After a half-century of closely observing how our adversaries surreptitiously collect intelligence on the United States and our friends across the globe, few espionage operations trouble me more than the recent Russian cyber attack on our federal agencies. Not only is this one of the largest and most potentially damaging hacks of all time, but it represents a dangerous escalation in the spy v. spy struggle in which the intelligence world has engaged for decades. How President-elect Biden responds will complicate his opening days and possibly define his legacy.
The outlines of the Russian attack are starting to reveal themselves and serve as a wake-up call for all. As the U.S. Cybersecurity and Infrastructure Security Agency has warned, hackers who pose “a grave risk to the federal government” attacked the SolarWinds IT management software suite in March 2020. Malware was then installed by more than 17,000 customers, SolarWinds reported, including some of our most sensitive federal agencies. The list of victims includes the State Department, Homeland Security, Energy, Treasury and on and on.
The news should have stunned no one. Since the end of World War II, Russia’s intelligence assault against the U.S. has been unrelenting. During the Trump era, the Russians have felt even more unconstrained. Following its galling 2016 interference in the U.S. elections, Russia has sought to disrupt the internal affairs and elections of other Western countries, including Great Britain, the Czech Republic, France, Germany, Greece, Italy, Montenegro, Norway and Spain. The assaults have taken the form of cyber attacks, disinformation campaigns, funding for pro-Russian parties, and direct election interference. Recent criminal indictments and intelligence assessments suggest that Russia sought to continue its meddling in both the 2018 and the 2020 American elections, albeit on a smaller scale.
While weaponizing communications technologies, engaging in illicit financial schemes, and employing asymmetrical, anonymized strategies to sow chaos, Russia has made strange alliances with non-state actors. Some, focused on disinformation, are well-known — such as WikiLeaks and the now infamous Internet Research Agency. Others are more obscure, according to news reports and analyses from subject matter experts.
In one case, a well-known ally of Russian President Vladimir PutinVladimir Vladimirovich PutinUkrainian president praises Biden for reaffirming US support The pitfalls of Russia's plan to rewrite history in Ukraine Kazakhstan's crackdown is a frightening formula for authoritarians MORE, Yevgeny Prigozhin, known as “Putin’s chef,” reportedly financed private militias in Syria. The news media and intelligence pundits also report that Russian intelligence controls Sci-Hub, the illegal platform that many academics use to gain free access to scientific papers that otherwise require university and academic subscriptions. As reported by the media, the founder of Sci-Hub is under scrutiny “on suspicion that she may also be working with Russian intelligence to steal U.S. military secrets from defense contractors.” Furthermore, there are recent reports of Russian cyber attacks on U.S. hospitals researching COVID-19 and treating patients. Russia has targeted our elections, our military, our alliances, our schools, and even our pandemic response.
Biden needs to dramatically expand our intelligence programs targeting Russia and its S.V.R. spy agency. This renewed effort should include espionage, counterintelligence and, yes, covert action. We are way past the time of shooting a metaphorical cyber-tomahawk into an empty desert to send Putin a strong message. President-elect Biden needs to thwart Russian intelligence efforts in real time. Second, we need to increase our sub rosa dialogue to encourage the Russians to re-think their relentless intelligence assault. This dialogue should happen at the spy-to-spy and diplomat-to-diplomat level.
The Russians have crassly broken the unspoken rules of the road. They have moved from intelligence collection to all-out attacks on our democratic system. The 2016 election hacks show that the Russians are in a position to weaponize the knowledge gleaned from the SolarWinds hack today. Should they act on this capability and shut down our power grid, or go directly after our defense systems, this tit-for-tat response would be highly dangerous. Our cyber operations would transform into cyber warfare overnight.
Jack Devine served as the CIA’s acting director of operations and associate director of operations from 1995 to 1996. He led the covert-action operation that drove the Russians out of Afghanistan. Today, he is a founding partner and president of The Arkin Group. He is the author of “Good Hunting: An American Spymaster’s Story” and “Spymaster’s Prism: The Fight against Russian Aggression,” which will be published in March 2021.