Will the U.S. government see a large-scale breach in 2017? Common sense would say yes, whether by size, like the Office of Personnel Management, suspicion, like the Democratic National Committee, or by prestige, like CIA director John Brennan’s email. After all, our government is monumental in size and scope; has a humongous digital attack surface; is targeted aggressively from all over the world, all the time; has to play perfect defense; and has few agencies that can properly detect and respond to the best cyber weapons and attackers in the world.
The list of organizations that fall victim to cyber attacks seemingly grows longer each year, so this should not come as a surprise. What will be interesting is how the new White House administration would actually respond when it takes place on their watch.
Our collective response to breaches targeting the government, or the population-at-large, usually involves some degree of public acknowledgement, a certain amount of leaked information, and attribution to a specific country—such as identifying North Korea as the culprit behind the Sony breach. A lot of the analysis is done by forensics staff in labs most will never set foot in, summarized and handed off through four layers of office bureaucracy, and passed to the Director of National Intelligence and other key officials in a tightly-guarded report the public will never read. The White House then chooses to respond and/or retaliate in ways we will very rarely witness.
Things took a turn in early-mid December 2016 when President-elect Donald Trump disagreed with CIA findings that Russia interfered with the 2016 presidential election, and President Barack Obama suddenly became very vocal about the United States’ intentions to retaliate. Trump disagreed with even his own party that Russia was behind an attack, which intelligence sources were careful to portray as interference and not an outright campaign designed to assist—or undermine—a specific presidential candidate. Obama took things a bit further with a direct conversation with Russia President Vladimir Putin and a promise of retaliation for the same attack that Trump does not acknowledge.
Swatting down any insinuation that Trump’s election victory was anything but legitimate could be expected. After all, victorious candidates don’t normally volunteer recounts or open themselves up to claims of an illegitimate win. Obama’s vow to retaliate against Russia in ways both public and private was rare and also introduces the risk of fanning the flames of a high-profile cyber conflict.
What if Russia was instead accused of breaching, say, the electrical grid, or the NSA, and not the election? Better yet, let’s change the country of origin for a moment. Unlike Russia, the new administration has not been shy recently about criticizing China—most recently for its currency policies or military maneuvers in the South China Sea. What if U.S. intelligence agencies concluded that China was behind a cyber attack? Would the new administration respond differently toward a breach from China versus Russia?
Ultimately, we can hope our deep and complex relationships with China and Russia prevent any cyber incident from spiraling out of control.
But let’s revisit North Korea and Sony. The United States got heavily involved in a corporate breach largely because of the geopolitical factors involved. How would the new, largely pro-business administration handle a similar breach in 2017? More importantly, what would the response be to a country that we aren’t reliant upon for trade or have minimal diplomatic relations with?
This is the most interesting scenario. North Korea does not like to back down and likes to provoke the United States, South Korea, and other world powers. The President-elect is also not one to back down from a confrontation and is skilled at using social media to get his point across loud and clear.
If the President-elect tweets at 03:00 that North Korea was responsible for another attack in a way that North Korea does not like or appreciate, we could watch international relations play out in ways we have never seen, perhaps taking Obama’s callout on Russia to a new level.
So will we see a high-profile government breach in 2017 or even a corporate breach that pulls in the government in a meaningful way? Almost certainly.
How will we respond? After watching the fallout from Russia and the 2016 election, it depends on who attacks us, what they were after, and the White House’s current relationship status with them at the time.
