|
U.S. treads water on cyber policy as
destructive attacks mount
Send a link to a friend
 [July 26, 2017]
By Joseph Menn
SAN FRANCISCO (Reuters) - The Trump
administration's refusal to publicly accuse Russia and others in a wave
of politically motivated hacking attacks is creating a policy vacuum
that security experts fear will encourage more cyber warfare.
In the past three months, hackers broke into official websites in Qatar,
helping to create a regional crisis; suspected North Korean-backed
hackers closed down British hospitals with ransomware; and a cyber
attack that researchers attribute to Russia deleted data on thousands of
computers in the Ukraine.
Yet neither the United States nor the 29-member NATO military alliance
have publicly blamed national governments for those attacks. President
Donald Trump has also refused to accept conclusions of U.S. intelligence
agencies that Russia interfered in the 2016 U.S. elections using cyber
warfare methods to help the New York businessman win.
"The White House is currently embroiled in a cyber crisis of existential
proportion, and for the moment probably just wants 'cyber' to go away,
at least as it relates to politics," said Kenneth Geers, a security
researcher who until recently lived in Ukraine and works at NATO's think
tank on cyber defense. "This will have unfortunate side effects for
international cyber security."
Without calling out known perpetrators, more hacking attacks are
inevitable, former officials said.
"I see no dynamics of deterrence," said ex-White House cyber security
officer Jason Healey, now at Columbia University.
The government retreat is underscored by the departure at the end of
July of Chris Painter, the official responsible for coordinating U.S.
diplomacy on cyber security. No replacement has been named and the
future of the position in the State Department is in flux.
Some of Trump's cyber officials have publicly highlighted a strategy to
focus less on building global norms and more on bilateral agreements.
Trump and the Kremlin have said Russia and the United States are in
discussions on creating a cyber security group.
But at the big Black Hat and Def Con security conferences this week in
Las Vegas the U.S. government will have an unusually light footprint.
Past government speakers have included a head of the National Security
Agency and senior Homeland Security officials.
A session featuring U.S. law enforcement officials discussing the
purported theft by Russia of hundreds of millions of Yahoo account
credentials was pulled at the last minute. A spokeswoman for the Federal
Bureau of Investigation said the presentation was canceled because the
Yahoo expert slated to talk, Deputy Assistant Director Eric Sporre, had
been reassigned to run the Tampa FBI office.
[to top of second column] |
A man holds a laptop computer as cyber code is projected on him in
this illustration picture taken on May 13, 2017. REUTERS/Kacper
Pempel/Illustration/File Photo
The policy vacuum left by the United States is also affecting
private security firms, which say they have grown more cautious in
publicly attributing cyber attacks to nation-states lest they draw
fire from the Trump administration.
Trump suggested in an April interview that the security firm
CrowdStrike, which worked on investigating the election hack of the
Democratic National Committee, might not be trustworthy because he
was told it was controlled by a Ukrainian. It is not.
Cyber policy veterans are particularly alarmed about the lack of
U.S. and NATO response to the destructive attack, dubbed NotPetya,
in June that struck computers worldwide but was especially harmful
for Ukraine, which is in armed conflict with Russia in the east of
the country.
Cyber security experts, such as Jim Lewis of the Center for
Strategic and International Studies, a government veteran who
advised former President Barack Obama, believe Russia carried out
the attack. The Russian defense ministry did not immediately respond
to requests for comment.
Lewis and others predicted that Trump will not publicly accuse
Russia, and NATO has only said it appears to be the work of a
government agency somewhere.
"If you are not ringing alarm bells in an eloquent way, then I think
you're dropping the ball," said retired CIA officer Daniel Hoffman,
who worked on Russian issues. "When we fail to do enough, that just
emboldens them."
(Additional reporter by Dustin Volz in Washington and Jack Stubbs in
Moscow; Editing by Jonathan Weber and Grant McCool)
[© 2017 Thomson Reuters. All rights
reserved.]
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
