After the explosive revelation from intelligence and law enforcement agencies that claim Russia intervened to help Donald Trump win the U.S. presidential election, the U.S. has several response options and means to mitigate further attacks. All of these actions will be fraught with the danger of escalation and ironically, they will have to be executed by a new administration that appears to have benefitted from them.
It seems Russians hacked into emails from both the Democratic National Committee and Republican National Committee and then chose to release only the DNC emails. These attacks destabilize and undermine confidence in the U.S. electoral process, and they must be addressed in a serious and proportional way ― just as we would for a non-cyberattack.
1. Define the extent of the cyberattacks.
Our intelligence agencies must rapidly work together to provide both the executive and legislative branches with a coherent analysis that is timeline-driven and well substantiated. Internal fights between various agencies, i.e. between the CIA and FBI, are highly counterproductive. The Obama administration already launched one investigation, and a full report will be released before he leaves office.
A bipartisan coterie of very senior senators (McCain, Reed, Schumer and Graham) is likewise demanding an independent congressional investigation ― a very good idea. All of this will be occurring in the normal confusion of one administration leaving office and another trying to form a cabinet and prepare to take up governance ― but it mustn’t fall through the cracks.
2. Put the attacks in the larger context of Russia’s information warfare.
There are four key elements to the Russian approach to undermining sovereign states which have been on display most obviously in Ukraine and are part of Russia’s hybrid warfare plan. The four elements are powerful propaganda campaigns using state-sponsored entities, like Sputnik and Russia Today; internet “trolls” who plant fake news stories, social media posts and comments; endorsements and statements from Putin himself; and most worryingly, cyberattacks designed to manipulate public opinion by exposing campaign plans and internal communications.
3. Provide detailed evidence to the American public and to Electoral College members about what happened.
Much of the evidence underlying the conclusions will of course be highly classified, and our sources and methods must be protected. But in order to maintain the public’s confidence in both the electoral process and in our response to the attacks, a convincing public case must be made ― not only in the U.S. but in the court of world opinion as well.
4. Construct a swift and proportional response.
We need to construct responses that bear some similarities to the attacks we suffered. Some of the responses to consider include:
- Meeting privately with Russian leadership and laying out the full case of the attacks, proving our knowledge of their activities.
- Using clandestine cybercapabilities to privately damage Russian financial accounts, particularly those belonging to Russian leadership, many of which are offshore.
- Overtly and publicly revealing embarrassing offshore financial holdings of Russian leadership and nationalist organizations.
- Attacking Russian internal security systems used to suppress dissidents and spy on Russian citizens.
- Revealing the level and extent of corruption in Russian corporations.
- Increasing our level of defensive cybersecurity across the spectrum of government.
5. Create a “mutually assured destruction” doctrine in which countries agree to abstain from cyberattacks like they do nuclear attacks.
We need to improve dialogue with Russia and China to begin to develop norms of behavior in the area of cyberweapons that are similar to those regarding nuclear weapons. As cyberweapons and cyberattacks increase in scale and intensity, it will be difficult to defend against them all. We need nations to choose to not launch such attacks because they know the retribution will begin a mutually defeating cycle of attacks. Much policy and theoretical work needs to be done in this area to make such thinking a reality.
6. Elevate cybersecurity to a cabinet position in the new administration.
The simplest way to quickly do so would be to take the existing position of director of national intelligence and add cybersecurity to his or her portfolio, so that the DNI would become the DNIC: director of national intelligence and cybersecurity. Today, cybersecurity is shared by the Department of Homeland Security, the FBI, the CIA, the Department of Defense and other interagency actors. A new DNIC would thus integrate these widely disparate cybersecurity efforts.
If we discover through a thorough and unbiased investigation that Russia has indeed attacked our electoral process directly with the intent to influencing the process, our response needs to be robust, rapid and proportional. This will shape our relationship with Russia profoundly. Facing the cyberdogs of war is a difficult first issue to tackle, and it will require both a willingness to confront Russia directly and some creativity to respond proportionately. This will be an early test of the nascent Trump administration ― let’s hope it is up to the challenge.