US expected to name and sanction some individuals involved in disinformation campaign as early as today, and conduct other covert responses at a time of its choosing.
Officials stated Wednesday that the White House will announce, as early as today, a series of measures the US will use to respond to Russian interference in the American election process.
The news comes after President Obama stated in October that the US would issue a “proportional” response to Russian cyber attacks on the Democratic National Committee.
Not all the measures will be announced publicly.
According to CNN, “The federal government plans some unannounced actions taken through covert means at a time of its choosing.”
Wednesday, CNN reported that as part of the public response, the administration is expected to name names — specifically, individuals associated with a Russian disinformation operation against the Hillary Clinton presidential campaign.
The actions announced are expected to include expanded sanctions and diplomatic actions. Reuters reported Wednesday that “targeted economic sanctions, indictments, leaking information to embarrass Russian officials or oligarchs, and restrictions on Russian diplomats in the United States are among steps that have been discussed.”
In April 2015, President Obama signed an Executive Order, which gives the president authorization to impose some sort of retribution or response to cyberattacks.
The EO has not yet been used.
It allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.
That includes freezing the assets of attackers.
The Russian Ministry of Foreign Affairs’ official representative, Maria Zakharova, said in a statement on the ministry’s website: “If Washington really does take new hostile steps, they will be answered … any action against Russian diplomatic missions in the US will immediately bounce back on US diplomats in Russia.”
The administration has used the word “proportional” when discussing cyber attacks before.
In December 2014, while officially naming North Korea as the culprit behind the attacks at Sony Pictures Entertainment, President Obama said the US would “respond proportionately.” That attack was against one entertainment company, however, and not a nation’s election system, so the proportions are surely different.
“We have never been here before,” said security expert Cris Thomas, aka Space Rogue, in a Dark Reading interview in October. “No one really knows what is socially acceptable and what is not when it comes to cyber. We have no ‘Geneva Convention’ for cyber.”
According to Reuters reports, “One decision that has been made, [officials] said, speaking on the condition of anonymity, is to avoid any moves that exceed the Russian election hacking and risk an escalating cyber conflict.”
As Christopher Porter, manager of the Horizons team at FireEye explained in a Dark Reading interview in October, Russian doctrine supports escalation as a way to de-escalate tensions or conflict. “If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous.”
“The administration, fellow lawmakers and general public must understand the potentially catastrophic consequences of a digital cyber conflict escalating into a kinetic, conventional shooting-war,” said Intel Security CTO Steve Grobman, in a statement. “While offensive cyber operations can be highly precise munitions, in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences.
Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict.
This increases risk to civilian populations as countries see the need to retaliate or escalate.”
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad …
View Full Bio