These Recent Hacks Look Really Bad. How Should America Respond?

Politicians and cybersecurity experts weigh the options.

Andrew Brookes/Image Source via ZUMA Press

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

In the wake of a massive, potentially catastrophic hack that is reportedly affecting numerous federal agencies and large US corporations (the scope of the intrusion is not yet fully known), a growing number of government officials, including President-Elect Joe Biden, are calling for an aggressive response. 

But what that should be is up for debate. Experts in the information security field are characterizing the deep penetration of important computer networks as acts of espionageearly signs point to Russia—but some politicians are casting the hacks in much starker terms. Sen. Dick Durbin (D-Ill.) called it “virtually a declaration of war by Russia.” Sen. Marco Rubio (R-Fla.), interim chair of the Senate Intelligence Committee, urged patience with attribution but, “America must retaliate, and not just with sanctions.” Biden said his administration would “elevate cybersecurity as an imperative,” and added that “a good defense is not enough; we need to disrupt and deter our adversaries,” and let potential attackers know that “I will not stand idly by in the face of cyber assaults on our nation.”

President Donald Trump has not said a word about the hack publicly, but his press secretary, Kayleigh McEnany, insisted the government was “taking all necessary steps to identify and remedy any possible issues related to the situation.”

It’s not as though the federal government has entirely sat on its hands, says Javed Ali, a University of Michigan professor focused on national security and cybersecurity policy. In the wake of Russia’s 2016 election meddling, Congress imposed sanctions and President Barack Obama’s administration expelled Russian “diplomats” suspected of intelligence activities. The US government has also grown more aggressive in conducting its own cyber operations and naming and indicting foreign hackers—as Special Counsel Robert Mueller did with certain Russian military hackers and the Justice Department did more recently, accusing Chinese military hackers of conducting operations related to COVID-19 research. Ali told me that if the hacks can be tied back to Moscow, they are just the latest in a string of significant and aggressive cyber operations perpetrated by elements of the Russian government against local, state, and federal governments and corporate entities. “We clearly have not imposed the right level of costs,” says Ali, who previously served at the Department of Homeland Security, the FBI, and the National Security Council.

Shortly after the November elections, the New York Times reported on the apparent success of American policy that relied on “persistent engagement” and “defend forward” tactics to stay ahead of foreign adversaries. In a recent piece, however, the Times pointed out that the “tens of billions” the US spent on its cyber capabilities was not sufficient to thwart “among the greatest intelligence failures of modern times.”

“We did a victory lap after the election,” Ali says. “Putin must have been laughing … the whole time. He’s like ‘You guys have no idea what we’re really doing to you.’”

The FBI, the Cybersecurity Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence issued a joint statement Wednesday acknowledging “a significant and ongoing cybersecurity campaign” dating back to March 2020 that has affected multiple federal agency networks. The announcement came a little more than a week after FireEye, a major cybersecurity firm, revealed it had been the victim of a hack, and that the tools it used to investigate cyber activities were stolen. Subsequent reports suggest that Homeland Security, Energy, and Treasury were among the departments compromised, along with local governments in Texas and Arizona. 

The hackers, whoever they are, implanted malware into an update for a product supplied by the IT services company SolarWinds that’s used by many government and private-sector organizations. The malware appears to have been downloaded and installed by more than 17,000 customers. Officials don’t know, or have yet to reveal, exactly what the malware allowed the attacker to do—whether it was used simply to access information, or rather to establish a foothold for more serious future activity, such as the modification or deletion of important data, or destruction of infrastructure.

Brad Smith, the president of Microsoft, wrote in a blog post Thursday that the activity represents “a broad and successful espionage-based assault on both the confidential information of the US Government and the tech tools used by firms to protect them.”

In an op-ed this week, Alex Stamos, the former chief information security officer for Yahoo and Facebook, and now director of the Stanford Internet Observatory, wrote that, beyond retaliation, the US government needs to up its own cyber game. He suggests the creation of a new government division to track attacks, investigate incidents, and issue recommendations. Stamos also called for stronger laws to force government agencies or private corporations to publicly disclose breaches that now fly under the radar, a strengthening of CISA’s abilities to defend public and private networks, and the appointment to key government roles of people with actual experience defending computer networks from attacks.

Security experts agree the feds need to get better at defense. Less clear is how the government should retaliate to these latest attacks. No option is perfect, Ali says. These hacks seem to be “a dramatic escalation,” so the question is how aggressive the response should be, and whether it should be made public.

“Proportional response, whatever that is, loses some of its value if people don’t know that something has happened,” he says. “Even if you’re able to conduct the operation and achieve the effects that you want, are we then willing to publicly acknowledge them and then incur the consequences?”

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate