Behind The White House’s Plan To Be More Aggressive In Cyberspace
For nearly a year, White House leaders had debated the rules for how America should operate in cyberspace. After brazen hacks by the Chinese and Russian governments that targeted millions of Americans and the 2016 presidential election respectively, senior officials believed they needed to stop the raid on American bits and bytes.
Administration leaders broadly fell into two camps. The first blamed Obama-era rules to operate in cyberspace as too timid and the reason America did not have digital options to deter North Korea’s nuclear program.
Unleashing viruses that could upend North Korea’s rockets would require a wide swath of consensus across US government agencies, which all but stifled many hacking plans.
Other officials, such as then Homeland Security adviser Tom Bossert, disagreed, and over a period of months argued that while the procedures needed to change, loosening the rules of engagement too liberally and without caution would be dangerous.
A Decision Loomed
While the North Korean debate did not lead to immediate policy changes, it was one of several events that helped push the Trump administration toward a new cybersecurity strategy, according to four current and former White House and intelligence officials who were in the room or briefed on the situation.
When the White House announced the new policy in September, national security adviser John Bolton was blunt: “We’re going to do a lot of things offensively, and I think our adversaries need to know that.”
America enters the Cyber Age
In the early 2010s, Russia was known inside the US intelligence community for its clandestine cyber operations. If White House administrators or National Security Agency analysts spotted Moscow’s cyber-warriors probing American networks before 2014, the Kremlin spies would often suddenly disappear.
“The Russians were known for being stealthy and highly targeted. If you saw them on the network, they would vanish like ghosts and go quiet,” Michael Daniel, the top cybersecurity official at the Obama administration, told Fifth Domain.
One of the first digital disinformation operations against the United States targeted diplomats. Digital sleuths from the Kremlin listened in on a phone call between Victoria Nuland, then the top US American diplomat to Europe, and Geoffrey Pyatt, the US ambassador to Ukraine, according to the State Department.
Nuland and Pyatt discussed how to support a new government in Ukraine. Nuland believed the Europeans were being too timid and made her position clear in colorful language.
The phone call was being secretly recorded and was posted to YouTube days later.
"It wasn’t their first use of cyber and aggressive tactics, including manipulating emails and leaking things,” said Nuland, who is now head of the Center for a New American Security. “What was new is their targeting of Americans and the United States in a way where their hand was not masked. Obviously, they denied it, but it was transparent what was going on.
Russian hackers breached the White House’s networks and swiped President Obama’s email correspondence in 2014,according to the New York Times. Two days before Christmas in 2015, Russian hackers allegedly used spear-phishing emails and malicious code embedded in Microsoft Word documents to launch the first publicly acknowledged cyberattack in the world to cause power outages against Ukraine.
But the Russian government was not the only country developing a playbook for hacking. China was revving up a campaign to infiltrate the US government as well.
In April 2015, US officials say that China hacked records of 22 million government officials that were stored by the Office of Personnel Management. That included copies of all US government security clearances.
Election Meddling
It took less than a year for another historic breach.
In a cream-colored building with roman arches near the meandering Moscow River, Russian intelligence officials sent a spear-phishing email to Tony Podesta, the campaign chairman for Hillary Clinton on March 19, 2016. The hackers disguised the email as a Google security notification and tricked Podesta into changing his password.
An accompanying link was a disguised Russian intelligence agency website, and the Kremlin spies soon swiped a trove of emails. Russian officials then passed the emails to WikiLeaks, according to a July 13 indictment from Special Counsel Robert Mueller.
“The Russians were over time perfecting their ability to target social media to specific political objective in their own country, in Ukraine, and across Europe before 2016,” Nuland said during 2018 Senate testimony,
But to leaders inside the US government, Russia’s role was not immediately clear. Former US officials said the assessment of Moscow’s responsibility solidified around June after Americans analyzed the activity of Guccifer 2.0, who claimed to be a digital vigilante but was actually a group of Russian spies, according to the Mueller indictment.
