Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage

Tuesday, April 20, 2021

Categories: ASCF News Cyber Security

Comments: 0

im-326226

WASHINGTON—President Biden’s decision this week to punish Russia for the SolarWinds hack broke with years of U.S. foreign policy that has tolerated cyber espionage as an acceptable form of 21st century spycraft, analysts and former officials said.

In announcing a suite of punitive measures against Moscow, including financial sanctions and diplomatic expulsions, the White House made clear its actions were in response to “the full scope of Russia’s harmful foreign activities.”

The administration specifically highlighted what it said was Russia’s yearslong meddling in U.S. elections. It also said U.S. intelligence had “high confidence” that Russia’s foreign intelligence service, the SVR, was behind last year’s SolarWinds hack, which compromised at least nine federal agencies and about 100 private-sector organizations.

The administration said both campaigns were unacceptable and demanding of a forceful response.

The U.S. has punished Russia for election interference in the past, notably after its multipronged operations during the 2016 election. But previous administrations typically refrained from retaliating for cyber intrusions they classified as political espionage—no matter how broad or successful—in part because the U.S. and its allies regularly engage in similar conduct, current and former officials said.

Both the Obama and Trump administrations sought to forge international agreement that cyberattacks that stole intellectual property, damaged computer systems or interfered in elections were out of bounds—while generally accepting espionage as fair play. In 2015, for example, after the U.S. learned the Chinese had ransacked the federal government’s personnel files and made off with sensitive records on more than 20 million Americans, James Clapper, then the director of national intelligence in the Obama administration, paid begrudging respect.

“You have to kind of salute the Chinese for what they did,” Mr. Clapper said at the time. “If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

Western intelligence operations have also launched large cyber espionage operations against foreign private sectors, as the SolarWinds hack did, said Thomas Rid, an expert on Russian cyber operations and a professor at Johns Hopkins University.

Some U.S. officials advised the Biden administration not to justify sanctions specifically on the SolarWinds operation, as that move could open up the U.S. to foreign censure for its own activities, said people familiar with the situation.

“The hard question therefore is this: How was SolarWinds different from high-end Five Eyes intelligence operations?” asked Mr. Rid, referring to the name used for a cadre of Western intelligence powers.

Administration officials deemed the SolarWinds hack beyond the boundaries of acceptable cyber operations because of its scope and scale. A senior administration official said Thursday the retaliation was additionally justified because the burden of repairing the damage largely fell on private companies and because Russia had shown in the past it can turn an espionage operation into something more destructive.

“The speed with which an actor can move from espionage to degrading or disrupting a network is at the blink of an eye, and a defender cannot move at that speed,” the official said. “And given the history of Russia’s malicious activity in cyberspace and their reckless behavior in cyberspace, that was a key concern.”

Many Democrats, including Senate Majority Leader Chuck Schumer of New York, as well as Republicans praised the actions Mr. Biden took Thursday, and urged him to be even more forceful.

Others, however, were less sanguine. Rep. Jim Langevin (D., R.I.), a leading cybersecurity voice in Congress who generally praised Mr. Biden’s actions against Russia, said the sanctions slapped on the SVR for the SolarWinds hack needed more explanation.

“The SolarWinds incident that the administration today attributed to the SVR has had all the trappings of traditional espionage that, while unfortunate, has not historically been outside the bounds of responsible state behavior,” Mr. Langevin said. Mr. Biden and Secretary of State Antony Blinken should “explain the contours of their new policy,” Mr. Langevin said.

Chris Painter, a top cybersecurity official at the State Department during the Obama administration, said that the administration’s argument was unpersuasive.

“Most intrusions can be used for destructive ends,” Mr. Painter said. Even if the attack was purely espionage, though, the U.S. is still within its rights to react “not to enforce a global norm but to demonstrate displeasure,” he said.

In an analysis for the national security blog Lawfare, Bobby Chesney, a national security law professor at the University of Texas, said the Biden administration had not declared all cyber espionage is off limits. Rather, in announcing its response to Russia, the administration outlined a vague matrix of conditions that, if met, could elevate certain “malicious cyber activities” to a level that warranted retaliation, he wrote.

“Is it clear that there is an answer to the question of what line SolarWinds crossed?” Mr. Chesney asked. “Not really.”

Photo: The Austin, Texas, headquarters of SolarWinds Corp., whose software was exploited by Russia to break into scores of computer networks at government agencies and companies.
PHOTO: SUZANNE CORDEIRO/AGENCE FRANCE-PRESSE/GETTY IMAGES

Link: https://www.wsj.com/articles/in-punishing-russia-for-solarwinds-biden-upends-u-s-convention-on-cyber-espionage-11618651800

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.