The American intelligence report on the supposed interference in the US Presidential Elections by Russian intelligence agencies was criticized for a lack of facts and an abundance of rhetoric. However, Valdai Club expert Oleg Demidov, a cybersecurity strategy consultant at the PIR-Center, believes that it should be treated seriously: President-elect Donald Trump recognized the report’s conclusions and there are no reasons to believe that he will not use US legislation to respond to the cyber threat that he inherited from his predecessor.
Last week, US intelligence published the unclassified version of the report on Russia’s actions and goals during the last US Presidential Election. According to the report’s authors, the Russian government made a pointed effort to conduct a campaign of interference into the US elections, using hackers, the WikiLeaks website and a systematic manipulation of public opinion through propaganda.
If the questions occur whether these arguments are reasonable and whether they are supported by technical data in the unclassified version of the report, the short answer is no. The report has no definite technical data, but has a lot of general arguments and rhetoric.
This is rather strange, considering that a certain volume of technical data, signatures of software used in the attack and some data on IP addresses used to transfer traffic during the attack was present in the report published by CrowdStrike, which was contracted by the Democratic National Committee to investigate the incident. There was also the Joint Analysis Report, which was published on the same day as the enactment of sanctions on December 19, 2016. As it turns out, the unclassified portion of the report is about nothing.
However, there are indications of the type of data that could be contained in its classified portion. First it is data received through station chiefs, using intelligence from agents. The second is data received through backdoors and software-hardware implants installed by US intelligence agencies in telecom networks beforehand, including, evidently, Russian Federation network equipment. As far as many of our networks use American network equipment, this is rather realistic.
If we talk about why the US cyberspace security system turned out to be so helpless, the reason is rather simple. The US electronic and digital infrastructure is too enormous, diverse and developed for it to be possible to defend the whole thing. That’s the paradox. From this point of view, the most secure from cyber-attacks state is North Korea, because it has no developed digital infrastructure.
The US’ digital infrastructure is very advanced and considerably outstrips others, including that of Russia. An example is the electric power sector. Digital substations, intellectual control systems, online (software-, app- and browser-based) systems for managing power supply networks are mainstream in the US energy sector. We are only beginning to create such things.
The mainstream tendency today is the creation of new services and development of new capabilities, moving many processes online, which allows for their optimization, decreases in expenses and the creation of new business models. This inevitably leads to increased cybersecurity vulnerabilities.
No cybersecurity system is perfect as long as the human factor exists. It is exploited in most aimed operations and attacks. It was used this time the same way.
The first phase of the operation, whoever may have conducted it, consisted of an ordinary targeted phishing campaign. Employees of the Democratic National Committee received phishing emails that resembled letters from acquaintances. They contained either a link or an attachment with harmful code that was loaded onto the device and then deployed during the next stage of the attack.
In other words, as perfect as the security systems of a facility could be, whether DNC servers or an industrial segment of a chemical plant’s network, there is still a breach in personnel cybersecurity culture, the defense of the facility will never be absolute.
Returning to the report, it should not be considered that its conclusions, despite the unclassified portion’s many obvious shortcomings, will not be taken into consideration by the Trump administration. It is no coincidence that the President-elect rather abruptly changed his point of view and said that he thinks that Russia complicit in the incident.
During the election campaign, Trump tried to formulate his point of view, he called for the creation of so-called Review Team sites. These are supposed to be task forces for the evaluation of critical US information infrastructure, and will be selected from members of the military, law enforcement and the private sector. They are supposed to conduct a systematic and comprehensive inspection of critical infrastructure to examine its security, offer targeted recommendations, plans for improvement and so on. Really, this is a truism: it is all being done without Trump, and it’s a pretty routine activity, not only in the United States, but also other more or less developed countries. Trump has no magic answer to cyber challenges for now.
However, there is a legislative base created by his predecessor. In December, in response to supposed cyberattacks against the US electoral system, Barack Obama enacted sanctions against several Russian organizations and individuals. This was done within the scope of an executive order, signed on April 1, 2015, regarding the arrest of assets of persons involved in malicious activity in cyberspace against the United States.
This is the first instrument of its type. Previously, no one thought that sanctions against foreign officials, persons, organizations and businesses could be enacted in response to cyberattacks. The instrument does not need any international resolutions and is enacted unilaterally. Even if Trump, going by the current situation, cancels the December act on sanctions, the 2015 executive order will remain. In any future episode, if Russia is suspected of another cyberattack, it could be used again, widening the list of persons and organizations under sanctions to infinity.
Other than that, it should be understood that Trump does not exist in a vacuum. His positions must be compatible with the positions of US Senators and Representatives, among whom, a rare phenomenon is taking place: despite the crisis in relations between Republicans and Democrats, there is a coalition, consisting of both, which pushes for the hardening and widening of sanctions that Obama enacted against Russia, for cyberattacks, Syria and Ukraine.
It should also be understood that the position of some Republicans, such as John McCain, Lindsey Graham and Paul Ryan is much tougher than Obama’s. Therefore, hoping that sanctions will be lifted after January 20 and everything will become a thing of the past is rather naïve.