It was then that Russian hackers allegedly broke into the Illinois state election network and stole voter registration information of up to 200,000 people. While the hack remained secret for weeks, it set off alarms within the White House and intelligence agencies, two former US officials said.
Trump in Charge
From the onset of the Trump administration, former and current White House and Pentagon officials were set on changing how the America operated in cyberspace. With information about Russia’s hacking and disinformation becoming clearer by the day, their discussion took a new sense of urgency.
Government officials recalled the shock of the incoming Trump team when they learned how conservative the military was when it came to hacking. “The incoming Trump administration had this assumption that the US was some big gorilla in cyberspace and was actively hacking everyone. There was a little bit of surprise that US policy was very conservative,” a former White House official told Fifth Domain.
The Obama-era rules that governed American cyber operations were called Presidential Policy Directive 20 and said that cyber operations likely to result in “significant consequences” needed presidential approval. Hacking operations also needed to have near unanimous consent between US government agencies.
For some, an inflection point came as the White House considered options to deter North Korea’s nuclear capability. The lines of code honed inside NSA labs to monitor, stop or alter Pyongyang’s nuclear and military capably would likely have to travel through China, which supplies nearly all North Korea’s internet.
During previous debates, officials feared China might mistakenly believe the Americans were hacking them instead of North Korea. The scenario was deemed too risky by some because it could have unforeseen consequences.
Advocates for the more aggressive approach in cyberspace argued that the Obama-era rules for cyberspace effectively blocked America from embedding and prepositioning this malware inside of North Korea’s systems. As a result, America was empty-handed when it came to hacking options, according to this line of thinking.
And by some accounts there was also evidence that America already had effective hacking programs to deter North Korea’s nuclear ambitions.
According to Bob Woodward’s book “Fear,” during the Obama administration, the United States was able to infect the North Korean government’s missile telemetry with malware that caused errors in their launch sequence.
Two former intelligence officials said that North Korea offers limited cyber options because a majority of the country does not have internet access. And by cutting off North Korea’s Internet, US officials feared they could also lose intelligence capabilities.
Both the Pentagon and the NSA declined to comment and respond to questions.
Publicly, support for more offensive cyber operations came in the form of congressional testimony from Adm. Michael Rogers, the head of the NSA, and the incoming commander, Gen. Paul Nakasone.
“President Putin has clearly come to the conclusion there is little price to pay here … and that therefore I can continue this activity,” Rogers told Congress in February 2018.
‘Our hands are not tied’
After Trump’s national security adviser H.R. McMaster left the White House in March 2018, Trump replaced him with John Bolton. Days later, Bossert was pushed out of the White House, along with the White House cybersecurity coordinator Rob Joyce.
At the time, a senior Pentagon cyber official described the administration's cyber policy as "a potential catastrophe.” The official explained how critical cyber issues were not being coordinated and briefings were either being missed or not even taking place.
That summer, the White House finalised its strategy to overhaul the Obama rules from cyberspace. Mattis was given the ability to conduct cyber operations without authority from the president except if it could interfere with the “national interest” of the United States. After Trump rescinded the Obama-era rules Aug. 15, Bolton described the changes in drastic terms.
“Our hands are not tied as they were in the Obama administration,” Bolton said. “Our presidential directive effectively reversed those restraints, enabling offensive cyber operations through the relevant departments.”
Still, some current and former US officials caution that greater authority in cyberspace might not actually deter hacking from foreign nations in some situations.
And there are questions about if the new cyber authorities will have any effect at all on offensive operations. Some experts argue that the officials making a decision about whether to hack another country are more important than the process they use.
“What the Russians did is a little bit like 9/11,” Michael Hayden, the former director of the CIA and the NSA under the Bush administration, told Fifth Domain. “It was an attack from an unexpected direction against a previously unappreciated target.”
Hayden believes that America has encountered a new threat, and like the September 11th attacks, the US government needs a dedicated effort to respond to Russia’s hacking.
“President Bush did that. A lot of it was controversial, but you can’t argue it wasn’t extraordinary. President Trump has never called on us to go extraordinary. Everyone is doing their best, but they are playing traditional positions.”
You Might Also Read: