U.S. Cyber War Against Russia Without The President’s Knowledge?
A new report in The New York Times raises both national security and Constitutional concerns.
The New York Times is out with an eyebrow-raising potentially blockbuster report about an alleged American program to place malware inside places such as Russia’s power grid, but the most disturbing thing about the report is the questions it raises about how the Federal Government is operating in the Trump Era:
WASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.
In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.
Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from the Department of Homeland Security and the F.B.I. that Russia has inserted malware that could sabotage American power plants, oil and gas pipelines, or water supplies in any future conflict with the United States.
But it also carries significant risk of escalating the daily digital Cold War between Washington and Moscow.
The administration declined to describe specific actions it was taking under the new authorities, which were granted separately by the White House and Congress last year to United States Cyber Command, the arm of the Pentagon that runs the military’s offensive and defensive operations in the online world.
But in a public appearance on Tuesday, President Trump’s national security adviser, John R. Bolton, said the United States was now taking a broader view of potential digital targets as part of an effort “to say to Russia, or anybody else that’s engaged in cyberoperations against us, ‘You will pay a price.'”
Power grids have been a low-intensity battleground for years.
Since at least 2012, current and former officials say, the United States has put reconnaissance probes into the control systems of the Russian electric grid.
But now the American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.
The commander of United States Cyber Command, Gen. Paul M. Nakasone, has been outspoken about the need to “defend forward” deep in an adversary’s networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it
“They don’t fear us,” he told the Senate a year ago during his confirmation hearings.
But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.
Mr. Trump issued new authorities to Cyber Command last summer, in a still-classified document known as National Security Presidential Memoranda 13, giving General Nakasone far more leeway to conduct offensive online operations without receiving presidential approval.
But the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of “clandestine military activity” in cyberspace, to “deter, safeguard or defend against attacks or malicious cyberactivities against the United States.”Under the law, those actions can now be authorized by the defense secretary without special presidential approval.
“It has gotten far, far more aggressive over the past year,” one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. “We are doing things at a scale that we never contemplated a few years ago.”
The critical question — impossible to know without access to the classified details of the operation — is how deep into the Russian grid the United States has bored. Only then will it be clear whether it would be possible to plunge Russia into darkness or cripple its military — a question that may not be answerable until the code is activated.
This part of the article raises some rather obvious concerns about where the future direction of warfare might be headed and the extent to which this new form of what amounts to warfare could spin out of control without the ability of civilian authorities to control it. Even taking into account the fact that Russia and other nations have apparently been trying to undertake programs such as this in the past, even preparing for an attack on a nation’s power grid raises the prospect of retaliation that, quite honestly, could do far more damage to the United States or Western Europe than it likely would to Russia or China. Imagine living in the United States without power for months at a time, whether in the winter or the summer, and what that could mean for a breakdown in the ability of civilian authorities to keep the peace, especially in major cities. Potentially, this form of warfare could be as devastating as a nuclear attack, which makes the fact that it is happening in secret and in a manner that potentially could spin out of control
Getting beyond the dangers of unconstrained, secret, and unregulated cyber warfare, though, the Times article raises another, far more serious, concern:
Two administration officials said they believed Mr. Trump had not been briefed in any detail about the steps to place “implants” — software code that can be used for surveillance or attack — inside the Russian grid.
Pentagon and intelligence officials described broad hesitation to go into detail with Mr. Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister.
Because the new law defines the actions in cyberspace as akin to traditional military activity on the ground, in the air or at sea, no such briefing would be necessary, they added.
As much as I dislike and distrust President Trump, the idea that the CIA or military is hiding information from the President, as implied in the report, is disturbing from an institutional and Constitutional point of view. The President is the head of the government and that head of state, As such, the intelligence agencies and military are beneath him in the line of succession and they have an obligation to make sure he’s fully briefed about what those agencies are doing. To be sure, there are times when the President is not fully briefed on operations so as to shield him from knowledge of certain events. This is where we get the concept of “deniability,” although as we learned in the Iran/Contra Scandal, that concept can be carried to dangerous extremes. Additionally, it isn’t always necessary for a President to be fully informed about the “sources and methods” used to obtain intelligence. Undertaking an operation such as this against Russia, China, or any other nation without the knowledge of the President and, I might add Congress, raises serious Constitutional concerns.
To be fair, it does appear from the Times report that at least some of the cyber activities that are being undertaken are being done pursuant to Presidential directive and/or Congressional delegation as part of the most recently passed defense budget. However, the fact that defense and intelligence officials seem to be withholding information from the President because they don’t trust him to keep it secret is concerning. It isn’t the job of civilians in the intelligence community or civilians or military officers to decide what operations to undertake, and that is especially true when it comes to something such as what is described in the Times report. At the very least this is something that deserves, and calls for, further investigation.
