Read the original article: The Puzzle of the GRU Indictment
It’s about two weeks before the 2020 presidential election. According to a bipartisan report released by the Senate Intelligence Committee, Russia engaged in “an aggressive, multifaceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election.” And in the words of the FBI director, Russia is engaged in “very active efforts … to influence our election in 2020.” Unsurprisingly, three-quarters of Americans are “somewhat concerned about interference, whether in the form of tampering with voting systems and election results, stealing data from campaigns, or influencing the candidates themselves or the way voters think about them,” and half are “extremely” or “very” concerned.
And so, at this propitious moment, the Justice Department decides to hold a self-congratulatory press conference to scare the American people even more about Russian capabilities and intentions while at the same time unequivocally signaling its inability to stop Russian cyber actions. I am speaking, of course, of the announcement on Oct. 19 of federal indictments against six officers in the GRU (Russia’s military intelligence agency) for cyberattacks from 2015-2019 against the Olympics in South Korea, a French presidential election, Ukrainian infrastructure and (among other things) the NotPetya attacks on numerous companies around the globe. These indictments were unusual because they focused primarily on damage outside the United States from Russian cyber operations. But in other respects they were all too typical.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said National Security Division chief John Demers. He added that the Russian officers conducted “the most disruptive and destructive series of computer attacks ever attributed to a single group”—the same group, by the way, that interfered in the 2016 election. “Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” echoed FBI Deputy Director David Bowdich in a press release.
So one message the indictment sends is that Russia is indeed bent on using its cyber-capabilities to wreak havoc around the world. There is little news here—the actions subject to indictment had long been unofficially attributed to Russia. But perhaps the detailed conclusory allegations in the indictments aimed to make the Russia threat yet more credible—as if the public needed more credible information on that score.
Another message that comes through crystal clear is the Justice Department’s inability to stop or even slow these activities. Across two administrations and over the course of six years, the department has been issuing indictments against Russian, Iranian, North Korean and Chinese officials (or state agents) for their destructive cyber actions from abroad. Not one (to my knowledge) has resulted in prosecution. And yet Justice Department officials continue to hold these press conferences, describe the cyber threats in dire terms, crow about attribution capabilities and tout the indictments, even while the attacks grow and grow.
What is the point? In a word: attribution. The Washington Post reported, based on a briefing following the press conference with several Justice Department officials, that “the indictment was not a specific warning to Moscow to avoid interfering in this year’s election,” but that it was meant to serve as a “‘general’ warning that such activities are not deniable.” Or as Bowdich noted: “[T]his indictment … highlights the FBI’s capabilities. We have the tools to investigate these malicious malware attacks, identify the perpetrators[.]”
But this warning and highlight are not news, at least not to the sponsors of the attacks. The United States has for six years been playing up its extraordinary intelligence capacity to attribute malicious cyber operations. And for six years the attacks have grown worse. As President Obama said in December 2016: “The idea that somehow public shaming is going to be effective, I think doesn’t read the thought process in Russia very well.”
Bowdich added that the indictments also show that the Justice Department can “impose risks and consequences” on the alleged criminals. These risks and consequences are mainly that the named foreign officials cannot travel outside their countries, or they will surely be arrested. This is not nothing. But it is not much when, on the other side, Russia throws its cyber weight around globally, causes billions of dollars in “unprecedented damage,” and seems not to be deterred one bit by the indictments. Whether Russia is actually deterred at the margins is, of course, impossible to know. But the message here is of U.S. weakness in the face of a Russian cyber onslaught—a message that potential third-party adversaries clearly absorb.
This signal of weakness is part of a pattern. “In the past three months alone, the department has charged computer intrusions or taken legal action related to the activities of China, Iran, and North Korea,” said Demers. “Each of these cases charged significant and malicious conduct that we have called out in part to reinforce norms of responsible nation state behavior in cyberspace.” The raft of charges without legal consequences in the face of persistent and destructive cyberoperations does not reinforce norms—it highlights that norms do not work here. “Time and again, Russia has made it clear they will not abide by accepted norms, and instead, they intend to continue their destructive and destabilizing cyber behavior,” said Bowdich. What Russia has made clear is either that there are no “accepted norms,” or at least that the norms can be thrashed without consequence.
The press conference featured more self-congratulations. “These criminals underestimated the power of shared intelligence, resources and expertise through law enforcement, private sector and international partnerships,” said FBI Pittsbu
[…]
Read the original article: The Puzzle of the GRU Indictment