The United States, its allies and partners need to make clear to President Vladimir Putin and those who support them there is a price to pay for tampering in other nations’ political and social affairs and their harboring cyber criminals inside Russia’s borders, three of the nation’s leading cyber security experts said on Friday.
Speaking at the Center for Strategic and International Studies, a Washington, D.C., think tank, John Carlin, a former top Justice Department official dealing with national security, said by those attacks designed to sway elections to parties and candidates Moscow favors, undermine confidence in governments and elections from Japan to Europe.
“Russia is becoming a rogue nation,” due in part to Moscow’s refusal to go after those criminals who have stolen “billions and billions of dollars” in recent years from private businesses and financial institutions, Carlin said.
“The United States is under attack,” James Miller, who co-chaired the Defense Science Board’s recent task force on cyber deterrence said. The attacks “are virtually certain to escalate.”
Rick Ledgett, former deputy director of the National Security Agency, said while “it’s a different kind of attack,” the United States’ response cannot be “tit-for-tat.” In that kind of exchange, “we lose” because the United States has much more to lose — its reliance on computers and networks for everything from food delivery to buying a house.
As to what the United States has to lose on a large scale, Miller cited a recent story in The New York Times on Russia’s direct attack on the nation’s electric grid and its intrusions into their nuclear power operations. In the past, the Kremlin paralyzed utilities in Estonia and Ukraine trying to get its way in local disputes.
We’re 10 years away from protecting the grid, he said, but that does not mean that work should not begin now to harden infrastructure and add resiliency. Miller said American offensive cyber capabilities could be greatly expanded in that same amount of time.
Miller, Carlin and Ledgett all said during the discussion, “we want to impose greater costs” on Putin and Russia to deter its intelligence agencies and other governmental arms; other nations like China, North Korea and Iran for these kinds of activities. The three said this pressure also meant raising the risks criminals face in stealing millions in financial transactions and planting ransomware to blackmail businesses and governmental agencies, such as the United Kingdom’s Health Services.
The United States “can figure out who did it,” Carlin said, so unlike traditional intelligence-gathering operations make it public was what was done with the discovery of North Korea’s hacking of Sony Entertainment and then going after the actors on criminal charges.
Ledgett added, “We want the hand to be seen” when responding in these instances as a message to the perpetrators.
While the imposition of sanctions on Russia as the Trump administration announced Thursday “were good, but were not enough.” Miller suggested freezing oligarchs’ assets from real estate to bank accounts and then seizing them through court action for some lesser actions as a way of putting pressure that would reach the top of the Kremlin. For actions, such as backing separatists in Ukraine with arms and special forces, seizing Crimea and trying to dismember Georgia, impose “macro-economic sanctions” on the most important sectors of its economy — oil and gas, moves that over time impact the total Russian economy and individual citizens.
“Do these multi-laterally” was his parting piece of advice, so the effect is greater.
Ledgett said another goal would be to “make it harder for information ops to reach its target … the mind of the voter” by informing the public what is false or fake news, and what is not. He mentioned Hamilton 68 as one means of tracking Russian disinformation. Miller added the Russians “didn’t invent the phenomenon of fake news” as a way of manipulating public opinion, but through social media have “thrown gasoline” on it to spread disinformation.
The caution here, the panelist said, were not undermining First Amendment guarantees of freedom of expression by the government.
Miller said the larger idea is to build a campaign plan of deterrence, defense and response with reachable goals that can be shared with other nations. It also needs to work inside the United States with local and state governments [in protecting elections, as one instance], financial institutions, utilities and other businesses.
Why is Putin, as a person, pursuing such a wide-ranging assault on the West through hacking, intrusions and cyber attacks?
Miller said the Russian president’s “view is the U.S. is the aggressor” on the world stage. Washington works through non-governmental organizations pushing Western-style democracy inside its borders and is behind the expansion of NATO into former Warsaw Pact countries and even proposing former Soviet republics for membership.
In addition, Putin sees the United States “pursuing conventional military superiority” and “pursuing nuclear superiority” with a shared goal with its western allies of regime change in Russia.
For the West, there is the need to push back against all these activities. Miller said twice the risks “are greater if we don’t.”
The three agreed the pushback is not confined to cyber, or cyber to cyber, but involves diplomacy, economics, cyber and military and is not exactly one-for-one.
The United States and the West “have to demonstrate you’re in it for the long haul, not a two-move game” in countering Moscow’s cyber agenda.