Going beyond sanctions?
Current and former national security officials still agree that the US should somehow retaliate for the latest Russian cyber campaign, in which potential hackers backed by the Kremlin endanger the IT management software of vendor SolarWinds to as much as To break into 18,000 networks worldwide. An intelligence report released Tuesday blamed the use of a “Russian software supply chain operation”, the closest the US has come to formally pointing out the Kremlin.
However, officials also agree that any US cyber response should work with more traditional steps, such as sanctions and accusations. They say the United States should overreact to the violations of SolarWinds, which so far appears to be a Russian intelligence-gathering operation rather than a destructive act of war against the American public.
The Russians “expect us to understand the distinction,” the current US official said.
Some security hawks have urged the US to go further – including former National Security Adviser John Bolton, who before joining the Trump administration in 2018 called for a retaliatory cyber campaign against Russia in response to the Kremlin’s interference in the presidential election. in 2016. He later said that “the retaliation should not be proportionate.”
Such rhetoric frightened some cyber experts, who warned that the US should be concerned about Russia’s potential ability to respond in kind to attacks on critical infrastructure such as its electrical network. “If you contain fuel, you have to carefully throw matches,” Michael Sulmeyer, now the senior cyber director of Biden’s National Security Council, told POLITICO at the time.
Instead, the Biden government is likely to work through a series of potential actions that will make it ‘more difficult’ for the Kremlin’s hackers to operate online, said the former Trump administration official, who spoke on condition of anonymity about the ongoing discuss process.
The US took a similar step during the 2018 midterm elections, when Cyber Command blocked online access to Russia’s infamous internet research agency, a propaganda factory with ties to Putin that spread misinformation about the election and played a key role has in the 2016 interference. . The news of the US retaliation was leaked to the news media, but the military’s elite digital combat organization has yet to publicly acknowledge it.
The White House could decide to target Russia’s military and foreign intelligence services or their assets if Washington can ‘show no doubt’ that they were at least strongly involved in the SolarWinds compromise, the former official said.
A Cyber Command spokesman declined to comment on this story.
Risks of going too far …
In January, Biden ordered U.S. intelligence agencies to give him an assessment of the Russian burglary operation. But the administration runs the risk of complicating its options if it combines its response to SolarWinds with its responses to other malicious activities by Moscow, such as Russia’s reward of US troops in Afghanistan, its interference in last year’s presidential election and the poisoning of the dissident Alexei Navalny. .
The approach would be ‘counterproductive’ because it only tells the Russians that it is typical Americans who are just attacking them, ‘said Dmitri Alperovitch, co-founder of security firm CrowdStrike and now executive chairman of Silverado Policy Accelerator. It will “not send them a message that they need to change one or two specific behaviors.”
He argued that the US should not punish the Kremlin at all for violating SolarWinds, which he said “falls within the realm of traditional espionage” and is generally “very careful not to cause collateral damage.”
“The last thing you need is to basically send them a message that they may be much more reckless next time,” Alperovitch said, adding that the US and its Western allies are already “all that breathes” in Russia approved.
A former National Security Council official familiar with the matter has argued that there is enough room to punish Russia if it is the choice the Biden government makes.
New sanctions could target more oligarchs near Putin, or even Putin himself. The former official said the existing US ban on trading in Russian government debt, which is not a ruble, should be extended.
The reality is that the US could seriously damage the Russian economy through sanctions, the current US official said. The danger is that by turning the knob too far, the economic downturn could spread to Europe and beyond and eventually affect the US market as well.
The government has indicated that its response will include domestic elements, while Biden is looking at executive orders designed to boost the country’s digital defense and better protect critical supply chains.