President Joe Biden on Friday again told Russian strongman Vladimir Putin that he wants those cyberattacks to cease, but it’s obvious Washington won’t get results until it does more than threaten vague consequences.
“Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” the White House claimed. Press Secretary Jen Psaki said, “This is the first time . . . that there has been this level of engagement at this level.”
Huh? What about Biden’s supposedly tough threat at last month’s summit in Geneva, when he listed 16 areas where attacks would prompt an immediate response?
Hmm. The Russian hackers behind the attack on meat-processor JBS have gone on to launch hundreds of cyberassaults around the world since Geneva, some clearly crossing Biden’s red line — and Biden’s response is a stern phone call? Putin must be quaking in the Kremlin basement!
Then again, Biden did nothing about the JBS and USAID attacks, each likely undertaken by Kremlin-linked groups, before Geneva. And his July 3 answer to more recent attacks was to . . . order his aides to find out for sure if they came from Russia while insisting he’d “respond” if certain that another cyberassault hit “either with the knowledge of and/or consequence of Russia.”
This, when the Russia-based hacker gang REvil (already fingered in the JBS holdup, which sent US meat prices skyrocketing) has taken credit for the ransomware attack on a Florida IT firm, demanding $70 million in bitcoin to return the data of hundreds of small businesses.
Biden’s main argument at Geneva — focusing on the May attack by Russia’s DarkSide group on Colonial Pipeline that triggered a gas shortage all along the East Coast until the company paid a $4.4 million ransom — was to ask Putin “how he’d feel if ransomware took over his pipelines.” Weak sauce.
Meanwhile, pre-Geneva, Biden actually waived sanctions on Moscow’s Nord Stream 2 pipeline to Germany. Oh, and sent back to Russia the diplomats he’d pulled in response to an earlier ransomware attack by an outfit linked to Russian intelligence.
New York’s Rep. John Katko, the top Republican on the House Homeland Security Committee, warned last week that “we’re facing a moment of reckoning when it comes to [cyber] deterrence. Adversaries like Russia are creating safe havens for bad actors and we must project strength.”
Right now, Putin plainly thinks Biden is all talk. But he can be deterred: In the Trump years, action by the National Security Agency’s US Cyber Command led to minimal Russian cyber-interference in the 2018 and 2020 elections, in the latter case via a direct, credible threat to Russia’s energy grid, as John Herbst and Jeffrey Stacey report at The National Interest.
US cyberwarriors under Army Gen. Paul Nakasone, they write, “could go after every single [Russian state] hacker and proxy group hacker (taking them offline for a prolonged period and sanctioning them), major Russian firms operating in rogue states (such as Rosneft in Venezuela), key Russian energy and transport infrastructure, and sizable business firms vital to Russia’s trade balance.”
Biden needs to quit talking tough while hiding behind the inevitable uncertainties of cyberwarfare and order Nakasone to fight back.