Cybersecurity & Tech

The U.S. Response to Russian Pre-Election Meddling: An Overview

Andrew McClure
Monday, December 19, 2016, 12:39 PM

“Whatever the source of the material was,” Donald Trump’s deputy campaign manager David Bossie began, “if it was on the front page of the paper—it’s in the public domain. We would look at it.” Passions started to boil over and I could feel the tension in the room as the Clinton and Trump campaigns traded barbs over WikiLeaks and the role of alleged Russian intelligence activity throughout the election cycle.

Published by The Lawfare Institute
in Cooperation With
Brookings

“Whatever the source of the material was,” Donald Trump’s deputy campaign manager David Bossie began, “if it was on the front page of the paper—it’s in the public domain. We would look at it.” Passions started to boil over and I could feel the tension in the room as the Clinton and Trump campaigns traded barbs over WikiLeaks and the role of alleged Russian intelligence activity throughout the election cycle.

After every presidential election since 1972, Harvard’s Institute of Politics has hosted a summit assembling key players from each campaign and members of the press to chronicle a “first draft of history.” This year, the events over the two-day campaign managers’ conference offered a glimpse inside a particularly emotional electoral cycle.

Dan Balz of The Washington Post challenged the Trump team’s response to questions about the campaign’s use of material posted by WikiLeaks as an attack against Secretary Clinton: “You all will not acknowledge that it was the Russians?”

Bossie: “I personally don’t know who it was. Do you?”

After some back and forth, Andrea Mitchell of MSNBC took over: “Just to clear up, 17 intelligence agencies agree…”

She was referring to the joint statement released October 7 by the Office of the Director of National Intelligence and the Department of Homeland Security fingering, for the first time publically, the Russian government for directing the theft of documents from the Democratic National Committee and other U.S. persons. The statement went on to conclude that disclosure of these documents was “consistent with the methods and motivations of Russian-directed efforts.” The move to name and shame Russia set in motion a flurry of speculation over how the White House might respond.

Official government attribution came nearly four months after reports first surfaced in June that the DNC had been compromised. Three days before the party’s July convention in Philadelphia, WikiLeaks released its largest trove of files yet, leading to the ouster of DNC chair Debbie Wasserman Schultz over the appearance of favoritism during the primary process. The final months of the campaign were characterized by a steady release of often mundane but occasionally embarrassing correspondence and narratives alleging Clinton corruption.

The U.S. government’s formal acknowledgement of Russian culpability demonstrated not only the degree of certainty behind the attribution but also a commitment on behalf of the public to investigate and respond to this particular form of cyber-enabled theft. The events that followed would also bring into context comments President Obama made one month earlier to Vladimir Putin at the G20 summit in China on September 5th. Speaking about cyber war, President Obama bluntly stated the United States has “more capacity than anybody, both offensively and defensively.”

After the announcement, the administration embarked on a series of actions aiming to deter Russian meddling in the election. One week after the DNI’s assessment, Vice-President Biden appeared on Meet the Press promising a “proportional response” to Russian interference in the election. When asked by host Chuck Todd if the public would know about the U.S. response, Vice President Biden said simply, “Hope not.” President Obama echoed that promise late last week.

***

Before voters took to the polls, senior U.S. intelligence officials began publicly signaling to Russian leaders, in no uncertain terms, that their meddling could provoke consequences. Four days before the election, NBC aired an exclusive story detailing what appeared to be a deliberate message from the Obama administration: U.S. hackers had penetrated critical Russian control systems that operate telecommunications, the power grid, and Kremlin command and control networks; taking action to disrupt the upcoming U.S. election could lead to dangerous escalation.

The Russian reaction was immediate. A Russian foreign ministry spokesperson suggested the Kremlin would consider the U.S. threat an act of cyber terrorism if carried out. The spin from Moscow also suggested U.S. accusations were a partisan ploy to hedge against a potential Trump victory at the ballot box; his opponents would claim he won due to outside malfeasance rather than through a legitimate electoral process.

But what remains unclear is whether the U.S. attempt to signal escalation dominance in the cyber realm achieved anything meaningful. By demonstrating unmatched capability to hold at risk vital adversary assets, was the administration seeking to specifically deter cyber interference with the voting process itself? By that measure, it appears the government was successful. On the other hand, if the point was to dissuade Russia from persisting in its Information Operations campaign to influence the domestic political discussion, U.S. government efforts were too late to be effective, coming as they did after months of steady leaks and over a year after the FBI first warned the Democratic National Committee to examine the security of their network.

