In yet another demonstration of Russia's sophisticated and extensive online espionage efforts, The Washington Post reports that the State Department, Department of Homeland Security, National Institutes of Health, Treasury Department, and Department of Commerce were among the targets in a massive breach of U.S. government networks successfully engineered by Russian state hackers. It seems almost certain that other agencies will still join that list.
All of this, however, is so far being played off as the "normal" back-and-forth of espionage, a game that the United States itself plays with vigor. It does not appear that Russian agents were looking for anything in particular, instead creating a low-profile and difficult-to-discover backdoor into numerous U.S. agencies so that they could poke around and learn what they could. But it was far more sophisticated than the 2016 phishing attacks targeting Democratic National Committee servers, "weaponizing" network management programs by SolarWinds, a company whose products are used throughout government.
The discovery of the hacks comes about one month after Donald Trump's firing of the nation's top cybersecurity official: Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, was fired shortly after the election after he publicly contradicted Trump's fact-free conspiracy claims of widespread election fraud. It also comes after four years of Donald Trump refusing to condemn Russian aggression toward the United States no matter how blatant—even when that aggression manifested as a bounty program promising foreign fighters cash for the killing of U.S. soldiers.
In perhaps a sign of Russian government priorities, the string of hacks also reportedly targeted U.S. oil and gas companies. As oil-fueled kleptocracy, the alliance of Russian oligarchs around Putin would benefit greatly from inside information on the status of key competitors.
Russian espionage efforts have only gotten more sophisticated and brazen in recent years, and among the next administration's top national security priorities will be deciding how to respond. The 2016 election hacks went far beyond "normal" espionage, but were active measures intended to inflict serious damage on democracy itself via injections of hoaxes, misinformation, and corrupt bargains with this nation's own kleptocrats. Trump protected those efforts, and Trump's allies mounted a years-long campaign attempting to discredit and punish U.S. institutions that discovered and reported them.
We will likely never hear of retaliatory tit-for-tat measures intended to respond to this newest bit of surreptitious hacking, because that is how the game is played. A fuller response to Russian's aggressive attacks on this democracy and others around the world, however, still needs to be formulated.