Why the US Should be Careful on Deciding When and How to Respond to Russia’s Hacking

“We have a lot at risk if we want to start that sort of game.”

By Michael MarksDecember 22, 2016 1:30 pm

CrowdStrike – a cybersecurity firm – has linked malware used in the hacking of the Democratic National Convention’s emails to similar malware used by the Ukrainian army against pro-Russia separatists, the Washington Post reports.

The cybersecurity firm released a report stating that they have strong proof that one of the two groups that hacked the DNC is a unit of GRU – Russia’s military intelligence agency. The FBI has made a determination privately, the Washington Post reports, but has yet to publicly announce the link. After the election, the CIA concluded that Russia engaged in a cyber campaign to help elect Donald Trump.

In an interview with NPR last week, President Barack Obama said the U.S. would seek to either put economic sanctions on Russia or retaliate in cyberspace.

“I think there is no doubt that when any foreign government tries to impact the integrity of our elections … we need to take action,” he said. “And we will — at a time and place of our own choosing. Some of it may be explicit and publicized; some of it may not be.”

Earlier this week President Obama tightened sanctions against certain Russian companies and businessmen. But Republican U.S Rep. Will Hurd (R-Helotes) was not impressed by the president’s actions, as he made clear Wednesday on CNN:

“There has to be a clear response to this behavior so it doesn’t happen in the future,” he said. I’ve been calling for months – at a minimum, we should have at least kicked the Russian Ambassador out of the United States – or the senior intelligence officer. Just show that we’re not playing around. It’s not enough to tell someone to cut it out. There has to be a clear consequence to this kind of behavior.”

How the U.S. should respond to the cyber attacks is a complicated question, both practically and legally. Arthur Conklin, professor at the University of Houston, says the government has to be careful where it draws the line on severity and consequences.

“There is no doubt that any foreign country meddling in other country’s elections is a serious political issue,” he says. “As far cyber consequences and cyber issues, for instance, that’s a different kind of response.”

The U.S. has a set of principles that inform policymakers on how to retaliate on attacks on the country, Conklin says, but using cyber weaponry is another issue.

“We have a lot at risk if we want to start that sort of game,” Conklin says. “Then we run the risk of unintended consequences conflating issue A with issue B with issue C – and next thing you know we just suddenly hurt our economy or hurt innocent people in the midst of it. ”

Post by Beth Cortez-Neavel.