SAN FRANCISCO—Investigations into the extent and impact of Russia’s hacking and disinformation campaigns aimed at impacting the U.S. elections will likely keep Congress busy for much of the year, three Congressional staffers told attendees at the RSA Security Conference on Feb. 14.
During a session focused on Congressional priorities—which took even greater significance with the resignation of National Security Advisor Michael Flynn the day before—Michael Bahar, Minority Staff Director and General Counsel for the U.S. House Permanent Select Committee on Intelligence, told attendees that the issue of what Russia did will consume Congress for months.
“One of the big priorities, of course, and especially in the House Intelligence Committee, is what just happened,” he said. “Not only what just happened, but how did it happen and how do we make sure that it doesn’t happen again.”
Cyber-security has become a major focus for the United States following the elections and the U.S. intelligence community’s conclusion that Russian actively conducted operations with an aim to impact the results in the favor of the victor, President Donald Trump. While no evidence points to the hacking of voting machines, Russian operatives hacked the Clinton campaign and the Democratic National Convention, leaking e-mails.
With Flynn’s resignation, Russia’s cyber-operations garnered plenty of attention at the conference here. Bahar stressed, however, that other important cyber-security issues face Congress as well. At the end of the year, Section 702 of the Foreign Intelligence Surveillance Act, which gives the U.S. government the ability to keep foreigners outside the United States under surveillance, is set to expire. Congress must reauthorize FISA by the end of the year, which given past privacy concerns, will likely lead to a heated debate.
With the elections over, however, the greater question is how to prevent cyber-campaigns, like Russia’s, from disrupting U.S. elections in the future. To effectively hold its adversaries at bay, the United States needs to come up with a policy of deterrence in the information space, Daniel Lerner, a professional staff member with the U.S. Senate Committee on Armed Services, told attendees.
“You can deter [our adversaries] by denying or by imposing consequences, and we have done a pretty poor job of denying,” Lerner said. However, the U.S. attempts to impose sanctions have had little impact, either. “The consequences [we’ve levied] have been pretty inconsequential,” he said.
For deterrence to work, intelligence agencies have to positively identify the attackers and then find a way to punish the perpetrator, Brendan Shields, Staff Director for the U.S. House of Representatives Committee on Homeland Security, told attendees.
“How are we going to make that country think twice,” he said. “If someone does something to you and you do not respond appropriately, you are allowing them to do it to you again.”
Congress wants to get more guidance from the executive branch on their strategy on deterrence, Lerner said.
“The status quo is insufficient,” he said. “[The] Russia [incident] provides that opportunity for us to look introspectively and understand what the future has to hold for this new domain of warfare.”
One problem facing the U.S. government is which agencies should be responsible for the various facets of securing the nation’s information infrastructure, defending against attacks, identifying adversaries and conducting operations against other nations. The panelists acknowledged that agencies tend to compete over various responsibilities and that weakens the nation’s response as a whole.
The question of how to move from intelligence capabilities to military capabilities to homeland-security capabilities is not just an academic question, Lerner said.
“Our adversaries in cyberspace will seek to exploit those seams between the authorities that we have in the United States,” he said.
With Flynn’s resignation for talking to a Russian diplomat, the investigation into the country’s activities against the United State will likely only heat up.
“Flynn is not the end of the inquiry,” Bahar told reporters after the session. “It’s just beginning.”