Rebecca Grant: Cyberattacks against US will intensify — Biden must bolster ability to defend and strike back

Pompeo: Russia is ‘pretty clearly’ behind cyberattack on American government agencies

Former CIA Chief of Station Dan Hoffman says ‘we still don’t know’ how much information Russians accessed during the attack.

The recently discovered massive cyberattack on U.S. government and industry computer networks by a foreign adversary isn’t the first nor will it be the last such hostile action. While the Trump administration has strengthened U.S. defenses and revved up America’s cyber offense, it’s clear that the incoming Biden administration will need to do a lot more because the attacks are becoming increasingly sophisticated.

Secretary of State Mike Pompeo said Friday that "we can say pretty clearly that it was the Russians" who launched the cyberattack, carried out by embedding malware into several U.S. government agencies and businesses.

However, President Trump sought to downplay the attacks in two tweets Saturday.


 "The Cyber Hack is far greater in the Fake News Media than in actuality," the president tweeted. "I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)."

Now, of course, Russia did it.  I have no trouble believing Russian President Vladimir Putin would approve such a move because it fits into his much larger strategy to tear down American power.  But Trump is right; China is also capable of pulling off this mischief.

So what happens now?

If you are anticipating a dramatic U.S. response against Russia, don’t hold your breath. The first response was a Washington political fight.

Increasing our cybersecurity ought to be a bipartisan issue. But sadly, House Speaker Nancy Pelosi, D-Calif., responded to the cyberattack with partisan fury aimed at Trump. In a statement Friday night, Pelosi said "the Trump Administration has for four years turned a blind eye to Putin’s attacks."

Piling on, Obama administration Director of National Intelligence James Clapper told CNN that the Russian hack was a massive intelligence failure.

Time for a fact check: Pelosi is wrong. The Trump administration freed the U.S. Cyber Command to roam and maneuver in bad-actor networks, with new rules issued in a presidential directive in September 2018.

President-elect Joe Biden was right when he said Thursday: "A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place."  But then he jumped into political attack mode. "I will not stand idly by in the face of cyber assaults on our nation," Biden said, as if Trump was standing idly by. 

Despite the faux shock from Biden, Pelosi and others, our nation’s leaders from both political parties have known for years that Russia is a nimble and evil adversary in cyberspace.

The problem became obvious when Russia shut down Estonia with a devastating cyberattack in April 2007. Estonia revamped its entire cybersecurity structure. Today NATO’s cybersecurity center of excellence is based in Estonia.

So what happened here in America? Years of failure to invest in proper secure software and hardware left government networks vulnerable. Elected officials of both political parties can share the blame.

Importantly, the government computer networks that have been hacked are not the super-secret networks, which are more protected.

We know of a number of cyberattacks against the U.S. government in recent years.

For example, China hacked the U.S. Office of Personnel Management and caused a data breach affecting 20 million Americans, including current and former federal employees and applicants for federal jobs. When word leaked out about this attack in 2015, the Obama-Biden administration chose not to blame China publicly.

Clapper, who was then serving as director of national intelligence, told Congress that China was just engaged in "passive intelligence collection" and had not launched a real cyberattack. "You have to kind of salute the Chinese for what they did" he said, in admiration of China’s technical skill.

Russia, China, Iran, North Korea and others have accelerated their cyberattacks in recent years and no doubt will continue to do so.

According to Crowdstrike’s "2019 Global Threat Report", there are "more than 240 billion events [computer hacks or attempted hacks] every 24 hours — more than the number of tweets Twitter processes in an entire year."

The Crowdstrike report shows that the Russians are masters of cyberattacks. Russian intrusions took on average just 18 seconds to break out from gaining entry into a computer network to spread through the network. China was slower at four minutes on average — but some Chinese attacks needed only 12 seconds.

Defenders have just seconds to respond. That’s getting harder and harder. Understand that while cyberdefense is important, the game has shifted. Cyberwar is a lightning duel of offense, intrusion and intimidation. The keys to success are automation to respond instantly and going on offense.

This is why Congress and President Trump gave the U.S. Cyber Command strong new powers in late 2018. Given a longer leash, Cyber Command acted immediately.

American "military hackers are breaking into foreign networks, striking at enemy hackers and planting cyber bombs that would disable infrastructure in the event of a conflict," reported Ken Dilanian on June 23, 2019 in a story on the NBC News website headlined "Under Trump, U.S. military ramps up cyber offensive against other countries."

But while counter-hacking into Russia’s power grid and other vital infrastructure can create deterrence, U.S. officials are very reluctant to act overtly.


Here are four reasons for this.

The intelligence community likes to watch Russia and other intruders move through computer networks and conduct low-grade, daily attacks. When cyber intruders use known paths, risks are contained. The U.S. Cyber Command can even gain information on adversary capabilities. Striking back alerts the Russians and other attackers, and forces them to seek new means of entry. That’s more dangerous. Not everyone approves of this approach, but it’s a factor.

Russia and the United States have until Feb. 5 to renew or cancel the New Strategic Arms Reduction Treaty (START). Some will say this is no time to provoke President Putin with cyber retaliation.

Cyber experts also fear accidental damage. "It’s complicated," Clapper said Friday. No kidding. "The truth is we don’t fully understand how all these networks fit together, and there can be unintended results," Michael Daniel, CEO of the Cyber Threat Alliance and a top cybersecurity official in the Obama administration, said in 2018. Cyber specialists prefer to penetrate the networks, but they hold back from shutting systems down or causing other touchable damage.


Most of all, America needs to be able to launch cyberattacks in wartime to disable enemy air defense networks, missile launch systems and other important targets. The U.S. Cyber Command may not want to act now and reveal and sacrifice its special tools and access points. Right now Russia, China, North Korea, Iran and others don’t know all the U.S. can do to them in a cyberattack. Let’s keep it that way, this argument goes.

Unfortunately, Russia has pioneered cyberwar and excels at it. Team Trump empowered America’s cyberwarriors to match enemies move for move. But Team Biden will have to do even more, or America may suffer serious damage.


Source: Read Full Article