Recent revelations of hacking into Democratic campaign computer systems in an apparent attempt to manipulate the 2016 election is forcing the Obama administration to confront a new question: whether, and how, to retaliate.

Share story

ASPEN, Colo. — It has been an open secret throughout the Obama presidency that world powers have escalated their use of cyberpower. But the recent revelations of hacking into Democratic campaign computer systems in an apparent attempt to manipulate the 2016 election is forcing the White House to confront a new question: whether, and if so how, to retaliate.

The administration has stopped short of publicly accusing the Russian government of President Vladimir Putin of engineering the theft of research and emails from the Democratic National Committee (DNC) and hacking into other campaign computer systems. However, private investigators have identified the suspects, and U.S. intelligence agencies have told the Obama administration they have “high confidence” the Russian government was responsible.

But suspecting such meddling is different from proving it with a certainty sufficient for any U.S. president to order a response.

Even if officials gather the proof, they may not be able to make their evidence public without tipping off Russia, or its proxies in cyberspace, about how deeply the National Security Agency has penetrated that country’s networks. And designing a response that will send a clear message, without prompting escalation or undermining efforts to work with Russia in places like Syria, where Russia is simultaneously an adversary and a partner, is even harder.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks

The Russians tried to make it tougher still Saturday, when they said they had found evidence of U.S. activity in their government systems.

It was not a shocking accusation; anyone who leafed through Edward Snowden’s revelations saw evidence of daily efforts to break into Russian spy agencies, nuclear installations and leadership compounds.

But in a talk late Friday at the Aspen Security Forum, an annual gathering that draws many of the nation’s top intelligence and military officials, CIA Director John Brennan made clear that while spying on each other’s political institutions is fair game, making data public — in true or altered form — to influence an election is a new level of malicious activity, far different from ordinary spy-versus-spy maneuvers.

“When it is determined who is responsible for this,” Brennan said, choosing his words carefully to avoid any direct implication of Russia, there “will be discussions at the highest levels of government about what the right course of action will be. Obviously, interference in the U.S. election process is a very, very serious matter.”

The Russia problem is thorny, and persistent. Four months into his presidency in 2009, President Obama and his top national-security advisers received a warning from U.S. intelligence agencies: Of all the nations targeting America’s computer networks, Russia had the most “robust, longstanding program that combines a patient, multidisciplinary approach to computer network operations with proven access and tradecraft.”

Obama might have been a bit distracted at the time. While setting up his new administration, he was also learning the dark arts of cyberwar, descending into the Situation Room to oversee a complex U.S.-Israeli offensive operation to disable Iran’s nuclear centrifuges. He expressed concern to his aides that the operation would help fuel the escalation of cyberattacks and counterattacks.

The concern was justified. Since then, Iran has attacked Saudi Arabia, Russia has brought down a power grid in Ukraine, the North Koreans have attacked the South. The list gets longer every month.

Deterrence has been spotty. In the DNC case, two senior administration officials spoke on condition of anonymity to discuss the options being considered by midlevel officials, ranging from counter cyberattacks on the FSB and the GRU, two competing Russian spy agencies at the center of the current hacking, to economic, travel and other sanctions aimed at suspected perpetrators.

But each approach has downsides: A counterattack, for example, one senior official said, “brings us to their level, and their moral code.”

But the cost of doing nothing could be high. As the United States and other nations move to more electronic voting systems, the opportunities for mischief rise exponentially. Imagine, for example, a vote as close as the 2000 presidential election between George W. Bush and Al Gore, but with accusations about impossible-to-trace foreign manipulation of the ballots or the vote count, leaving Americans wondering about the validity of the outcome.

For Obama, the president who has done the most to raise alarms about the risks of cyberattacks and the most to build up the U.S. Cyber Command, this territory is fraught with politics, intelligence trade-offs and questions of American values.

“I think that the administration needs to be ironclad on the evidence here to convince the American people that this is about policy, not politics,” said Jason Healey, a scholar at Columbia University who specializes in cyberconflict between nations. “This has got to be about defending a constitutional process, not a party.”

Obama often says the world of cyberconflict is still “the Wild West.” There are no treaties, no international laws, just a patchwork set of emerging “norms” of what constitutes acceptable behavior.

For example, Obama has pressed President Xi Jinping of China to work with the United States and other nations to develop rules about the theft of intellectual property, and about not interfering with a nation’s efforts to bring attacked systems back online.

Attacking another nation’s power grid in peacetime is considered out of bounds. But every new case brings a new way to weaponize cyberpower.

Until November 2014, when North Korea hacked into the computers at Sony Pictures Entertainment in retaliation for a comedy that portrayed a CIA plot to assassinate Kim Jong Un, the country’s leader, no one seriously considered a movie studio to be “critical infrastructure.”

Yet the attack on Sony — which melted down 70 percent of its computing power — was the only case that brought the president to the White House press room to accuse another nation of launching a deliberate cyberattack, and to promise retaliation. Obama said he was driven to go public by the fact that North Korea was trying to suppress free speech and intimidate Americans with threats if they went to the theater.

It is unclear how the United States may have retaliated against the North in secret, if it even did so. But the public punishment, the announcement of some mild economic sanctions, seemed highly ineffective. They were lost in the sea of other sanctions imposed on the North since the signing of the armistice that halted, but did not end, the Korean War 63 years ago.

Yet the decision to name North Korea — a country with which the United States does no other real business — was an outlier.

China was never formally named in the theft of security-clearance files on more than 21 million Americans, revealing fingerprints, personal financial details and personal data about family, friends and former lovers. To James Clapper Jr., director of national intelligence, that wasn’t an “attack,” it was just very good espionage. Given the chance, he said last year, “We would have done the same thing.”

Similarly, the administration decided not to call out Russia when the same intelligence agencies implicated in the DNC attack were believed to be behind the siphoning of tens of thousands of unclassified emails from the systems of the State Department and the White House. There was also a more targeted cyberespionage operation, which investigators attributed to the same actors, aimed at the Joint Chiefs of Staff. But again, it was considered within the bounds of spy versus spy.