Security Experts:

Obama to Announce Retaliation Against Russia for Election Hacks

US Plans Response to Russia Hacking

The Obama administration is thought to be finalizing its response to Russian interference in the 2016 election. This could include any combination of economic sanctions, criminal indictments or a cyber response -- but the intention is to get something in place that cannot easily be rolled back by President-elect Donald Trump. Details could be announced as early as this week.

Government agencies have concluded that Russia, likely with the personal direction of Vladimir Putin, were behind the DNC hacks earlier this year. This is thought to be part of a wider 'disinformation' campaign designed to support Trump over Clinton. Similar disinformation concerns have been raised in Germany over next year's German elections.

One of Obama's problems is that he has limited means to invoke retaliation at this stage of his presidency. A 2015 executive order allows sanctions against people who harm computer systems that are part of the US critical infrastructure (CI) or seek to gain competitive advantage through the cybertheft of commercial information; but elections have not been considered part of the CI.

Criminal indictments, similar to those brought against Chinese military officials in 2014, will depend upon irrefutable legal evidence; and it is thought that the FBI is not convinced that it yet has enough evidence that could be used in a criminal case.

There is ample scope for economic sanctions. Limited sanctions already exist to punish Russia for its actions in the Ukraine, and these could be expanded. However, the danger is that such action could also have an adverse effect on European economies that already rely heavily on Russian energy. Economic sanctions could also be removed easily by the new administration next year.

Some form of covert cyber retaliation is a strong option; but brings its own problems. One difficulty would be in containing the action in a way that would not lead to an escalation of cyber conflict -- and it has been suggested that leaking personal and embarrassing information on senior Russian officials could be an option.

Anything more extensive could be dangerous. "While offensive cyber operations can be highly precise munitions in that they can be directed to only impact specific targets," comments Steve Grobman, CTO with Intel Security, "the global and interconnected nature of computing systems can lead to unintended consequences."

He warns that unintended escalation of serious cyber retaliation is a real danger. "Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict. This increases risk to civilian populations as countries see the need to retaliate or escalate."

The main problem for Obama is that the whole issue of 'cyber retaliation' is both new and unformed. Mike Anders, cyber intelligence investigator at Shadow Blade Technologies LLC, explains: "Sanctions are likely to be ineffective for a variety of reasons. The Russians are well used to sanctions. The Russian people themselves are far more resentful of their imposition than respectful of any kind of deterrent effect. Furthermore, there has yet to be any serious, open discussion as to what constitutes 'deterrence' and what that even means in the cyber domain or what role 'sanctions' might play. Retaliation? Should 'cyber retaliation' be considered in the same light as 'nuclear retaliation'; and if so, why? Moreover, if not, why not?"

The main problem, Anders believes, is a general lack of preparedness. "While some have thought about the problem, there has been little if any public policy discussion in either the media or with the very public in whose name sanctions would be implemented, much less any kind of kinetic or non-kinetic retaliation. Again, a prime example of doing too little, too late, without much thought."

It could be that the primary gain from these events will be for the future. Obama's problems are widely thought to stem from the omission of election systems from the definition of 'critical infrastructure'. "We strongly encourage any effort to expand the definition of the country's digital infrastructure to include the nation's election systems," says Grobman. "We usually consider critical infrastructure to include life-sustaining services such as water, power, transportation, and first responder communications. But, given that election systems are the foundational organs of democracy, we must protect them accordingly."

Once election systems are clearly defined as critical infrastructure, that alone will have a deterrent effect on nation state adversaries -- if only because it makes retaliation easier and better justified.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.