Biden’s awkward threat of retaliatory cyber attacks belies US uncertainty and insecurity on all things Russia
By leaking plans for “covert” cyber-retaliation against Russia, the Biden administration allows domestic political considerations to trump legitimate national security concerns by painting Russia as the all-purpose bogeyman.
In a front-page story, the New York Times disclosed that the Biden administration was planning a range of “clandestine” cyber-attacks targeting Russia, ostensibly in retaliation for Russia’s alleged role in masterminding the SolarWinds hack that continues to resonate across the United States. According to the Times, these attacks are expected to unfold over the course of the next three weeks and are “intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.” These attacks, the Times notes, will most likely be combined with other actions by the Biden administration, including additional economic sanctions against Russia, and actions to “harden” US government networks against future attacks.
Even as the Biden administration struggles to piece together a response to the SolarWinds breach, it must wrestle with a new cyber-attack targeting a vulnerability in Microsoft’s email systems that exposes the communications and cyber architecture of a whole host of US government and private clients. Unlike SolarWinds, the current attack is believed to have been carried out by “state actors” operating on behalf of China.
Seen together, the SolarWinds and Microsoft email intrusions represent a daunting challenge for Anne Neuberger, a former Director of Cybersecurity for the National Security Agency who was appointed to serve in the newly created position of deputy national security adviser for cyber and emerging technologies. Neuberger has been tasked with overseeing what Washington, DC calls a “whole of government response” to these events. It is a thankless task, one made even more so by the fact that any response she develops must assuage domestic political pressures as well as address any genuine cyber threat that may exist.
The plan of action described in the New York Times is remarkable on several levels. First and foremost, it assumes as fact a linkage between the Russian government and the SolarWinds cyber-attack. While the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) have released a joint statement which attributes the SolarWinds attack to “an Advanced Persistent Threat (APT) actor, likely Russian in origin,” no evidence has been provided to sustain this allegation. For its part, the Russian government has denied any involvement in the SolarWinds attack.
While the Russian denial must be taken with a grain of salt–no one would expect the Russians to openly admit to carrying out such an attack–the Russian silence serves to illustrate the most disconcerting aspect of the New York Times’ story–that the Biden administration is openly telegraphing what it has said will be “clandestine” attacks targeting Russia.
Neuberger, a career veteran of the secretive world of cyber-sleuthing, is familiar enough with the lexicon of intelligence terminology to know that telegraphing your punch is–literally and figuratively–the antithesis of a “clandestine” activity. It should be clear to all who read the Times story that the intended target of the leak was not Vladimir Putin, his generals and/or his intelligence services. Rather, it was the domestic American consumer of news-based information. By injecting this tidbit of information into the news cycle, the Biden administration is prioritizing public posturing over any vestige of national security.
This does not mean that the US is incapable of sending Russia a clandestine slap on the wrist in retaliation for cyber-attacks it may or may not have conducted. According to some media reports, the NSA and Cyber Command possess the capability to deliver crippling cyber-based blows against the totality of the Russian state and economy, shutting down energy production, energy supply, financial, telecommunication, transport, military, and government networks at will. If ordered to do so, the NSA and Cyber Command could activate these tools in a selective fashion, targeting some or all of Russia. The announced clandestine strike would most likely not consist of a destructive attack on Russian networks, but rather a probe intended to let the Russian leadership know that the US was buried inside its networks, and as such able to shut things down at will.
If such a message were in fact to be sent, in the form of a clandestine (i.e., unannounced) cyber probe, then it might have the kind of consequences intended–Russian officials, having detected such an intrusion, would scale back their actions against US targets for fear of triggering a greater retaliation. The key to this kind of activity is that it is being done in the shadows, away from public scrutiny, never to be acknowledged by either party. By announcing its intention to conduct “clandestine” cyber retaliation, the Biden administration has nullified any potential gain it may have achieved if it had kept the actions truly covert in nature. Russia will continue to deny any role in the SolarWinds cyber event, and will either make public the US actions, thereby painting the US as the cyber aggressor, or just ignore the US actions altogether, leaving the US to either admit it did something, or to look as if what it did had no impact.
In its rush to attribute the SolarWinds cyber-attack to Russia without providing any evidence to back this assertion up, the Biden administration only feeds into the existing high level of Russophobia that permeates American society today. By telegraphing its intent to retaliate against Russia, the Biden administration has shown that it has allowed itself to be taken hostage by its own history of anti-Russian rhetoric.
Far from being a sign of strength, the actions of the Biden administration only underscore the extent to which it is prisoner to the fickle ignorance of an American public all too willing to accept at face value any narrative that paints Russia as the bogeyman. The subordination of legitimate national security interests to domestic politics is the most visible symptom of the impotence that has taken hold of the Biden administration when it comes to putting substance behind Joe Biden’s empty contention that “America is back.” As Tywin Lannister reminded the youthful Joffrey Lannister in G. R. R. Martin’s A Storm of Swords, “Any man who must say ‘I am king’ is no true king at all.”