NEWS: U.S. Reacting At Analog Pace

U.S. Reacting at Analog Pace to a Rising Digital Risk, Hacking Report Shows

By DAVID E. SANGERJAN. 7, 2017

Photo

President Obama at his end-of-the-year news conference at the White House in December. Credit Al Drago/The New York Times

WASHINGTON — Of the many questions left unanswered by the American intelligence agencies’ accusation that Russia’s president, Vladimir V. Putin, led a multilayered campaign to influence the 2016 presidential election, one stands out: Why did it take the Obama administration more than 16 months to develop a response?

The short answer, suggested by the report the agencies released on Friday, is that the United States government is still responding at an analog pace to a low-grade, though escalating, digital conflict.

The report, compiled by the F.B.I., the C.I.A. and the National Security Agency, makes no judgments about the decisions that the agencies or the White House made as evidence of Russian activity mounted. But to anyone who reads between the lines and knows a bit of the back story not included in the report, the long lag times between detection and reaction are stunning.

The delays reveal fundamental problems with American cyberdefenses and deterrence that President-elect Donald J. Trump will begin to confront in two weeks, regardless of whether he continues to resist the report’s findings about Russia’s motives.

The intrusion hardly had the consequences of Pearl Harbor some 75 years ago, when the incoming force was seen on radar and dismissed. But it had similar characteristics. Then, as now, a failure of imagination about the motives and plans of a longtime adversary meant that government officials were not fully alert to the possibility that Mr. Putin might try tactics here that have worked so well for him in Ukraine, the Baltics and other parts of Europe.

And while American intelligence officials — who were focused primarily on the Islamic State and other urgent threats like China’s action in the South China Sea and North Korea’s nuclear and missile threat — saw what was happening, they came late to its broader implications.

It was telling that within an hour of the release of the report on Friday, the secretary of homeland security, Jeh Johnson, declared for the first time that America’s election system — the underpinning of its democracy — would be added to the list of “critical infrastructure.” This after years of cyberattacks on campaigns and government agencies.

In the intelligence report’s most glaring example of the government’s lagging response, it says that “in July 2015, Russian intelligence gained access to Democratic National Committee networks” and stayed there for 11 months, roaming freely and copying the contents of emails that it ultimately released in the midst of the election. Classified briefings circulating in Washington indicate that British intelligence had alerted the United States to the intrusion by fall 2015.

Almost immediately, a low-level special agent with the F.B.I. alerted the Democratic National Committee’s information technology contractor, which doubted the call and did nothing for months. The F.B.I. failed to escalate the issue, even though it was clear from the start that the attackers were almost certainly the same Russians who had mounted similar campaigns against the State Department, the White House and the Joint Chiefs of Staff.

At a news conference in December, President Obama made it clear that he was not aware of any of this until mid-2016, nearly a year after the hacking began and the British had sent up a flare.

“At the beginning of the summer,” Mr. Obama said, “we’re alerted to the possibility that the D.N.C. has been hacked, and I immediately order law enforcement as well as our intelligence teams to find out everything about it” and to brief “potential victims” and “the relevant intelligence agencies.”

It was not until Oct. 7, 2016, 15 months after the initial hacking attack, that the intelligence agencies first publicly blamed Russia. Even then, Mr. Obama made it clear that he did not want to escalate the situation before the election, for fear of getting into a tit-for-tat cyberwar in which Russia might try to alter the actual vote tallying. (It did not.)

“We were just too slow, at every turn,” one of Mr. Obama’s top aides said in an interview late last year.

The director of the N.S.A., Adm. Michael S. Rogers, has said the problem was hardly limited to this case. “The biggest frustration to me is speed, speed, speed,” he told the Senate Armed Services Committee on Thursday, in response to a question from Senator Jack Reed of Rhode Island, the top Democrat on the panel, about the obstacles to seeing a threat from abroad and acting on it here in the United States.

“We have got to get faster; we’ve got to be more agile,” said Admiral Rogers, who clashed with White House officials when they thought he was acting too slowly against the Islamic State. “We can’t be bound by history and tradition here. We have to be willing to look at alternatives.”

Mr. Putin, for his part, played a weak hand skillfully, blending old information-warfare techniques with the echo chamber created by the internet. It is clear that Mr. Putin saw a huge vulnerability in the American system that was ripe to be exploited.

The country’s highly partisan politics, with cable channels and websites devoted to pressing an agenda for the fully convinced and the half-convinced, made it more vulnerable to any disclosures that could capture a news cycle. Add to that the uniquely Russian combination of covert espionage and the disclosure of the emails it harvested, as well as the release of “kompromat” — compromising information about politicians and policy makers — and “fake news,” a tactic not above American officials at times.

As the report released on Friday makes clear, this is hardly the end of the story. Elections are coming up in France and Germany, where Mr. Putin has a great interest in the outcomes. Anything that weakens the NATO alliance, in the Kremlin’s view, strengthens Russia’s hand.

And then there is the next election cycle in this country.

Until now, when government officials thought about “critical infrastructure,” they usually thought of physical places and things: the power grid, the cellphone network, airports and even historical sites, like the Washington Monument.

“Election infrastructure is vital to our national interests, and cyberattacks on this country are becoming more sophisticated, and bad cyberactors — ranging from nation-states, cybercriminals and hacktivists — are becoming more sophisticated and dangerous,” Mr. Johnson said.

The same words could have been written after the Chinese went into the networks of Mr. Obama’s campaign and that of his Republican opponent in 2008, Senator John McCain of Arizona. They could have been written after the Iranians responded to the American-Israeli attack on their nuclear facilities by attacking American banks, or when the North Koreans went after Sony Pictures Entertainment in retaliation for a comic film that envisioned the assassination of Kim Jong-un, the nation’s leader.

And the warning about Russia — a public intelligence report like the one issued on Friday — might have been written after the F.S.B. and the G.R.U., the two major Russian intelligence agencies, struck the computer systems of the State Department, the White House and the Joint Chiefs of Staff.

Instead, the government decided not to publicly name who had been behind the attacks. That has changed, at least for now. It is unclear whether Mr. Trump will decide that disclosure or silence is the best policy.