After weeks of news stories describing Russian intelligence operations to hack into the U.S. political system, many Americans may be wondering what the Obama administration intends to do about it.
The answer: Not very much, at least in the short term, current and former U.S. national security officials say.
While officials have said privately they have solid evidence that Russia is behind a series of intrusions that could amount to interference in the U.S. presidential election, several tell NBC News Obama is unlikely to “name and shame” Russia before the November vote.
Among the reasons: officials don’t want to reveal intelligence sources and methods that provide them insight into the activities Russian cyber spies; the U.S. is seeking Russian cooperation in Syria; and American officials worry that an escalating cyber tit for tat between the two powers could hurt U.S. interests more than it helps.
U.S. officials are also concerned about any effect their pronouncements could have on the election itself, some say.
It is also possible, they say, that the administration will retaliate secretly, in a way the public will never see.
But the lack of a clear public response highlights the extent to which the U.S. has not come to grips with the new era of covert cyber war, U.S. officials and outside experts say.
The Obama administration finds itself stymied by its own failure to formulate a framework for responding to cyber attacks, despite years of serious and damaging intrusions. The administration reacted quickly and angrily when North Korea hacked the Sony movie studios in 2014, but has been much more measured about what officials say is a massive Chinese government-sponsored campaign to steal American intellectual property.
And when Chinese intelligence services stole millions of government personnel records last year from a poorly protected database, some top officials praised their gumption while others called it a major affront.
“It’s complicated by the desire not to have a breach with the Russians."
There is no coherent doctrine defining what constitutes war, theft, or espionage.
“The government hasn’t done its job,” said Nathaniel Fick, a Marine combat veteran and chief executive of Endgame, a cyber security firm.
“Some of it is, they really don’t know what do to back,” added James Lewis, a cyber expert at the Center for Strategic and International Studies, a bipartisan policy research group. “It’s also complicated by the desire not to have a breach with the Russians in order to work out a deal on Syria.”
U.S. intelligence agencies are investigating whether there is a broad covert campaign by Russian intelligence agencies to interfere in the election. But officials tell NBC News they are confident the Russian government ordered the hacks of Democratic National Committee emails that were then leaked.
American officials also see Russia’s hand behind an intrusion into the Illinois state voter registration database, and an attempted hack into Arizona’s. The intent behind that operation is unclear.
The release of the DNC emails went well beyond the norms of cyber espionage, and demands a response, said Susan Hennessey, a former lawyer at the National Security Agency, the intelligence community’s cyber spying arm, who is now a fellow at the Brookings Institution.
Russia, China, the U.S. and other nations routinely hack into political organizations in adversary nations for the purpose of gathering information. But to leak documents in an apparent attempt to influence the election is a different matter.
“That’s really very serious,” Hennessey said. “It’s something that we’ve seen Russia do in other contexts but never in the United States. Not responding is itself a policy choice — a choice that comes with consequences.”
But White House officials have not treated the matter as a serious breach of the unwritten spying rules. The White House declined to comment when contacted by NBC News.
Asked about the issue this week, Obama used lawyerly language as he stressed the need to avoid escalation.
“This administration has really been trying hard to keep a lid on any kind of escalation."
"I'm not going to comment on specific investigations that are still live and active,” the president said in China after meeting with Russian leader Vladimir Putin. "But I will tell you that we've had problems with cyber intrusions from Russia in the past, from other countries in the past...our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so that everybody is acting responsibly.”
Obama pointed out that the U.S. has the world’s most sophisticated cyber capabilities, and experts say there is no doubt that American hackers could inflict serious pain on Putin’s regime if it chose to do so.
For example, Lewis said, Putin’s oligarch allies keep most of their money in offshore accounts that could be vulnerable to manipulation through cyber means.
But the U.S. has been generally unwilling to hack into banks because it has too much to lose if that behavior became normalized, said Gary Brown, a retired Air Force colonel who is Professor of Cybersecurity at Marine Corps University in Quantico, Virginia.
In the financial sector, as in many things, the U.S. is the most networked country in the world, and therefore is the most vulnerable. That fact of life tends to instill caution in U.S. policy makers.
“This administration has really been trying hard to keep a lid on any kind of escalation in cyber space,” Brown said.
For example, he said, Obama chose to call the Sony hack an act of “cyber vandalism,” instead of an attack, and responded with sanctions, not hacking — at least publicly.
And Director of National Intelligence James Clapper has consistently played down reported cyber intrusions by Russian and China. The 2014 theft of millions of government personnel records that officials linked to China was not a cyber attack, he said, but “passive intelligence collection activity -- just as we do.”
In July, Obama issued a presidential policy directive on how the federal government would respond internally to cyber incidents, not to be confused with a doctrine for cyber war.
The new policy puts the Department of Justice and the FBI in the lead, Brown noted.
“As long as we keep calling this criminal activity, we are not going anywhere near war and conflict,” he said.
The U.S. is engaging in a secret cyber war against ISIS, officials say, including using fake social media accounts to expose the locations of ISIS operatives and sending spoof orders to undermine confidence in their communications. That effort is run as a military operation by U.S. Cyber Command, which is led by the joint-hatted NSA director.
But current and former officials say the Obama administration is much more restrained when it comes to covert operations against adversaries such as Russia and China with which the U.S. is not technically at war, even if their intelligence services are hacking American private and government computers every single day.
The NSA is second to none when it comes to stealing information for intelligence purposes, they say, but officials are reluctant to approve operations that manipulate, destroy or leak data to achieve a foreign policy result. Russia, for one, seems not to share that reluctance, they say.
The risk of restraint, Brown and others say, is that the U.S. may be sending the message that it will tolerate a high level of hacking into its private and government networks.
“The continual non-response to these kinds of activities is potentially setting a precedent,” Brown said. “We are moving the bar pretty far and we have to think about the implications.”
