Asking the Right Questions about Russian Hacking
Back in my GI days I participated in an intelligence exercise designed to simulate how we would go about defining and gathering information on priority intelligence requirements (PIRs) during peacekeeping operations. After 3 days of scenario-driven activities, an experienced warrant officer chided us young captains on failing to ask the right questions when defining our PIRs. With the publication of the Office of National Intelligence's (ONI's) report on Russia's attempts to influence the presidential election, I find myself wondering if we as a nation are asking the right questions -- and drawing appropriate conclusions -- regarding the report's findings.
Let's set aside, for a moment, any concerns that might exist regarding individual political leanings and the inherent difficulties of "proving" a hack in an unclassified report where you can't disclose sources and methods. Let us also assume a reasonable amount of integrity, professionalism, and capability in the intelligence community as a whole. Given those assumptions, in my mind the questions and conclusions are fairly straightforward:
Did Russia attempt to influence the US election? Even before the report was published I believe the answer to this one should be an obvious "yes" as any major political nation-state -- including the US -- attempts to influence the the outcomes of rival and/or potentially hostile entities into positions/situations which favor their interests. No one should be shocked at this conclusion.
Did Russia exploit networked systems as a means of attempting influence over the US the election? Again, the answer should also be an obvious "yes," even before the publication of the ONI report. Nation states and criminal activities routinely attempt to exploit vulnerabilities in networked systems in order to access data and gain advantage over corporate enemies and/or other nation states. No surprises here, either.
Did Russia engage in acts of cyber warfare in their attempts to influence the US election? "Cyber warfare" is a term that is somewhat overused these days; I prefer the term Cyber Network Operations (CNO) as referenced by Ira Winkler and Araceli Treu Gomes in their book Advanced Persistent Security. Winkler and Gomes go further to break down CNO into three distinct parts: Cyber Network Exploitation (CNE), Cyber Network Defense (CND) and Cyber Network Attack (CNA). VERY loosely stated, these terms can be defined as espionage (CNE); securing your own systems (CND); or offensively utilizing networks and systems to to accomplish a specific goal (CNA) Under these terms, Russia's (a) leaking of the information it obtained via CNE activities; (b) setting up false online news outlets; and (c) spreading of fake news/propaganda created by third parties does constitute CNA whether the activities were successful or not.
The ultimate question that most people are, of course, concerned with is this: Did Russia actually influence the US presidential election? On the one hand, there is no indication that Russian CNE activities infiltrated vote counting systems in any state; on the other hand, the results of Russia's CNA efforts may have either kept people home during election day or swayed the very-close margins in key battleground states in the president-elect's favor. In the end we may never know...but I submit that this is the wrong question.
The larger question -- the one which the next administration and we as a nation will have to answer -- is: If we agree that Russia did engage in CNA activities against the US...what do we do about it? Regardless or success or failure of the attack, are we content to leave such an attack unchallenged and unanswered? If we do, will this merely encourage others to attempt such activities with impunity against the US?
The 2016 election is over; the president-elect assumes office in less than two weeks. If we wish to continue the focus on Russia hacking activities it should be in the context of answering the right questions versus debating the wrong ones.
My two cents...