

One mechanism that could facilitate those goals is the restoration of the White House cyber czar role, which the Biden transition team has been weighing as it grapples with how the administration will need to respond to the sprawling breach. The 2021 National Defense Authorization Act, which Trump has said he will veto, includes a provision that would create a Senate-confirmed national cyber director role responsible for coordinating federal cybersecurity efforts.

But Kennedy said that in order to be effective, the person nominated for the cyber czar role would need to be apolitical and “understand the ins and outs of cyberwarfare.”

“Our ability to respond to cyber warfare changes from administration to administration, but we need to let countries know that regardless of who’s in, there will be a response,” he said. “And that discussion is not happening because policymakers have real trouble understanding the complexities of the subject.”

Even without a cyber czar, many believe that just having a president willing to acknowledge Russia’s malign activities and confront the Kremlin directly about them could have a deterrent effect. In his first comments about the hack, Trump said China might be responsible rather than Russia, directly contradicting his secretary of State and attorney general.

Biden “has to restore our credibility” and “show the Russians that the days in which they got a free pass from Trump” are over, said Alexander Vershbow, a former U.S. ambassador to Russia.

“If deterrence is about affecting the decision calculus on the other side, Russia’s had the ace in the hole in 1600 Pennsylvania Avenue,” said P.W. Singer, a strategist at New America. “For whatever reason, and there are many theorized, Trump has been unwilling to even acknowledge the threat from Russia let alone push back in the way that even members of his own administration have called for.”

The political response is only half the battle, though. The Russian intelligence services have essentially dug tunnels into the networks of dozens of U.S. entities. Kicking them out for good while ensuring all of their entry points have been blocked will be a herculean task.

Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.

“And while they’re there, they’re almost impossible to detect,” he said. He added that some experts in the field believe a huge overhaul and renovation effort targeting the federal systems is the only way to boot the hackers out for good — essentially burning it all down and starting over, ripping up and replacing “so that you can be sure you have a clean slate.”

“But it’s unclear whether that’s even possible,” he said. “There is another school of thought that there is just no way to kick them out.”

Kennedy wasn’t as pessimistic, but acknowledged that “how difficult it is to boot them out depends on how persistent the attacker wants to be.” He noted that the hackers “might have multiple mechanisms to maintain access to the system,” essentially leading to a game of whac-a-mole by the federal government.

The Cybersecurity and Infrastructure Security Agency, a branch of DHS, has been coordinating efforts to respond to the breach, releasing regular updates on the hackers’ capabilities and access. Most recently, the agency announced that it had found further “initial access vectors,” in addition to the SolarWinds compromise, that the hackers had used to breach networks.

But CISA is stretched thin, and many of its senior officials have departed in recent weeks. The Energy Department’s chief information officer told employees last week that, when DOE asked for help, CISA relayed that it was overwhelmed and might not be able to allocate the necessary resources to respond to the attack on the department.

Hijazi, who has been tracing the hackers’ steps for some private entities who were attacked, said the mood is “ominous” right now among investigators.

“Everyone is really still trying to get their bearings,” he said.



Source link

Related Articles

Back to top button