A EurasiaNet Partner Post from: Russia Matters

As Russia’s alleged cyber-intrusions into U.S. affairs continue to grab headlines and defy easy explanation, the Cyber Security Project at Harvard’s Belfer Center convened a panel of experts on Russia, cyber security and the intersection of the two to shed light on some of the murkier parts of this unfolding story. Below are highlights from the speakers’ Russia-related responses to questions and full video of the Feb. 1 event.

We also recommend the paper co-authored recently by Drs. Buchanan and Sulmeyer, “Russia and Cyber Operations: Challenges and Opportunities for the Next U.S. Administration,” which provides insight both into the current state of Russian cyber activities and into their history.

Russia
Image source: Wikimedia Commons
Russia

Speakers:

David Sanger, award-winning national security correspondent for The New York Times and senior fellow at the Belfer Center; co-author of the Dec. 13, 2016, Times story “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.

Fiona Hill, director of the Center on the United States and Europe and senior fellow in the Foreign Policy program at the Brookings Institution; co-author of the “Mr. Putin: Operative in the Kremlin and a former national intelligence officer for Russia and Eurasia at the National Intelligence Council

Ben Buchanan, fellow at the Belfer Center’s Cyber Security Project; author of the forthcoming book “The Cybersecurity Dilemma

Moderator:

Michael Sulmeyer, director of the Belfer Center’s Cyber Security Project

THE COMMENTS BELOW ARE SUMMARIZED AND PARAPHRASED, NOT VERBATIM; speakers identified by initials.

Q: Where are we today, with a new administration in place, in terms of Russia and cyber?

FH: We are not at that much of a different place with Russia than we normally are during the beginning of new administrations. Think back to Ronald Reagan and George H. W. Bush who both had to rethink and deal with a drastically changing relationship with Moscow. What is unusual is the backdrop of an American election process with unprecedented efforts by Russia to have influence in it, although Moscow denies this. It is, however, not unusual for one power to want to have a say in what another power does, whether an adversary or a friend. It is just that the technological tools for having an impact have improved and, with a few taps of computer keys, rather than physical action, you can start to shape events.

BB: Russian cyber hacking goes back a long way, to the “Moonlight Maze” case in the 1990s. This is an old tactic in new clothes and is incredibly powerful to nations today. The U.S. Department of Defense talks about holding targets at risk, and Russia has done a fair amount in this area. What’s significant here is that if you build a conventional weapon, like a missile, you can target and re-target it quite quickly. Effective cyber tools need time to get access to a target and to develop a tailored effect. We have seen the Russians doing prep work before, even if it was not as high-profile. And the Russians recognize the power of cyber operations, not just to steal information but also to attack.

DS: The title of our Times story, “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.,” reflects the situation Russia finds itself in today. Russians do not see any advantage in controlling us [the U.S.] “frontally,” or by provoking a major response, or a kinetic response. Cyber is perfectly designed for conducting a low-level attack that could be used for espionage, for influence operations (merging an old Soviet tactic from the 1940s with modern means) or for full-scale attacks (like what the U.S. did against Iranian nuclear infrastructure). The trick for the Russians was to find something inexpensive and deniable that would count on our inability to detect quickly and respond decisively. And indeed the U.S. response was slow and confused—to a greater extent probably than the Russians had hoped.

To recap the timeline: The U.S. was alerted by an allied intelligence service about an attack on the Democratic National Committee in fall 2015. Because the U.S. doesn’t want to reveal where intelligence comes from, the process of following up was circuitous and low- to mid-level: from Homeland Security to an FBI agent to a completely clueless IT group hanging around the DNC’s computer systems, who don’t return calls because they don’t really believe it’s the FBI getting in touch. Months are spent on this back-and-forth. The whole response is so slow that the president does not hear about the situation till June 2016. In the interim, the Russians went beyond the DNC, into the email account of [Hillary Clinton’s campaign chief] John Podesta. We actually found evidence of 128 private email accounts within the Clinton campaign that they tried to get into, but they only broke into two, because only two people didn’t have two-factor authentication on their Gmail. It was only months later, when an attack by Russian military intelligence (the GRU) was discovered, that the DNC hard drives got cleared. Timing of the leaks seemed strategic: The first public release of the hacked information came just before the DNC national convention and resulted in a high-level resignation; the next release came within hours after the news about a tape of then-candidate Donald Trump saying some fairly crude things. These leaks first came over two channels that we believe the Russians themselves set up and, when those weren’t getting enough clicks, the materials went to WikiLeaks.

So what was unusual? 1. We did not expect Russia to use the tactics they had used in Europe against the U.S. 2. We failed to anticipate that a group like the DNC, or the RNC, would be an easy target. 3. The FBI responded extremely slowly and unenergetically, without even taking the short walk over to DNC headquarters. 4. When President Obama finally got the information, he didn’t want to be seen as intervening in the election on the Democrats’ behalf, so he reacted slowly and carefully. Taken together, this is a case study in how not to respond to a situation like this.

Q: A recent headline said “Czechs suspect a foreign power in email hacking.” Is this the Russians? Is this part of their playbook? How is it all related to “what makes Putin tick and what the West should do” (an excerpt from the excellent book by Fiona Hill and Cliff Gaddy)?

BB: Interfering in others’ elections is not a new trick the Russians have worked out. In fact, one study shows that between 1945 and 2000, Russia/the Soviet Union and the United States combined tried 117 times to influence foreign elections, whether openly or covertly. The electronic aspect is new. Russian attempts at cyber-interventions in other countries’ elections are not likely to stop. Europeans are concerned, especially in countries where elections are coming up. Maybe rightfully so. The question is: What are they going to do about it? Germany has been calling Russia out, but it’s not clear that works as a deterrent. Smaller nations like the Czech Republic may be more vulnerable. This story is not going away.

FH: Russia’s cyber activities are an extension of Putin’s willingness to fight, as we wrote in the conclusion of the book, “for as long and as hard (and as dirty) as he

1, 234  - View Full Page