The Trump administration and the incoming Biden administration are considering how to respond to the Russian SVR’s recently detected SolarWinds cyberattack. While President Trump appears to have avoided retaliation as of yet, the United States has abundant means of doing so.
The first point to note here is that America’s cyber forces are already far behind the Russian gates. Ironically, considering the abundance of his leaks, many of the most significant weapons in the U.S. cyberoffensive portfolio were deployed after Edward Snowden went public. But their quality and targeting versatility should not be underestimated. The National Security Agency and the Pentagon’s associated Cyber Command now have the ability to cripple every major sector of the Russian state, society, and economy. Russian President Vladimir Putin’s energy production, energy supply, financial, telecommunication, transport, military, and government networks have all been penetrated with numerous access tools. Were it so ordered, the NSA could activate one, some, or all of these tools to disrupt, manipulate, or destroy the operation of Russian services. Whether it would do so outside of total war, considering the damage to civilian interests, is rightly another matter.
But the key point, as it pertains to responses to SolarWinds, is that the best NSA tools are both deniable and redundant. Put simply, Russia would find it very, very, very difficult to identify the source of the cyberattack quickly, counter it, and restore relevant services. To emphasize this point to the Russians, the NSA will activate one of its ports occasionally to send a sort-of cyber wave (or cyber tap dance) within Russian systems. The intent: Let the Russians know that their best security has been breached and their vulnerability is factored into attack options offered to U.S. policymakers. One imagines that Russian cyberdefenders find it rather frustrating when they bring online a new firewall, only to find that a hack has been already embedded behind the wall. This is deterrence of a subtle but potent kind. While much of the credit for these capabilities is down to the officers of the NSA, their CIA colleagues have also assisted in generating physical access ports to some of the more closely guarded Russian networks. The NSA’s top foreign partner, Britain’s GCHQ signal intelligence service, has also been valuable. GCHQ’s counterencryption software development is especially impressive.
Still, there’s a deeper question that few in the U.S. government want to address publicly when it comes to the SolarWinds hack. Namely, whether Russia has actually crossed an intelligence red line here — or whether retaliation of a serious kind is actually necessary or valuable from a U.S. interest perspective.
To be sure, the major Russian intelligence services, especially the FSB and GRU, are comfortable with shredding once commonly understood rules of the espionage world. One rule they like to break, for example, is that of not conducting physical or technical attacks on foreign intelligence officers. Unfortunately, neither the Obama administration nor the Trump administration has sufficiently enforced these rules, thus entertaining the Russian belief that the rules have shifted to their discretion. Regardless, the SolarWinds hack wasn’t so much of an attack as it was a successful example of superb cyber tradecraft: identifying an adversary vulnerability, covertly manipulating that vulnerability, and collecting information from it over a sustained period. The top-line follows: As of this very moment, the U.S. is doing very much the same to Russia as the SolarWinds hack did to the U.S. Except the U.S. is doing it more covertly, effectively, and at a far greater scale.
This is not to say that retaliation be ruled out. It may very well be that Russia will use SolarWinds to actively damage U.S. networks or businesses (SolarWinds has obviously suffered already due to loss of confidence in its portfolio). If so, the U.S. must deter Moscow from such attacks. But to retaliate regardless would risk the patiently earned benefits of intelligence collection. Front and center: the NSA’s Russia network access in producing real-time and near real-time monitoring of Russian government and major industry network activity.
The choice and measure of U.S. response is one area where the president has great flexibility across the range of cyberconflict. But cyberspace is also an area where sometimes it’s best to tread carefully.
