On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security, issued a dire warning: the recently discovered major computer intrusion by Rusian hackers “poses a grave risk” to federal, state, and local governments as well as private companies and organizations. Confirming previous accounts, CISA reported that the attacks began in March, but added that they are ongoing—meaning the malware that’s been placed on computers may still be capturing valuable information.
The scope of these attacks is still being determined. In addition to the Departments of Commerce, Treasury, State, Homeland Security and Defense, journalist Natasha Bertrand reported at Politico that the Energy Department and its National Nuclear Security Administration, which maintains the safety of the U.S. nuclear weapons stockpile, were compromised. Microsoft released a statement saying that it had identified 40 companies, government agencies, and think tanks that the suspected Russian hackers, at a minimum, had infiltrated.
Democratic Senator Dick Durbin of Illinois—not one to engage in hyperbole— is sounding the alarm loud and clear.
Russia is relentlessly trying to invade America’s cyberspace and this latest hack proves they are having at least some success. We must start taking Russia’s ongoing threats to our democracy more seriously. pic.twitter.com/Oh88SNHf3l
— Senator Dick Durbin (@SenatorDurbin) December 16, 2020
Alluding to the danger of Donald Trump’s affection for Moscow, Durbin said that “we can’t be buddies with Vladimir Putin and have him, at the same time, making this kind of cyber attack on America. This is virtually a declaration of war on the United States by Russia and we should take it that seriously.”
Just as the president did nothing in response to learning that Russia had placed bounties on American military personnel serving in Afghanistan, he has remained silent in response to this attack.
In light of this cybersecurity breach, it is worth remembering that the first face-to-face meeting between Putin and Trump occurred in Hamburg during the July 2017 G-20 summit. The focus at the time was on whether Trump would confront Putin about Russian interference in the 2016 election. But their initial two-hour meeting was reported to have included discussions about Syria, terrorism, and cybersecurity. Initially, Trump didn’t say much about what the two leaders discussed. But two days later, he tweeted this:
Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded..
— Donald J. Trump (@realDonaldTrump) July 9, 2017
That is particularly alarming given what journalist Max Fisher wrote about Russia’s strategy for cyber warfare laid out by General Valery V. Gerasimov in 2013.
The Arab Spring, according to General Gerasimov, had shown that “nonmilitary means” had overtaken the “force of weapons in their effectiveness.” Deception and disinformation, not tanks and planes, were the new tools of power. And they would be used not in formally declared conflicts but within a vast gray between peace and war.
Those ideas would appear, the next year, in Russia’s formal military doctrine. It was the culmination of a years long strategic reorientation that has remade Russian power, in response to threats both real and imagined, into the sort of enterprise that could be plausibly accused of using cyberattacks to meddle in an American presidential election.
In other words, in that tweet, Trump openly admitted to inviting the fox to guard the henhouse.