Were Russian Hacks Really a Threat to American Democracy?
It is well known that U.S. adversaries have long been seeking access to U.S. data.
The United States yesterday announced tough new sanctions on Russia, including the expulsion of 35 Russian diplomats, in response, according to a statement by President Barack Obama, “to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election.”
U.S.-Russia relations, already acrimonious, will likely now take a turn for the worse. Obama’s action lays down a marker for President-elect Donald Trump, who has favored a less confrontational stance with Russia. Trump has said that claims of Russian interference in the U.S. elections on his behalf were “ridiculous.”
The Obama Administration was right to put Russia on notice about its cyber operations. But let’s keep some perspective. Based on what is currently known, the DNC and Clinton email leaks, which contained no classified information, may not have been the affront to U.S. democracy some have described.
For example, Hillary Clinton said the Russian hacks were intended to “undermine our democracy” and resulted from Russian President Vladimir Putin’s desire to pay her back for claiming that the 2011 Russian parliamentary elections were rigged. She added that the incident was a challenge to “the integrity of our democracy and the security of our nation.” A letter signed by a bipartisan group of four senior senators claimed the hacks “cut to the heart of our free society.”
This is all strong stuff, and perhaps now that the president has taken action, a deep breath is in order. The Russian attacks should indeed be another wake up call about the relentless probing of America’s digital assets by U.S adversaries and the potential consequences of weak cyber defenses. But by all appearances, U.S. democracy and institutions have hardly taken a crippling hit from revelations about the inner workings of the Clinton campaign and the DNC.
Even with the announcement yesterday, there is still some question about the scope and intent of the attack. A Joint Analysis Report released yesterday by the Department of Homeland Security and the FBI points out that the hacks were the result of sophisticated “spearphishing” campaigns. This should sound familiar to U.S. government agencies and private companies, which are also subject to ceaseless hostile network probes and provide employees with regular training to recognize and avoid them. Hackers also reportedly tried to access the Republican National Committee servers, but without success. More detail on whether the intent of the hacks was to upend the U.S. election process and support one candidate over the other, as has been alleged, may be provided in the Obama administration’s forthcoming report to Congress and subsequent investigations.
With regard to whether the leaks harmed the “security of our nation” or our “free society,” Obama’s Dec. 16 remarks are worth quoting: “the information was already out. It was in the hands of WikiLeaks, so that was going to come out no matter what…This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.”
Obama went on to say that his primary concern was whether the hacking would affect the actual vote counting, thus disrupting the election. That would indeed have been an assault on American institutions, but it didn’t happen.
It is well known that U.S. adversaries have long been seeking access to U.S. data as demonstrated by the breach of as many as 21 million Office of Personnel Management (OPM) security clearance files, reportedly linked to Chinese hackers. This assault, made public by OPM in 2015, could have far-reaching and devastating consequences for U.S. national security for years to come.
In sum, let’s not give Putin the satisfaction of believing he could seriously damage American democratic institutions by hacking and leaking emails that even Obama has described as “pretty routine stuff.” No, U.S. democracy appears to have survived safe and sound. Obama’s retaliation should settle the score, although U.S.-Russia relations will likely remain strained for now. Still, the Russian hacks should be a welcome reminder that formidable cyber adversaries could pose much more serious threats in the future.
Andrew Parasiliti is director of the Center for Global Risk and Security at the nonprofit, nonpartisan RAND Corporation.
Image: Defense Department