A Friday briefing on the Russian hack into “SolarWinds” networking software on government sites left members of Congress frustrated as officials shared less information than what was already available from public sources. Meanwhile Donald Trump has finally mentioned Russia on Twitter, except it wasn’t to admit to Russia’s massive hack into federal systems, or even to finally condemn Russia’s paying bounties for the murder of American soldiers. Nope. Trump mentioned Russia just so he could expand on past lies about the Mueller investigation. Because that’s still what he considers the most important issue.
On Thursday, it became clear that Russia’s hacking extended into areas of the Energy Department that have custody of America’s nuclear arsenal, as well as critical information about the energy grid. And though the flaw that Russia exploited to gain access to systems guarding some of America’s most highly classified information has supposedly been plugged, it’s very difficult to be sure that Russian agents didn’t leave behind time bombs that can alter critical data. Or back doors that would let them in for more destructive action.
Meanwhile, Trump is standing by to veto a defense bill that contains funding and directives to guard against exactly the sort of cyber threat Russia is currently creating.
Despite it being regarded as “must pass legislation” which is required to keep America’s military operations up and running, Trump has repeatedly threatened to veto the latest defense spending authorization. Trump’s reason? Twitter. Specially, he doesn’t like the way that Twitter has been slapping warnings on his destructive lies that, in the mildest terms possible, inform readers that what he is saying is kind of, sort of, just maybe BS.
As The New York Times reports, that bill doesn’t just contain money that supports the boots on the ground around the world, it features two-dozen anti-hacking proposals approved by a bipartisan commission. Among other things, it would expand the power of the federal government hunt down foreign hackers intruding into U.S. government systems, and it would establish the role of a ”cyberdirector” to coordinate online defenses.
If those tools already existed, the government might be much more effective in clearing out Russian hackers and closing the door firmly behind them. If the rules were already in place, the hacking might not have happened in the first place.
As it stands, Russian intrusions into government systems remained undetected, and unsuspected, until a private firm pointed out a vulnerability that exists in several systems, including that of Texas-based SolarWinds. That firm located the problem after they were hacked by state actors that were also likely Russian intelligence. In the process, Russia stole tools that “white hat” hackers use in protecting systems from their shadier namesakes. That theft is likely to give Russia an advantage in avoiding traps in the future.
At the moment, Trump hasn’t vetoed the defense bill, but that doesn’t mean he’s feeling any more supportive. Instead, Trump is waiting until the last second to affix a big “Nyet” to his Sharpie-scrawl. That makes it far more inconvenient on Congress to override Trump’s veto, because it would mean cutting short a Christmas recess.
As Fareed Zakaria notes at The Washington Post, Russia’s cyber attack was more than just a little poking around. it was “massive, unprecedented and crippling.” Even determining which systems were violated could take years, and even that doesn’t mean those systems are now secure. This isn’t espionage, it’s “hybrid warfare” in which Russia has deliberately invaded and damaged systems in charge of critical infrastructure as well as military assets.
On this subject Trump … remains remarkably silent.