Is the best defense a good offense, or does escalation beget escalation? One thing’s for sure — a lack of assertive response hasn’t made Russia less aggressive, and Dan Coats told reporters this morning that playing defense is not enough. The Director of National Intelligence signaled a change of direction in the Trump administration’s approach to Moscow’s activities in the cyberwarfare theater:
>>Coats also revealed this morning for the first time that the U.S. is "seriously" considering going on offense against Russian cyber ops, rather than only defending U.S. cyber infrastructure. Intel chiefs previously said this was an unlikely response & Trump hasn't asked for it. pic.twitter.com/YpxbuFvvXG
— Andrew Desiderio (@desiderioDC) April 4, 2018
Director of National Intelligence Dan Coats on Wednesday indicated that the U.S. government is seriously considering adopting an offensive cyber warfare strategy.
When asked during a media breakfast in Washington, D.C., whether U.S. intelligence agencies should go on the offensive in terms of information warfare, Coats said such an idea is under “serious consideration” because the U.S. cannot constantly be playing defensive in the cyber space.
“I’m publicly onboard with the idea that you can’t just play defense, you have to play offense. How we play offense, what kind of offense, is under serious consideration,” the cyber chief told reporters.
How much of a sea change is this? Two months ago, Donald Trump remained skeptical that Russian cyberwarfare had much impact at all, let alone required a response. One month ago, though, Russia upped the stakes by attempting to assassinate one of its former spies in a NATO country using an easily identifiable — and still officially undisclosed — Russian nerve agent. A week later, Trump started publicly putting the blame on Russia, and began a series of tough diplomatic responses and sanctions that seemed to signal that Trump had changed his mind on gladhanding Moscow. (Trump still offered Vladimir Putin a White House visit, though.)
Coats appears to have confirmed that the Trump administration sees this change as part of its response to the Skripal assassination attempt, among other provocations:
At a breakfast with reporters, Coats was asked whether Washington would take action beyond kicking out the 60 diplomats.
“This is under considerable consideration and more things will be done, and soon, above where we are right now,” Coats said. “I would just stay tuned on that. I think we are more and more aware of the potential for Russia to continue to engage in any number of ways relative to our elections and a lot of steps are being taken.”
A more assertive offense in cyberspace may be the most effective weapon the US has, Andrew Malcolm argued in his McClatchy DC column this week. Sanctions and diplomatic expulsions are too equal in impact to succeed. The US needs to hit Putin where it really hurts:
Intelligence agencies, most likely American and Israeli, reverse-engineered Libya’s gear and developed what came to be known as the Stuxnet virus. It was smuggled into an Iranian nuclear facility on a thumb drive. The stealth virus proceeded to order, one by one, more than 1,000 centrifuges to accelerate out of control into oscillating self-destruction, all the while feeding false normal readings to gauges and paralyzing all intruder alarms.
What if one wintry day the Kremlin’s power grid suddenly blew out? Or if Moscow’s air traffic control system failed as Putin prepared to travel?
We know from satellite images when Pyongyang is preparing a missile test. What if, oh, say, a future missile exploded on the launch pad? Or better yet, flew up, turned around and came back down on its own launch site?
Well, gee, you know, making ICBMs is dangerous business.
Of course, Washington’s do-nothing gnomes would predictably oppose the notion of standing up to electronic bullies and retaliating with our own unannounced cyber attacks, fretting with trembling words that target countries would then attack us.
Here’s the problem with that: They already are.
True enough, but a better way to get at Putin is probably through the pocketbooks of his oligarchs. In that sense, sanctions that block their access to US banking systems are asymmetrical and can be effective. It forces them to hide their money elsewhere, generally in riskier places. If their hiding places start getting exposed, or if they lose access to that wealth for any extended period of time, then Russian oligarchs might think twice about Putin’s cyberwarfare operations against the US. In that sense, Putin’s much more vulnerable than his counterparts in the West.
However, don’t assume that there won’t be collateral damage along the way, or setbacks like what happened in 2016 either. War is a series of successes and defeats until either one side collapses or both sides agree to stop waging it. Putin may have gotten a head start, but that doesn’t make him impervious, and it appears that Trump may have taken the gloves off.