Joe Biden’s options for Russian hacking punishment: sanctions and cyber retaliation
The response will need to impose a high economic, financial or technological cost on the perpetrators, but avoid an escalating conflict between the two Cold War adversaries
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.President-elect Joe Biden's team will consider several options to punish Russia for its suspected role in the unprecedented hacking of US government agencies and companies once he takes office, from new financial sanctions to cyberattacks on Russian infrastructure, people familiar with the matter say.
The response will need to be strong enough to impose a high economic, financial or technological cost on the perpetrators, but avoid an escalating conflict between two nuclear-armed Cold War adversaries, said one of the people familiar with Mr Biden's deliberations, speaking on condition of anonymity.
The overarching goal of any action, which could also include stepped-up counter cyber espionage efforts, would be to create an effective deterrence and diminish the potency of future Russian cyber spying, the person said.
The unfolding crisis - and the lack of visibility over the extent of the infiltration into the computer networks of federal agencies including the Treasury, Energy and Commerce Departments - will push to the front of Mr Biden's agenda when he takes office on 20 January.
President Donald Trump only acknowledged the hacking on Saturday almost a week after it surfaced, downplaying its importance and questioning whether the Russians were to blame.
The discussions among Mr Biden's advisers are theoretical at this point and will need to be refined once they are in office and have full view of US capabilities.
Mr Biden's team will also need a better grasp of US intelligence about the cyber breach before making any decisions, one of the people familiar with his deliberations said. Mr Biden's access to presidential intelligence briefings was delayed until about three weeks ago as Mr Trump disputed the 3 November election results.
With Mr Trump taking no action, Mr Biden's team are concerned that in the coming weeks the president-elect may be left with only one tool: bluster, according to one of the people familiar with his options.
“They'll be held accountable,” Mr Biden said in an interview broadcast on CBS on Thursday when asked about how he would deal with the Russian-led hack. He vowed to impose “financial repercussions” on “individuals as well as entities.”
TEST OF WORKING WITH ALLIES
The response could be an early test of the president-elect's promise to cooperate and consult more effectively with US allies, as some proposals likely to be put before Mr Biden could hit the financial interests or infrastructure of countries friendly to the United States, a person familiar with the matter said.
“Symbolic won't do it” for any US response, said James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies, a Washington think tank. “You want the Russians to know we're pushing back”.
A spokeswoman for Mr Biden's transition team did not respond to a request for comment.
The massive data breach, first reported by Reuters, enabled hackers believed to be from Russia's SVR foreign intelligence service to explore the networks of government agencies, private companies and think-tanks for months.
Moscow has denied involvement.
One potential target for US Treasury financial sanctions would be the SVR, said Edward Fishman, an Atlantic Council fellow who worked on Russia sanctions at the State Department during the Obama administration.
Media reports have suggested the SVR-linked hacking group known as “Cozy Bear” or APT29 was responsible for the attacks. The United States, Britain and Canada in July accused “Cozy Bear” of trying to steal Covid-19 vaccine and treatment research from drug companies and academic institutions.
“I would think, at the bare minimum, imposing sanctions against the SVR would be something that the US government should consider,” Mr Fishman said, noting that the move would be largely symbolic and not have a major economic impact. The US Treasury has already imposed financial sanctions on other Russian security services, the FSB and the GRU.
Financial sanctions against Russian state companies and the business empires of Russian oligarchs linked to Russian President Vladimir Putin may be more effective, as they would deny access to dollar transactions, both Mr Fishman and Mr Lewis said.
Those targets could include aluminium giant Rusal, which saw US sanctions lifted in 2018 after blacklisted Russian billionaire Oleg Deripaska reduced his stake to a minority in a deal with the Treasury.
Mr Lewis said a stronger option could be to cut Russia off from the SWIFT international bank transfer and financial messaging system, a crippling move that would prevent Russian companies from processing payments to and from foreign customers.
Such a move was contemplated in 2014 when Russia annexed Ukraine's Crimean peninsula, but it would hurt the Russian energy sector, complicating gas sales to Europe and hit European companies with Russian operations.
Neither the Treasury nor State Department responded to questions about possible actions in response to the hacking.
The Pentagon's US Cyber Command likely has options for counteractions that could cripple Russian technology infrastructures, such as disrupting phone networks or denial of internet actions, Mr Lewis said, adding that this too could hurt European allies.
“They'll need to think through the diplomacy of that,” Mr Lewis said.
The hackers likely left behind some malicious code that would let them access US systems for retaliation against any US cyber attack and it will take months to find and eliminate those “Easter eggs,” he added.
Reuters
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments