Has the Trump administration put together a coordinated plan to deal with what the intelligence community has warned will be Moscow-directed cyberattacks during the upcoming 2018 midterm elections?
“So far, we’ve seen no indication that the administration is taking action to prepare for this next inevitability against the constant aggression of cyber opponents,” Sen. Jack Reed (D-RI) said during an Oct. 19 Senate Armed Services Committee hearing on cyberattacks with a panel of officials from the Defense and Homeland Security Departments and the FBI.
During that session, a bipartisan group of committee members criticized the Trump administration when it comes to coordinating government agencies’ responses to cyber threats, not just for next year’s elections, but for lack of an overall cyber strategy or even an agreed-upon policy on actions to be taken against those countries or individuals who carry out serious cyberattacks on the U.S.
Adding to the members’ unhappiness was the failure of the White House to allow testimony from its National Security Council (NSC) cybersecurity coordinator Rob Joyce, a National Security Agency veteran who once ran its hacking division. Consistent with past presidential practice, Trump invoked executive privilege, prohibiting Joyce from testifying as a non-confirmed NSC staff member.
Frustrated, Sen. John McCain (R-AZ) complained, “Mr. Joyce’s absence here, whose job it is to do all this [coordination], is an example, frankly, of the disarray in which this whole issue rests.”
Asked if the Defense Department has been given directions to coordinate, prevent, preempt or to respond to Russian intrusions in coming elections, Assistant Defense Secretary for Homeland and Global Security Kenneth Rapuano said, “I’m not aware of a specific direction, in terms of a specific task associated with the election process. We are engaging on a routine basis with DHS (Department of Homeland Security) and the rest of the inter-agency community to develop priorities and consider responses, as well as mitigation measures.”
“The competing authorities associated with the electoral process really do call for a thoughtful orchestration of how we would direct and task and engage with those state and local authorities,” he added. “It really does need to be coordinated, because each agency brings something different.”
Christopher Krebs, acting Homeland Security undersecretary for the national protection and programs directorate, told the panel his agency had the lead when it comes to cyber threats to U.S. elections, and he had established an “election security task force” bringing together within his directorate Homeland’s cyber components, including the National Cybersecurity and Communications Integration Center, or NCCIC, which he described as “the center of gravity for DHS’s cybersecurity operations.”
“I think we’ve made some progress here,” Krebs said, but added, “I think there’s a lot more to do…We’re not just thinking about ’18. We’re thinking about the gubernatorial elections that are coming up in a matter of weeks.”
Recent accomplishments included forming a Government Coordinating Council, which he said was “a body under which all the state election officials can come together and provide…a foundation to…coordinate security practices, share information.”
In addition, his directorate was issuing security clearances to a number of election officials, “and, in a matter of weeks, we’re going to establish a sector coordinating council, which will bring those private-sector elements that provide the systems and technologies in support” of elections.
Krebs said that while he was working with state and local officials to enhance defense “from a pure cyberattack” on their computer systems, foreign “ad buys and social media use…[are] still an emerging issue that we’re assessing.”
The committee focused on some other outstanding cyber issues.
Consequences for Cyber Provocations, Deterrence
After Sen. Angus King (I-ME) pointed out that “so far, there haven’t been much in the way of price paid, whether it was Sony or Anthem-Blue Cross or the government personnel office or our elections,” a key conversation ensued.
Defense’s Rapuano said, “Both the demonstrated will and ability to respond to provocations in general, and cyber in specific, is critical to effective deterrence. I think the challenge that we have, that is somewhat unique in cyber, is defining a threshold that then does not invite adversaries to inch up close, but short of it.”
King responded, “Part of the problem also is we tend to want to keep secret what we can do when, in reality, a secret deterrent is not a deterrent. The other side has to know what’s liable to happen to them…There have to be consequences. Otherwise, everybody’s going to come after us, not just Russia, but North Korea, Iran, terrorist organizations. This is warfare on the cheap, and we have to be able not only to defend ourselves, but to defend ourselves through a deterrent policy.”
Rapuano agreed that the U.S. had “to start being more definitive about what those deterrence options are and how we can best use them.”
Sen. Mike Rounds (R-SD) noted when it comes to cyber, “We have to make a decision about where we actually defend our country against the possibility of existing attacks today, tomorrow and next week.” He asked if there were a current strategy on where we will actually defend our critical infrastructure and would it be beyond our borders?
The Defense Department’s Rapuano responded, “Senator, yes we do, and the details of our current posture with regard to those elements, I think, would need to be deferred to a closed hearing.” Homeland’s Krebs was more direct: “It’s a home and away game. We – we’ve got to go get them over there at same time we need to be protecting our infrastructure here.”
North Korean activities
Asked about North Korea’s cyberattacks on banks around the world which produce a funding stream for that country’s nuclear program, Rapuano replied, “We do have plans and capabilities that are focused and directed on the North Korean threat in general, and on the specific activities that you have noted,” but again said it had to be discussed in closed session.
Again Krebs jumped in, mentioning Hidden Cobra as an unclassified activity Homeland Security and the FBI were working, that last June put out a warning from the U.S. Computer Emergency Readiness Team (US-CERT) about North Korean malware that was actively targeting media, aerospace, financial and other critical American infrastructure. He said that US-CERT, working recently with “some unlikely partners” and aggressively moving on this “international problem with international solutions.”