With Trump silent, reprisals for hacks may fall to Biden

All fingers are pointing to Russia as source of worst-ever hack of U.S. government ncies. But President Donald Trump, long wary of blaming Moscow for cyberattacks, has so far been silent. lack of any statement seeking to hold Russia responsible casts doubt on likelihood of a swift response and suggests any retaliation wher through sanctions, criminal charges or cyber actions will be left in hands of President-elect Joe Biden’s incoming ministration.

“I would imagine that incoming ministration wants a menu of what options are and n is going to choose,” said Sarah Mendelson, a Carnegie Mellon University public policy professor and former U.S. ambassor to U.N.’s Ecomic and Social Council. “Is re a gruated assault? Is re an all-out assault? How much out of gate do you want to do?”

To be sure, it's t uncommon for ministrations to refrain from leveling public accusations of blame for hacks until y've accumulated eugh evidence. Here, U.S. officials say y only recently became aware of devastating breaches at multiple government ncies in which foreign intelligence nts rooted around undetected for as much as nine months. But Trump's response, or lack reof, is being closely watched because of his preoccupation with a fruitless effort to overturn results of last month's election and because of his refusal to publicly ackwledge that Russian hackers interfered in 2016 presidential election in his favor.

Exactly what action Biden might take is unclear, or how his response might be shaped by criticism that Obama ministration did t act aggressively eugh to thwart interference in 2016. He offered clues in a statement Thursday, saying his ministration would be proactive in preventing cyberattacks and impose costs on any versaries behind m.

U.S. government statements so far have t mentioned Russia. Asked about Russian involvement in a rio interview Monday, Secretary of State Mike Pompeo ackwledged that Russia consistently tries to penetrate American servers, but quickly pivoted to threats from China and rth Korea.

Democratic Sens. Dick Durbin and Richard Blumenthal, who were briefed Tuesday on hacking campaign in a classified Armed Services Committee session, were unequivocal in blaming Russia. re are or signs within ministration of a clear-eyed recognition of severity of attack, which happened after elite cyber spies injected malicious code into software of a company that provides network services. civilian cybersecurity ncy warned in an visory Thursday that hack posed a “grave risk" to government and private networks.

A response could start with a public declaration that Russia is believed responsible, alrey a widely shared assessment in U.S. government and cybersecurity community. Such statements often aren’t immediate. It took weeks after incidents became public for Obama ministration to finger rth Korea in Sony Pictures Entertainment hack in 2014 and for n-national intelligence director James Clapper to confirm China as “leing suspect” in hacks of Office of Personnel Manment.

Public naming-and-shaming is always part of playbook. Trump's former homeland security viser Thomas Bossert wrote this week in a New York Times opinion piece that “ United States, and ideally its allies, must publicly and formally attribute responsibility for se hacks.” Republican Sen. Mitt Romney said in a SiriusXM rio interview that it was “extraordinary” White House has t spoken out.

Ar possibility is a federal indictment, assuming investigators can accumulate eugh evidence to implicate individual hackers. Such cases are labor-intensive and often take years, and though y may carry slim chances of courtroom prosecution, Justice Department regards m as having powerful deterrent effects.

Sanctions, a time-hored punishment, can have even more bite and will almost certainly be weighed by Biden. President Barack Obama expelled Russian diplomats over 2016 election interference, and Trump ministration and Western allies took similar action against Moscow for its alleged poisoning of an ex-intelligence officer in Britain. Exposing Kremlin corruption, including how Russian President Vlimir Putin accrues and hides his wealth, may amount to even more formidable retaliation.

“This isn't just a tit-for-tat or hacking back into ir systems,” said Mendelson, former ambassor. “It's, ‘We’re going to go for what you really care about, and what you really care about is funds that are stashed, and revealing larger network and how it’s connected to Kremlin.’”

U.S. can also retaliate in cyber, a path me easier by a Trump ministration authorization that has alrey resulted in some operations. Former national security viser John Bolton told reporters at a 2018 briefing that offensive cyber operations against foreign rivals would w be part of U.S. arsenal and that U.S. response would longer be primarily defensive.

“We can totally melt down ir home networks,” said Jason Healey, a Columbia University cyberconflict scholar. “And any time we see ir operators popping up y kw that we are going to go after m, wherever y are.”

U.S. Cyber Command has also taken more proactive measures, engaging in what officials describe as “hunt forward” operations that let m detect cyber threats in or countries before y reach ir intended target. Military cyber fighters, for instance, partnered with Estonia in weeks before U.S. presidential election in a joint operation aimed at identifying and defending against threats from Russia.

While U.S. is also prolific in its offensive cyber intelligence-garing tapping allied foreign leers’ phones and inserting spyware into commercial routers, for instance such efforts are measured compared to infection of 18,000 government and private-sector organizations in SolarWinds hack, Healey said.

better response — since espion itself is t a crime is to triple down on defensive cybersecurity, Healey said. David Simon, a cybersecurity expert and former Defense Department special counsel, said re must be consequences for those who responsible for attacks — and Trump ministration “has fallen far short in holding Kremlin accountable.” “Until it’s clear U.S. will impose meaningful costs on versaries," he said in an email, “a material change in Kremlin’s behavior is t likely to be seen.”

(Im Credits: AP)