Russia’s apparent interference in the United States’ Presidential election marks an escalation in the targeting of state sponsored cyber attacks.  What the US does in response to this strike against the very basis of our (somewhat) fair and free elections process really matters.

Letting Russia achieve its goals without any response is problematic, as it would encourage them and other state and non state actors to continue to target the US without fear of retribution.  If you believe (as I do) that cyber operations will play a significant role in 21st century conflicts, doing nothing is clearly not an acceptable response. 

So, if the US were to respond, what is a proportionate response?  As imperfect as our electoral system is, interference in Putin’s sham elections in which there is no opposition with a snowball’s chance in hell of winning, is clearly a non starter.  A limited attack on critical infrastructure (shutting down the electric system in Novosibirsk) sounds good at first, but would seem to violate the laws of war about collective punishment and targeting civilians. There is also a risk that mounting such an attack would tip off Ivan to methods and sources, and make it harder to use such weapons in war time.  An attack on a manufacturing control system aimed at shutting down production or damaging machinery might be more appropriate as a demonstration of both capabilities and intent.  

So, if the US were to take out Vodka Distillery No. 6, should we take public credit or would a private note government to government be enough to deter future attacks?  It seems to me that taking public responsibility for such an attack is important if we want to deter Russia and other state and non state actors in the future.  

Of course, all of this seems to be academic as the next administration clearly benefited from this attack and seems to include many with close ties to Russia and Putin.  Even if the Obama administration could plan, mount, and execute a response it is unclear whether the new administration would pursue a policy of continuing response over the next four years. Without threats of future retaliation for new cyber attacks, a response now would be a one time gesture of revenge. 

Getting political here for a minute, it seems to me that a President who does not pursue a program of responding to serious attacks by a nation state on our homeland would be, at the very least, not be doing their job and at worst, acting as an agent of a foreign state. Time will tell what President Trump will do, but you will have to pardon me if my expectations are low.

In the coming days, the Obama administration should make every effort to collate and make public all the evidence of the Russian government’s role in this affair.  Then, it is up to we as a people to demand a proportional response from our elected officials.

Sometimes, saving money can cost you money (like $81 million)…  Apparently the hackers who made off with millions from the Central Bank of Bangladesh had some help from the bank’s IT department, who decided to save money by foregoing firewalls and purchasing used routers that could not segregate private from public traffic.   My new favorite information security quote of all time was in this article:

A firewall would have made attempts to hack the bank more “difficult” Mohammad Shah Alam, a forensic investigator who works on the Bangladesh team investigating the theft, told Reuters.

Yes.   Yes it would.  Can’t get anything past this guy.