The NBC report was actually not the first message of its kind. It came a few days after government officials relayed an earlier message to Moscow to convey the seriousness of American concerns. According to an account published in the Washington Post one week after the election, the Obama administration sent Russian officials a notice to cease the activity over a rarely used communications link established through the Nuclear Risk Reduction Center (NRRC), housed in the State Department. A senior administration official explained, “the fact that we used this channel was part of the messaging.”

The NRRC link was originally set up in 1987 to prevent strategic miscommunication and inadvertent escalation of a nuclear crisis. The link was designed to function as a confidence-building measure and should not be confused with the White House-Kremlin Direct Communication line, or secure hotline, used to manage crisis situations. In 2013, the U.S. and Russia agreed to expand the scope of the NRRC link to exchange inquiries regarding cyber security incidents. Although on this particular occasion the message appeared to express concern over hacking originating from Russia, the statement avoided making a specific claim of attribution.

The threat of interference raised two key concerns in the days leading up to the November 8 election. The first was whether intermediaries would distribute new material, authentic or doctored, in an attempt to sway voters at the last minute. The administration’s messaging campaign appeared geared toward addressing this type of meddling. The other fear was that systematic vote-tampering or disruption of the process could affect voter turnout or cast doubt upon the integrity of the final vote tally. In light of this concern, state and federal agencies took measures to preserve electoral fidelity.

Before the election, federal government agencies worked to detect and counter potential eleventh-hour foreign interference, ranging from outright voter fraud, tampering with voter registration rolls, or attacks on voting infrastructure. So far, however, there is no evidence of systematic interference with vote tallying. Lingering questions instead center on Moscow’s motivation to nudge the electorate or amplify partisan discord.

The motives behind particular instances of cyber meddling can be difficult to infer, but two broad theories have been floated to explain state-sponsored Russian meddling during this election cycle. One theory is that Russian leaders sought to advantage their preferred candidate. Many believe President Putin harbors deep animosity toward Secretary Clinton, particularly following the contentious 2011 Russian parliamentary elections. Her own electoral misfortunes, some suspect, are a sort of payback for her supposed role instigating opposition protests to undermine his candidacy and perceived legitimacy.

Another theory is that Russia’s cyber meddling sought to sow doubt and uncertainty about the legitimacy of American democracy and exacerbate partisan strife, leaving the next U.S. President embattled from the start. An embattled President who is distracted at home is also weaker abroad.

Going forward, there is sure to be robust debate over what the current and future administrations can do to persuade foreign adversaries to refrain from actions contrary to American interests. But the events this time around suggest that robust warnings before the fact, while an essential element of deterrence, may not be sufficient to ward off cyber malfeasance unless threats of retaliation are deemed to be credible.

***

Back at Harvard, the conversation continued to run high on emotion. Reiterating her point about the emails, Andrea Mitchell stated, “They were hacked. They were stolen. And turned over to WikiLeaks.”

“If they were,” Bossie began, “it doesn’t make them untrue.” The ensuing silence let the comment sink in. No one from the Clinton campaign has ever claimed the emails released from the DNC or John Podesta’s personal account were not authentic. The Trump campaign’s defense echoed the rationale proffered by some media outlets for their coverage of the story.

After some more back and forth, a visibly rankled member of the Clinton camp sighed. “Were you guys worried about being hacked?... Were you guys hacked?”

Barely heard above the commotion was Trump’s digital director Brad Parscale: “That’s why we put security on our email… There’s this thing called two-layer authentication that came out like eight years ago. They should try it at the DNC.”

The sarcasm prompted a rare moment of vulnerability for the Clinton team: “At one point we asked the RNC a fair amount, like what kind of precautions they had taken. Did you guys take precautions after the hacking?”

Parscale’s response – “Yeah, of course. Like any business in the world we take precautions against all of our information technology.”


Andrew McClure is a joint degree candidate at the Harvard Kennedy School (MPA) and the MIT Sloan School of Management (MBA), where he focuses on cyber security. A Marine Corps veteran, Andrew previously served as an intelligence officer abroad.

Subscribe to Lawfare