Biden must be firm, but measured, in his message to Putin on cyberattacks
The relationship between the United States and Russia historically has alternated between great expectations and blanket condemnation. From the alliance with the Soviet Union during World War II to the Cold War to détente, to glasnost and perestroika, to Boris Yeltsin and Bill Clinton, to reset, to the present adversarial approach each nation takes toward the other, there has been no lasting equilibrium. Achieving equilibrium, or at least an understanding, between President Biden and President Putin will not come easily — or at all, unless the issue of Russian-supported cyberattacks on the U.S. is addressed.
While the parallels are far from exact, there are certain similarities with regard to the present U.S.-Russia confrontation and the Cuban missile crisis, which pitted the U.S. against the Soviet Union in 1962. Then, the Soviets under the leadership of Nikita Khrushchev, who was First Secretary of the Communist Party of the Soviet Union, challenged the new American president, John F. Kennedy, by attempting to install nuclear weapons in Cuba.
This threat was viewed as a direct challenge to U.S. security, and President Kennedy let Khrushchev know that it would not be tolerated. Disaster was avoided because the president was firm but measured in his response. He set up a naval blockade against Russian ships attempting to offload material to Cuba that would have allowed them to build a nuclear arsenal there, and he warned his Russian counterpart of his intentions to do whatever was necessary to halt Russian actions in Cuba. The situation eventually was resolved and war was averted. President Kennedy was challenged by the Russians, and he let them know that American security was sacrosanct. The leaders came to an understanding and forged an uneasy truce over further escalation with regard to having Soviet missiles in the Western Hemisphere.
President Biden is now being challenged by Vladimir Putin, who is using cyber weapons instead of nuclear missiles against the U.S. These attacks do not raise the blood pressure of American leaders and the American people in the same way that a nuclear strike would, but they are a direct threat to U.S. security. FBI Director Christopher Wray compared the recent spate of cyber attacks to the 9/11 terrorist attacks.
The Biden administration has taken action, retaliating with targeted sanctions and a building of defensive capability against cyberattacks. Sanctions were imposed in April in response to the SolarWinds hacking attack, among other things, which hit the U.S. government and private sector last year. Unlike the more recent attacks on Colonial Pipeline and JBS meat processing company, which are being attributed to Russian criminal gangs, the Biden administration blamed the Russian government for SolarWinds, specifically the Russian intelligence agency S.V.R. National security adviser Jake Sullivan has said that the U.S. is prepared to respond to these attacks through measures “seen and unseen,” which reflects what then-Vice President Biden said in 2016 in response to Russian interference with the U.S. presidential election.
In May, Biden signed an executive order to improve the nation’s cybersecurity and U.S. government networks. In addition, Anne Neuberger, the deputy National Security Council point person on cyber issues, recently sent a letter to U.S. corporate leaders, asking them to bolster their defenses against cyberattacks. Responding to Russian-connected cyberattacks requires a defensive component that is a partnership between government and the private sector.
The other dimension of defending against and responding to criminal attacks is thwarting the payment of ransoms. Tracing cryptocurrency payments is complicated, but the U.S. Department of Justice (DOJ), leading a governmental task force, recently recovered $2 million in the ransom paid by Colonial Pipeline to DarkSide, the Russian criminal gang that hacked it. As Deputy Attorney General Lisa Monaco said when announcing the DOJ ransom recovery, it still makes sense to “follow the money.” In addition, Sullivan has indicated that ransomware and cryptocurrency should be addressed by the G7.
Unfortunately, these efforts, defensive and offensive — seen and unseen — may not be enough to stop the Russian government from initiating and supporting, or at the very least, turning a blind eye to criminal attacks. There needs to be a clear message from President Biden to President Putin that this threat to U.S. national security will not be tolerated. The U.S. is fortunate to have a president who has more experience dealing with Russia than any of his predecessors. From the time he was in the Senate, throughout his tenure as vice president, to his most recent engagement with Putin, President Biden has a deep understanding of Russia and can deliver the message in a way that is neither passive nor incendiary but effective.
As President Kennedy did with Khrushchev during the Cuban missile crisis, the tone must be strong without inciting a war. The president and his team repeatedly have said the United States is back — and there should be no doubt that this is the message that will be delivered to President Putin in general and, in particular, on Russian-supported cyberattacks.
William Danvers is an adjunct professor at George Washington University’s Elliott School and worked on national security issues for the Clinton and Obama administrations.