- Kirill Kudryavtsev/Reuters
The US publicly accused the Russian government of orchestrating a series of cyber attacks on US citizens and political organizations for the first time on Friday, stating that “only Russia’s senior-most officials could have authorized these activities.”
“The US Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence said in a statement.
The statement comes after a week of tension between the US and Russia over Syria, and amid months of highly publicized cyber attacks and email leaks targeting the Democratic National Committee. Leaked emails from Democratic Party officials have appeared on Wikileaks and the website DCLeaks.com in recent months.
US voting systems across the US have also been targeted by hackers over the past few months, but the DHS did not explicitly link those incidents back to the Russian government in its statement on Friday.
“These thefts and disclosures are intended to interfere with the U.S. election process,” the statement said. “However, we are not now in a position to attribute this activity to the Russian Government,” the statement said.
It is unclear what the US government will do to retaliate against Russia. The Obama administration has been weighing various measures, from sanctions to authorizing covert action against computer servers in Russia, the New York Times reported, but Obama has yet to sign off on anything concrete.
- REUTERS/Jason Reed
When asked earlier this week about how the US should respond to reports that its e-voting systems have been targeted, Donald Trump replied that the US should retaliate aggressively and go “on the offensive.”
Cyber security experts are divided over whether a more offensive posture would deter potential hackers, or if it would escalate the global cyber war further.
“It seems like Trump wants to have a detente strategy similar to how we have traditionally handled nuclear weapons,” Jason Glassberg, co-founder of cybersecurity firm Casaba Security, t0ld Business Insider.
“You use yours, we use ours, nobody wins, world destroyed. I don’t think that will work. The hacking game is ever changing and ever morphing, and ranges from the very sophisticated, to the downright lame.”
Glassberg noted that since there are no rules governing cyber warfare, the US would largely be making it up as it goes along when it comes to retaliating – and foreign governments might see it as a free-for-all when it comes to striking back.
“Escalation is a real risk when you start engaging the attackers, instead of focusing on defense,” Glassberg said.
“Every time you escalate a cyber conflict, instead of trying to do the opposite, you raise the risk level for more businesses to end up as collateral damage. Foreign governments may also believe they are justified in targeting things like critical infrastructure, if they consider themselves to be engaged in an actual cyber war.”
- REUTERS/Jim Watson/Pool
Glassberg noted – much as Trump himself has when discussing US counterterrorism strategy – that it would be unwise for the US to show the world how capable it is of staging harmful attacks against its adversaries.
Samuel Bucholtz, the co-founder of Casaba Security, largely agreed that engaging in a cyber war would disproportionately harm civilians. He noted that “cyber is a two-edged sword,” and is better for intelligence gathering than it is for actual warfare.
Still, others disagree.
Michael Borohovski, co-founder of the cybersecurity firm Tinfoil Security, said that Trump isn’t wrong tocall for a more offense-minded cybersecurity policy in general.
“Cybersecurity is an offensive game – focusing only on defense essentially means you are always behind,” Borohovski told Business Insider in an email.
Unlike traditional wars, according to Borohovski, “cyber battles” happen simultaneously across unlimited, constantly changing fronts. On a traditional battlefield, one side can afford to lose a few battles and still win the war. That’s not the case in cyberspace.
“Attackers only have to succeed once – defenders have to succeed every time,” Borohovski said.