They leave President Joe Biden, who took office amid multiple crises, with thorny dilemmas about how to respond without escalating a full-on international cyber war and expose him to new political vulnerability. Many of the attacks appear to be the work of criminal gangs on Russian soil, heaping more pressure on the President’s already tense, high-stakes summit next week with President Vladimir Putin during his first foreign trip.
“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally … it’s happening all the time,” Granholm told Jake Tapper on CNN’s “State of the Union.”
Alarmingly, the former Michigan governor said that foreign hackers have the capability to shut down the US power network, and counseled firms against paying ransoms demanded by hackers.
A price to pay
Maine Sen. Angus King, an independent who caucuses with Democrats, warned that the US was now reaping the consequences for failing to respond sufficiently boldly to past attacks by China, Russia and North Korea.
Like the attackers on 9/11, hackers are exploiting gaps in US security systems, and raising questions about the capacity of US intelligence agencies and government departments to combine effectively to thwart attacks.
Such political opportunism raises doubts over whether Biden would be able to unite Washington around him, if he needed to muster a counter-attack from a major breach of US cyber defenses by a hostile foreign power.
Biden to plot defense then go on offense
Given the wide scope of the attacks, the White House must hurriedly muster the defenses of a vulnerable private sector while planning responses that can, as King suggests, make culprits pay a painful price.
But given the huge cost of sweeping changes to cybersecurity posture and security, and the fact that all it takes is one computer user to inadvertently open the gateway to cyber attackers through malware, swiftly ensuring comprehensive protection in the corporate sector is a tough challenge.
“I think there’s been a reluctance to move because I think the private sector has resisted being compelled to cooperate in certain areas. And I think ultimately, there is going to have to be legislation,” Negroponte said.
A showdown with Putin
The fact that the attacks are blamed on private firms gives Putin a veneer of deniability. But given the nature of the Russian security state and the nexus between organized crime and the intelligence services, it is fair to conclude that Putin could stop the attacks if he wanted to. In fact, the attacks appear to align with the Russian leader’s interests. The thrust of his foreign policy over the last decade or so has been to weaken the United States in order to enhance Russia’s relative power and prestige. The chaos and political recriminations sparked by cyberattacks are paralleled by the internal discord sown by what US spy agencies say is Russia’s disinformation and propaganda warfare during the last two US election campaigns — on behalf of Trump.
Republican Sen. Roy Blunt of Missouri said Sunday that the Russians need to start paying a price for tacit acceptance of criminal ransomware attacks.
“You really have to treat Russia like it’s virtually a criminal enterprise,” Blunt said on NBC’s “Meet the Press.” “You know, they harbor criminals, they don’t appreciate the rule of law or any kind of level of personal freedom. And I do think we have to push back.”
Retaliation is a danger in itself
The question of what kind of retaliation the US should launch is a fraught one.
To begin with, the cyber warfare battlefield is in the shadows, meaning there is little public evidence of actions the US may already have taken or the cathartic satisfaction of visible reprisals.
But any counter-attacks need to be calibrated to avoid an escalation that could not only cause a dangerous standoff between the US and other nuclear powers but could also simply invite more attacks on US soil.
But there is little evidence of an effective deterrence. Microsoft recently said that hackers who are part of the same Russian group behind the SolarWinds hack have struck against more than 150 government agencies, think tanks and other organizations in the US and elsewhere.
That is Biden’s problem as he wrestles with yet another cascading crisis.