• Monday, Nov 29, 2021
  • Last Update : 11:02 am

Biden's options for Russian hacking punishment: sanctions, cyber retaliation

  • Published at 10:21 am December 21st, 2020
Joe Biden
File photo of US President-elect Joe Biden announces nominees and appointees to serve on his health and coronavirus response teams during a news conference at his transition headquarters in Wilmington, Delaware, US, December 8, 2020. REUTERS

US President Donald Trump only acknowledged the hacking on Saturday almost a week after it surfaced

President-elect Joe Biden’s team will consider several options to punish Russia for its suspected role in the unprecedented hacking of US government agencies and companies once he takes office, from new financial sanctions to cyberattacks on Russian infrastructure, people familiar with the matter say.

The response will need to be strong enough to impose a high economic, financial or technological cost on the perpetrators, but avoid an escalating conflict between two nuclear-armed Cold War adversaries, said one of the people familiar with Biden’s deliberations, speaking on condition of anonymity.

The overarching goal of any action, which could also include stepped-up counter cyber espionage efforts, would be to create an effective deterrence and diminish the potency of future Russian cyber spying, the person said.

The unfolding crisis - and the lack of visibility over the extent of the infiltration into the computer networks of federal agencies including the Treasury, Energy and Commerce Departments - will push to the front of Biden’s agenda when he takes office on January 20.


Also read: Biden, Mexico leader discuss migration


President Donald Trump only acknowledged the hacking on Saturday almost a week after it surfaced, downplaying its importance and questioning whether the Russians were to blame.

The discussions among Biden’s advisers are theoretical at this point and will need to be refined once they are in office and have full view of US capabilities.

Biden’s team will also need a better grasp of US intelligence about the cyber breach before making any decisions, one of the people familiar with his deliberations said. Biden’s access to presidential intelligence briefings was delayed until about three weeks ago as Trump disputed the November 3 election results.

With Trump taking no action, Biden’s team are concerned that in the coming weeks the president-elect may be left with only one tool: bluster, according to one of the people familiar with his options.

“They’ll be held accountable,” Biden said in an interview broadcast on CBS on Thursday when asked about how he would deal with the Russian-led hack. He vowed to impose “financial repercussions” on “individuals as well as entities.”

File photo: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS

Test of working with allies

The response could be an early test of the president-elect’s promise to cooperate and consult more effectively with US allies, as some proposals likely to be put before Biden could hit the financial interests or infrastructure of countries friendly to the United States, a person familiar with the matter said.

“Symbolic won’t do it” for any US response, said James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies, a Washington think tank. “You want the Russians to know we’re pushing back”

A spokeswoman for Biden’s transition team did not respond to a request for comment.


Also read: US government hack: Espionage or act of war?


The massive data breach, first reported by Reuters, enabled hackers believed to be from Russia’s SVR foreign intelligence service to explore the networks of government agencies, private companies and think-tanks for months.

Moscow has denied involvement.

One potential target for US Treasury financial sanctions would be the SVR, said Edward Fishman, an Atlantic Council fellow who worked on Russia sanctions at the State Department during the Obama administration.

Media reports have suggested the SVR-linked hacking group known as "Cozy Bear" or APT29 was responsible for the attacks. The United States, Britain and Canada in July accused here "Cozy Bear" of trying to steal Covid-19 vaccine and treatment research from drug companies and academic institutions.

File Photo: Russian President Vladimir Putin attends an inauguration ceremony of power stations in the cities of Sevastopol and Simferopol through videolink during his visit to Sevastopol, Crimea, March 18, 2019 Reuters

“I would think, at the bare minimum, imposing sanctions against the SVR would be something that the US government should consider,” Fishman said, noting that the move would be largely symbolic and not have a major economic impact. The US Treasury has already imposed financial sanctions on other Russian security services, the FSB and the GRU.

Financial sanctions against Russian state companies and the business empires of Russian oligarchs linked to Russian President Vladimir Putin may be more effective, as they would deny access to dollar transactions, both Fishman and Lewis said.

Those targets could include aluminum giant Rusal, which saw US sanctions lifted in 2018 after blacklisted Russian billionaire Oleg Deripaska reduced his stake to a minority in a deal with the Treasury.

Lewis said a stronger option could be to cut Russia off from the SWIFT international bank transfer and financial messaging system, a crippling move that would prevent Russian companies from processing payments to and from foreign customers.

Such a move was contemplated in 2014 when Russia annexed Ukraine’s Crimean peninsula, but it would hurt the Russian energy sector, complicating gas sales to Europe and hit European companies with Russian operations.

Neither the Treasury nor State Department responded to questions about possible actions in response to the hacking.

The Pentagon’s US Cyber Command likely has options for counter actions that could cripple Russian technology infrastructure, such as disrupting phone networks or denial of internet actions, Lewis said, adding that this too could hurt European allies.

“They’ll need to think through the diplomacy of that,” Lewis said.

The hackers likely left behind some malicious code that would let them access US systems for retaliation against any US cyber attack and it will take months to find and eliminate those “Easter eggs,” he added.

52
Facebook 51
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail