We learned this week that hackers have been spying on the U.S. departments of State, Homeland Security, Commerce and the Treasury and maybe the Nuclear Security Administration — bad, bad stuff. The intrusion began in the spring, and the hackers are thought to be working for the Russian government. And the ongoing news about this hack has me and others worried about all kinds of things from a physical attack on critical infrastructure to data manipulation to more election shenanigans.
I wondered, what should I be worried about? It’s a topic for “Quality Assurance,” where I take a second look at a big story in the news. I spoke with Jackie Schneider, a fellow at the Hoover Institution at Stanford University. The following is an edited transcript of our conversation.
Jackie Schneider: The bad news is that the Russians have a long history of using this kind of information to try and manipulate trust. And so I think that’s something that we should worry about, especially as we are a little over a month out from a big transition between the Trump administration and the Biden administration, and that the Russians will use information that they have achieved in these hacks, or even use the fear of the information that they’ve received in these hacks, to create even more public distrust of that transition between the two administrations.
Molly Wood: So what might that look like, this degradation of trust, or even a campaign to further erode Americans’ confidence in institutions?
Schneider: I think we’re already starting to see it. There’s already starting to be linkages between this hack and the Dominion electoral voting. And you’re starting to see them line these things up to show that there is some sort of discredit in the way the U.S. conducted its election systems, and that there might be some sort of foreign influence inside them. So we can imagine that. We can also imagine, it seems like this hack may have downloaded potentially sensitive or at least private emails between key government officials. And we can imagine, the Russians have used this in the past to leak information to make the government look bad, to create distrust between different sectors of the government. I mean, this could be particularly dangerous as we look at the transition in the Department of Defense, because we’ve had a lot of problems with civilian military politicization. And if they were to reveal maybe private emails, and that maybe represent a different kind of private feeling than what they’re publicly saying, you could create fractures that could continue to create distrust in the American public.
Wood: I mean, so really, all of this is sort of a continuation of an ongoing effort that was probably most prominent in 2016, right? Like, take existing divisions, amplify them, hopefully create more and weaken the nation in the process?
Schneider: Yeah, that’s always been something that Russia has fallen back on. They are conventionally much less capable than the United States — economically, much less capable, and even their nuclear inventory is not as robust. So the only thing they really have to cause influence against the United States is to try and seed chaos. And so we can imagine them doing a whole lot more of that, especially because they might be worried that a Biden administration would have a much harder line against Russia than they’ve seen out of the Trump administration.
Wood: So the idea is to weaken that administration in every possible way before it even comes into office?
Schneider: Exactly. I mean, I think we’re going to see the cleavages that have occurred in American society over the last four years, but really that we’ve seen solidify over this last year and during the pandemic. We’re going to see the Russians playing on that even more, and this information can be used in really creative ways to try and exacerbate those cleavages.
Wood: Another very specific concern that people have talked about is also degradation of trust in our financial system, which so far the Fed, Treasury have been relatively untouched by the disinformation wars.
Schneider: Yeah, I think that’s something we really need to worry about as we think about the future of cyberthreats in general. Russia has incentives and disincentives to mess with financial systems. Their disincentive is they’re still very keyed into the global economic system. So I think that’s another kind of follow-on worry is that what if the Russians can give some of this information to the cyber criminals that are proliferating all over Russia. Then we could see a lot more cyber criminal activity happening in the financial system as well.
Wood: What does all of this say about our cyber strategy and how we approach this somewhat philosophically? We think of hacking as a thing you use to break things. And it seems as though we have not yet internalized the idea of information warfare.
Schneider: Yeah, you know, this is a big reckoning time. There was a big change in the Trump cyber strategy. The Obama cyber strategy was much more focused on deterrence, sanctions, norms. The Trump strategy really leaned more heavily on the Department of Defense, this new concept of defend forward, which is this idea that they will proactively go out to adversaries’ cyber networks and try and stop the attacks even before they happen. But I think that what this particular incident reveals to us is that cyber espionage and the ability of states to grab huge amounts of information, this is going to continue. And the U.S. is going to have to rethink some of its strategy. And I think the other thing that the Biden administration is going to really need to think about is, should we be more aggressive in trying to shut down Russian cyber offensive capabilities, instead of just information sharing and defense?
Wood: I know this isn’t necessarily your area, but what about the information part? How do we make stopping disinformation, restoring the idea of information, part of our cyber strategy? Does it fit in there at all?
Schneider: It does, but it’s such a huge problem. I mean, a lot of this is a reckoning that the U.S. American population needs to have about civics, and about trust with one another and how we evaluate information and our sources of information, which is a much bigger problem than just the cyber problem. But I think what we’ve seen over the last few months with the election is that the social media companies have been experimenting and trying policies on their and to see what they can do to try and mitigate disinformation. And largely, completely not talking to the federal government, and sometimes in a very adversarial relationship with the federal government. That’s something that I think the Biden administration can actually work on — reaching out to these tech companies and trying to create cohesive federal policies that align with our beliefs and civil liberties, that align with our beliefs in our civics so that we have better policies across the board for how to have not censored conversations, but civic and civil conversations, so that we can restore trust in information.
Related links: More insight from Molly Wood
You heard me mention the Energy Department’s National Nuclear Security Administration. Politico reported Thursday that hackers may have accessed the networks of those agencies, raising fears about nukes. Also, on Thursday CISA, the federal cybersecurity agency, put out an update on the situation, noting that “this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.” And somewhat more worryingly, it said that it seems like the SolarWinds software was not the only way that hackers were able to get into vulnerable systems, although no more details on that so far.
President Donald Trump’s former Homeland Security adviser, also an adviser to former President George W. Bush, wrote a New York Times piece Wednesday, saying, “The magnitude of this ongoing attack is hard to overstate.” He urged Congress and the Trump administration to quit dinking around with politics, pass the National Defense Authorization Act and lever some real punishment in Russia’s direction. Which I know, but he had to say it.
And meanwhile, I can’t help but think and tweet that if a primary goal is to sow more distrust, disinformation and fear, then we in the media are in a tough spot, too. Because even information about this hack, even true information, might be construed as part of a hack and leak effort designed to get us to report stories that get people all worked up and amplify fear and distrust in everything from the safety of our national Treasury to whether nukes might be flying any second now.
I don’t know what the answer is, except to try to be as honest, transparent, careful and responsible as we possibly can be, and this is the part where it’s OK to be like “I’m tired.” I was ready for some eggnog and a long winter’s nap.
The future of this podcast starts with you.
Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.
As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.