Top United States intelligence officials on Thursday defended the intelligence agencies’ findings on Russian hacking and interference in the election, pushing back at the public criticism leveled by President-elect Donald Trump against the Intelligence Community (IC) and noting the rhetoric has raised concerns among allies.
At Thursday’s Senate Armed Services Committee hearing on foreign cyber threats, Director of National Intelligence James Clapper said the IC stands even “more resolutely” behind its October statement officially accusing Russia of interfering with the U.S. election process and that such action could only have been authorized at the highest levels. The Kremlin waged a “multifaceted campaign” of hacking, classical propaganda, disinformation and fake news during the 2016 election, and that continues today, Clapper noted.
The U.S.’s top spy also told senators he has “received many expressions of concern from foreign counterparts” concerning “the disparagement of the U.S. intelligence community, or I should say what has been interpreted as disparagement of the intelligence community.”
“I think there is an important distinction here between healthy skepticism, which policy makers — to include policy maker number one — should always have for intelligence, but I think there's a difference between skepticism and disparagement,” Clapper said.
Trump has repeatedly questioned the U.S. intelligence assessment before and after the election, lately backing WikiLeaks founder Julian Assange’s denial of Russian complicity in the hacking and interference in the election.
Clapper and NSA Director and Commander of U.S. Cyber Command Adm. Michael Rogers “hammered home that skepticism is healthy and needed in this industry, and in their role especially,” according to Beau Woods, the deputy director of the Cyber Statecraft Initiative in the Brent Scowcroft on International Security at the Atlantic Council.
“But the fine point is that while skepticism is good, dismissing things out of hand or disparaging the infrastructure that has been built is counterproductive,” he said.
Rogers told the committee that he doesn’t “want to lose good, motivated people who want to help serve this nation because they feel they're not generating value to help that nation.” Confidence from political leadership is key in that area, he noted.
“Without that confidence, I just don't want a situation where our workforce decides to walk, because I think that really is not a good place for us to be,” he said.
Early next week, Clapper said, the unclassified version of the report President Barack Obama ordered on Russian hacking and other outside cyberattacks on U.S. elections will be released to the public. Obama was briefed on the classified report of the full assessment by the IC of election-related interference on Thursday, and Trump will receive an intelligence briefing on the report’s findings on Friday.
Clapper said a series of briefings are also planned for Congress next week, including closed hearings with the oversight committees, and following that, the unclassified version of the report will be rolled out for the public.
“I intend to push the envelope as much as I can on — particularly on the unclassified version, because I think the public should know as much about this as possible,” Clapper said at Thursday’s hearing. “This is why I felt very strongly about the statement we made in October. And so we'll be as forthcoming as we can, but there are some sensitive and fragile sources and methods here, which is one reason why we're reticent to talk about it in this setting.”
James Lewis, a senior vice president and director of the Strategic Technologies Program at CSIS, said while he understands the IC does not “want to give up any trade secrets,” in this particular case “I think they need to air on the side of over-release” with the information next week.
“I’ve been told they have really good attribution evidence, even down to the individuals,” Lewis said. “… They have a mound of evidence that they have not made public, so how much will they actually make public?”
Sen. John McCain, the committee chairman, opened the hearing with a broad call for a national cyber policy.
“For years, cyberattacks on our nation have been met with indecision and inaction. Our nation has no policy and thus no strategy for cyber deterrence. This appearance of weakness has been provocative to our adversaries who have attacked us again and again with growing severity,” he said. “Unless we demonstrate that the cost of attacking the United States outweigh the perceived benefits, these cyberattacks will only grow.”
Clapper, however, told the senators that conceiving of cyber deterrence in reference to nuclear deterrence is not helpful.
“We currently cannot put a lot of stock, at least in my mind, in cyber deterrence,” he said. “Unlike nuclear weapons, cyber capabilities are difficult to see and evaluate and are ephemeral. It is accordingly very hard to create the substance and psychology of deterrence, in my view.”
Clapper is “exactly right,” Lewis said. “Deterrence doesn’t work in cyberspace — you’re not going to be able to deter these attacks.”
“Recognizing that deterrence doesn’t work is a big shift in U.S. policy,” Lewis said.
But to try to dissuade from future actions, an adversary still has to “believe you’re going to do what you say you’re going to do. I don’t think the Russians right now believe we’re going to do anything other than sanctions,” Rhea Siers, former deputy associate director for policy at the NSA, said.
“They have to believe you’re going to do something that’s effective, and not just for window dressing,” she said.
During Thursday’s hearing, Sen. Lindsey Graham (R-SC) called for the U.S. to take stronger action — to throw “rocks” instead of “pebbles” — in response to Russian interference.
However, Lewis said he did not agree with Graham’s suggestion that the Obama administration’s announced actions amounted to “pebbles.”
“Throwing 35 Russian intelligence agents out of the country, closing two Russian facilities and imposing sanctions on Russian companies and individuals — those are pretty powerful actions. Thirty-five is a big number,” Lewis said. “It’s not like it’s a one-off. It’s not like they do something, we do something back, end of story. It’s better to see it as the first step and it’s a powerful first step.”
But Alina Polyakova, deputy director of the Dinu Patriciu Eurasia Center and senior fellow for the Future Europe Initiative at the Atlantic Council, disagreed, saying the Obama Administration’s sanctions are “relatively weak and a little too late.” Although they are a “step in the right direction,” she said, they certainly are not enough and could be stronger, hitting Russian economic interests and markets more directly.
While Thursday’s hearing itself was mostly about laying the groundwork for next week, with the unclassified report’s release and a number of confirmation hearings of Trump nominees slated, McCain made it clear from the start that he wanted to send a message to the President-elect and his national security team that Russia is at fault and the U.S. government must respond forcefully.
While new details were not revealed at the hearing, observers agreed it was still important to have the IC reaffirm its findings on the record with Congress.
Woods also said that among his peers and colleagues in the tech and policy communities, “we’re almost universal in our belief that Russia did intrude into the Democratic National Committee, there was a network intrusion that Russia was responsible for, and that there was an information operation that was at least tacitly permitted by the Russian government.”
“Those things are clear and unambiguous, and today’s discussion reaffirmed my understanding of the rigorous method” the IC goes about to generate its conclusions, Woods said.
Thursday’s hearing also touched on the larger issues of cyber security including the need to develop international norms in the cyber arena, with both Clapper and Rogers noting that although there has been some work done under the auspices of the United Nations to come up some cyber norms, it will be some time before those have an impact.
Lewis said that there is some agreement on international norms in cyberspace, but they are “very general and there is no real enforcement mechanism.” For instance, norms the United Nations has been hammering out say that countries agree not to interfere with the political independence of another country or attack another country’s critical infrastructure in peacetime.
“The Russians clearly are doing that,” Lewis said, and a key problem is that these norms do not then say “what you get to do in response.”
Mackenzie Weinger is a national security reporter at The Cipher Brief. Follow her on Twitter @mweinger.