Russia’s cyber-attacks on the United States, have not been limited to interfering with the 2016 elections. Nor did Russian spying, stealing information and spreading disinformation begun in 2013 when several of them conspired to interfere with and undermine the 2016 elections results. The Russians have been at it since the early days of the former Soviet Union, long before cyber and Putin.
As previous annual Worldwide Threat Assessments of the US Intelligence Community has been warning over many decades, the February 13, 2018, report, also spoke of the Russian threat. But about the 2016 elections, it stated that Russia’s “use of cyber-attacks as a foreign policy tool …has been mostly limited to sporadic lower-level attacks.”
The Russian interference in the U.S. presidential elections was discussed in this and many previous threat assessment reports and by current and previous chiefs of the nation’s intelligence agencies testifying before the Senate Intelligence Committee. The federal indictment of thirteen Russian nationals and three Russian entities associated with the Kremlin, which was announced a few days later, alleged the Russians’ goal was to increase “confusion, discord, and rancor” among Americans.
Since then Russia’s cyber interference has been the major topic covered by the “Russia Collusion” obsessed media, which is oblivious to the exponentially growing cyberattacks on America’s vulnerable critical infrastructures. Had the media paid similar attention to the growing cyberattacks on America’s energy and the electric grids, telecommunications, water/dams, transportation, health industry, and finance, a better-informed public would have pressured Congress and the government to take the necessary steps to mitigate such threats.
The Russians have done what they always do, and they have been joined by other adversaries of the U.S.; they have taken advantage of easily penetrable social media sites, paid for ads with stolen bank accounts they acquired with false identities. While the FBI and other government agencies have pointed out that the Russian’s ploy had been very limited, they should have also pointed out what the report and the Director of National Intelligence Dan Coats emphasized in his testimony, that the U.S. government, public, and private cyber systems, including social media, are vulnerable to attacks in the form of ‘Information Warfare,’ spying, financial crime, data deletion, localized and temporary disruptions of critical infrastructure – also from China, Iran, North Korea, as well as individuals mostly in Eastern Europe, transnational criminal and global terrorist organizations.
How did the U.S., which developed the Internet and has the foremost cyber defense experts got here? Why did the U.S. cyber defense fell so far behind?
While Russia’s cyber information warfare against the U.S. began in the 1990s, using the Internet, the rapid development of cyber technology led to growing dependency of the government, industries, businesses and the public on electronic systems that had little or no security. The American market, which focused on developing newer and faster technologies, has left the door open to intruders. And for a long time, there was little if any effort to provide cyber-literacy to the general public, business leaders and even elected officials. Indeed, even Hollywood produced well-informed movies, failed to convey the message that cyber-attacks could pose an existential threat.
On May 29, 2009, President Obama issued his first Comprehensive National Cybersecurity Initiative, declaring: “From now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.” Two years later, Obama boasted his “Administration’s Cybersecurity Accomplishments.” Similar executive orders strategies and press releases were issued, all focusing on “process.” Not surprisingly the number and scope of cyber-attacks on U.S. government agencies, infrastructure, and all electronic devices in public and private use, have increased exponentially.
Instead of focusing preventing interference with the operation of America’s 16 critical infrastructures, including the energy and the electric grid, telecommunications, water/dams, transportation and finance – all vulnerable to cyber-attacks, and developing secure alternative systems, the Obama administration pushed for international cybersecurity standardization for Internet of Things (IoT), which exposes all its users to increased risk of attacks.
The failure of his administration to strengthen the nation’s cyber resilience did not stop Obama from taking undue credit for Enhancing National Cybersecurity. On December 2, 2016, before leaving office, Obama presented a report boasting about:
- Raising the level of cybersecurity defenses in the public and private sectors;
- Deterring and disrupting malicious cyber activity aimed at the United States or its allies; and
- Effectively responding to and recovering from cybersecurity incidents when they occur.
As Obama was claiming victory, the Russians, Chinese, North Koreans, Iranian and others have easily hacked into and plundered information from almost all cyber networks operating in the U.S., breaking easily into any system, including the governments. Neither Obama nor his chief intelligence officials mentioned Russian cyber foul play with the U.S. election system, although it was well under way while he was in office. Did they know? If they did, why weren’t the Russians stopped? And why was a Kremlin-affiliated “cybersecurity” company allowed to operate in the U.S. and provide services to agencies related to the U.S. government? Why didn’t the Obama administration ban the use of Chinese made computers, mobile devices and applications in all government offices and contractors?
Last May, President Trump issued his Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, and his December 2017, National Security Strategy acknowledged the role of both criminal entities and the “governments of Russia, China, North Korea and Iran” in efforts to “destabilize the economy and threaten the nation’s critical infrastructure.” The strategy paper promised, “The United States will deter, defend, and when necessary defeat malicious actors who use cyberspace capabilities against the United States.” This strategy could have looked promising if the budget to increase cybersecurity would have been larger than the 4 percent allocated, and if 18 percent of the budget for the critical cyber research at the National Institute of Standards and Technology, would not have been cut, but boosted. Moreover, the President’s recent $1.5 trillion infrastructure plan has failed to even address cyber, ignoring the fact that advanced cybersecurity is a condition to properly functioning airports, bridges, factories and all electronic devices used in our everyday life, including the mobile phone the President is using is Twitter account to broadcast his messages to the world.
Obama’s eight years in office have exacerbated the vulnerability of country’s cyber systems and facilitated easy access to the nation’s secrets, defense systems and intellectual properties costing untold damages. Catching up with eight years of neglect in the ever-evolving cyber realm is a Herculean task that has to be accomplished in the very near future.
But catching up and developing advanced preventive and offensive tools is a must. Media reports have been indicating the Pentagon has cutting-edge cyber tools and capabilities for defending and attacking networks. Such tools, with some modifications, should be used to secure all critical civilian infrastructure and other public utilities.
Though “CIA Director Mike Pompeo, assured the Committee that the intelligence community has “some capabilities offensively to raise the costs for those who would dare challenge the U.S.,” he acknowledged the problem is “complicated” and urged the U.S. government to develop a proper response.
Pompeo suggested, the government should immediately address the much needed cyber strategic body in the form of a Cyber Manhattan Project that would develop the appropriate tools to counter and deter cyber-attacks on the U.S. Public-private partnerships are necessary to meet this effort. This effort needs to be coordinated and funded by the highest levels of the Executive branch, headed by a Cabinet member who could easily access the President.
America is already “under attack,” and it is just one second away from an attack on its cyber infrastructure. Securing the system now is a priority.