The risk of foreign hackers shifting the outcome of the U.S. presidential election has likely been exaggerated. Nevertheless, officials and policy makers reportedly “do anticipate so-called cyber mischief, including the possible release of fake documents and the proliferation of bogus social media accounts designed to spread misinformation,” according to NBC News.
To fight back against such shenanigans, however, our friends in the media inform us that the government is prepared. “U.S. military hackers have penetrated Russia’s electric grid, telecommunications networks and the Kremlin’s command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News.”
As Mike Masnick of TechDirt points out, a leak of this kind of highly classified information might receive a different response if the source was someone like Edward Snowden, rather than an anonymous official who was in all likelihood given the green light for their leak as part of a planned psychological operation, albeit a fairly obvious one.
Instead of mainstream media and official outrage over the irresponsibility of NBC and the national security risks posed by its exposure of U.S. capabilities, Masnick points out that “since it’s the US government leaking this info, no one seems to care. Of course, that’s because everyone knows what’s going on here. This is US officials basically telling Russia: ‘Hey, don’t mess with our election or we’ll do some cyber stuff.’ The claim that the US has hacked into Russian systems is certainly believable. That’s what the NSA does after all (y’know, when it’s not collecting info on Americans).”
But despite the rhetoric and propaganda — a barrage that has reached overwhelming levels in the final days of the election cycle — it is actually not even clear that the military is sufficiently prepared for “cyber war.” According to Adm. Mike Rogers, the present head of both the National Security Agency (NSA) and US Cyber Command (Cybercom), which was created in 2009, the two agencies are in the midst of “working our way through that process” of finding the “right process” and the “right time” to separate and find someone else to take over half of Rogers’ duties.
The proposed NSA-Cybercom split has been suggested due to legal definitions of what constitutes a cyber “attack.” Asof C4ISRNET explains:
Both organizations, while often times conducting similar activity, are defined under different statutory terms. CYBERCOM, as a military organization under the chain of command of the secretary of defense, falls under Title 10 of the United States Code. The NSA, on the other hand, as an intelligence organization falls under the scope of Title 50, though it does perform Title 10 duties from time to time. These legal distinctions trigger certain roles and responsibilities for the organizations that govern them.
Accordingly, it seems that the kind of “attack by secret American cyber weapons” discussed in the NBC article published Friday and referenced above would fall firmly within the responsibilities of Cybercom, rather than NSA. Yet Cybercom’s 133 “Mission Force Teams” have only just “achieved initial operating capability” within the last three weeks, according to the Pentagon.
And while the kind of disruptions to the Russian electric grid or telecommunications systems described in the NBC article would be Cybercom’s responsibility, the agency also has higher priorities — namely, defending against attacks.
At the annual MilCom (“military communications”) conference in Baltimore last week, Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency, reportedly gave a presentation in which he noted that the Defense Department’s computer network blocks hundreds of millions of access attempts every day “and 1.1 billion operational events take place every month in terms of defensive cyber operations to protect the network.” As paraphrased by C4ISRNET, “the force still has work to do.”
Meanwhile, according to a report today from Breaking Defense, simulated battlefield hacking and jamming exercises in the past year and a half “have already revealed cybersecurity shortfalls” which led to changes in personnel, with the assignment of network defense specialists to every brigade. Yet more challenges clearly still lie ahead.
“In particular, electronic warfare specialists — long a neglected field in the Army — are a late addition to the team,” the report notes. It also points out that the military requires a “cultural change to get some Army officers to take (electronic warfare) and cyber seriously.”
In any case, it seems that Vice President Joe Biden’s claim in recent weeks that the U.S. will be “sending a message” to Russia in retaliation for its alleged election meddling “at the time of our choosing” because “we have the capacity to do it,” may be little more than political posturing. The Russian government, if truly responsible for hacking the emails published by Wikileaks (though Wikileaks denies that it is) has so far acted with great confidence that it can do as it pleases without fear of serious U.S. retribution.
If Russia is really responsible for email leaks from Democrats, but the U.S. is unable to deter further disclosures simply by using typical means of leverage and covert bargaining inherent to the shadowy world of international espionage, it doesn’t seem likely that spreading disinformation to try to sway public opinion will do much good. If the Russians are doing the hacking, it’s because they know that if we could do anything about it, we would have done it already. The American government isn’t fooling anyone with this latest talk of cyber retaliation against Russia — except for, perhaps, the American public.