Is Russia Trying to Hack American Politics? Picks of the Week
Powell emails were leaked on a site linked to the Russian government | The Washington Post
World Doping Agency Says Russian Hackers Stole Medical Records of Olympic Athletes | The Wall Street Journal
How the next President can get cybersecurity right | Passcode
The latest edition of the (almost) weekly hacks that appeared on the front pages of the newspapers this week featured the personal emails of former Secretary of State Colin Powell and the medical records of US and other Olympic athletes, both of which have been confirmed as authentic.
The World Anti-Doping Agency’s (WADA) breach, in particular, appears to be the latest in a string of hacks by the Russian government, which has allegedly been using proxy hackers to target numerous US government agencies, political organizations, and other perceived adversaries in an attempt to undermine confidence in the US electoral system and in the integrity of the democratic process. WADA said that US law enforcement officials were able to trace this breach to a group of hackers known as Tsar Team (Fancy Bear), and that the group had illegally gained access via an International Olympic Committee (IOC)-created account.
This latest episode may have been payback for IOC’s decision to ban numerous Russian athletes from the 2016 Rio Olympics and Paralympic in the wake of a doping scandal that cast a shadow on the country’s sporting establishment. The hackers claimed that the documents posted on the website of Fancy Bear showed the use of performance-enhancing drugs by top U.S. athletes, though they acknowledged the athletes didn’t break any rules.
Many cybersecurity and political experts have connected the WADA breach to various previous hacks, including those of the Democratic National Committee, the White House, the US State Department, and the US Joint Chiefs of Staff (although no public attribution has been made yet). Russian officials have denied involvement in the various hacks that the experts believe to be sponsored by Russian intelligence organizations. Analysts said to have also linked Secretary Powell’s disclosures to the same hacker group Fancy Bear, although it has to be noted that similar hacks have been carried out by mischievous teens in the past.
As I have stated before, if the recent cyber intrusions were indeed orchestrated by the Kremlin, it would be a whole new level of involvement by a foreign power in the US political system. The notion that a foreign country or third party can deliberately manipulate the American political process with targeted data breaches is both disturbing and dangerous, and it would open a new front in information warfare that could fundamentally change the value of data for national security. These hacks imperil the political process and could also yield data that can be used for other crimes as well: profiling, blackmailing, and even terrorist activity.
The next President of the United States will need to prioritize cybersecurity to protect and defend US government agencies and other critical sectors. In a new book out this week, Larry Clinton argues that the next President should make a more aggressive use of the “cybersecurity social contract” model, which finds its origins in the impasse between a previous hands-off government approach that relied on market forces to compel businesses to improve their digital defenses and the surge in recent years of cybersecurity regulations, compliance standards, and penalties for noncompliance. The cybersecurity social contract model “recognizes that regulators can’t keep up with the fast pace of development in cybersecurity technology let alone the evolution of digital threats” and instead it “ensures more industry and government collaboration for sharing information to confront malicious hackers.” The new book includes a trove of strategic and operational recommendations for the next administration to address cybersecurity. In particular, Mr. Clinton also offers 12 specific steps for the new administration to work on collaboratively with the private sector by using the cybersecurity social contract model more actively. If we are to deter and mitigate future hacks successfully, this collaboration should begin sooner rather than later.
– Senior Fellow for Cyber Leadership Francesca Spidalieri