So Trump is…confirming that he’s in the dark?
When this came up on the open thread, someone pointed out that it may be more than just simply taking action without the President’s knowledge (but with explicit congressional approval). The poster speculated that it may have been leaked to make it difficult for Trump to cancel the program if and when he found out.
While I agree that this is very dangerous for our system of governance I don’t agree that means it’s not the best action in a bad situation. Trump is a traitor, at best a Russian stooge but most likely a willing Russian agent. The Republicans in Congress are little more than traitorous quislings themselves, willing to turn a blind eye and let the country go down the toilet in order to protect their own perks and privileges. It’s really not an option for those who are protecting the nation to play pretend and act like it’s not happening.
Well, of course Trump is in the dark about this. And he’s enraged and humiliated that he is, so he has to lash out at the NYT for reporting “fake news.”
While the command and control issues raise some concerns, I have to say I’m somewhat baffled by the “OMG, what if they retaliate?” take on this.
Russia is already attacking us, to the point of open interference in our elections. We’re already well beyond the point where the issue is less whether we might trigger retaliations than it is our own failure to retaliate is increasingly encouraging attacks on our infrastructure because it’s seen as having no cost to the attackers.
@Teve:
How can it be treason to reveal it if it’s made up?
There was already an incident where Trump told Russian officials classified Intel that he shouldn’t have, so we should all be glad if they’re keeping him out of the loop on this.
@Teve:
Undermining civilian control of the military by establishing a culture where the military gets to decide what orders it feels like following will end up causing far more damage to our country.
Trump may also simply not understand what he has been told, and no one has explained it in little terms.
Malware has to be put in place, and maintained, in order for it to be available should we need to activate it. Is this an attack? Well, kind of… But it could also be described as preparation and planning. Trump may know about the latter, not the former, despite the latter and the former being the same thing.
Leave the dottering old man confused by computers, so he cannot object.
Since this happened in 2018, it is clearly a Republican agenda and reflects the values of the administration and Republican party leaders, if not the rank and file of the party. The fact that it seems that the authorizing statutes function as an end-around of administration control and specifically undermine the role of the President as Commander in Chief demonstrates that Republicans are trying to address a dysfunction within their own party structure. Sadly, the fact that the actions that they have taken will only make matters worse and the dysfunction more damaging only reinforces that Republicans are incompetent to govern.
War is too important to be left up to the generals.
@Stormy Dragon: United States Cyber Command has been given increasing authority to do offensive things without getting an explicit okay from the White House, and I believe part of this authorization came in the form of a secret national Security executive order by Trump himself a couple of years ago. so they’ve been authorized by the executive branch to do what they’re doing, they’re just not giving Trump the details because like it or not he is a national security threat.
Modern warfare pushes all advanced nations in this direction. Still, what we really should be doing is helping to harden American targets. I suspect that many of the same closely guarded zero-day exploits are being jealously guarded by various cyber intelligence agencies. The advantage goes to the first willing to use a particular exploit, and that typically means black-hat hackers and organised crime.
Not so terribly long ago, it came to light that soldiers were giving away interesting information by simply tracking their jogging sessions while wearing sports watches. I easily imagine the NSA realising this but deciding that tracking adversaries was worth more than comprising American lives.
I don’t think that’s the only concerning thing about the report, Doug. If true (about which I have my doubts), that the actions go back to 2012 is pretty concerning, too. Were these actions with or without the knowledge and authorization of the president?
the untold story of notpetya, the most devastating cyber-attack in the world
@Stormy Dragon:
To be clear that’s not what has been reported here. According to the Times, congress passed legislation authorizing the military command to engage in offensive action at their level, i.e. not requiring presidential authorization. According to the report they exercised that authority without informing the president, and then it appears deliberately leaked that to the press.
To me, there are two astounding things about this. The first is that there must be Republicans who have accepted that Trump is passing secrets onto the Russians. We know this because that bill needed Republican votes to pass. But despite being willing to block this traitor behind closed doors they still refuse to confront him publicly.
The second is that there are clear eyed people in the military chain of command that recognize Trump as a traitor and are willing to take action to protect the nation from him and his controllers. A military acting against a traitor is usually a good thing, but a military acting against a president is a bad thing. We now have our military in an impossible situation.
Doug, in a certain sense we’ve been here already for decades. The President has had the theoretical authority to launch nuclear attacks at will, within minutes. And I’m sure that US nuclear plans have assumed a decapitation strike against the President (and the Pentagon) for decades now.