by Laura Sanders*
As the presidential election rages on, the Obama administration is quietly considering how to respond to an unprecedented foreign invasion. On October 7, the Obama administration publicly acknowledged for the first time that the Russian government was probably responsible for a cyber attack on the Democratic National Committee (DNC) that resulted in the theft and disclosure of several thousand sensitive emails. Experts have noted that, unlike conventional espionage, the goal of this hack was likely to influence the outcome of the presidential election. In other words, the breach not only represented a material threat to our national cyber security, but also posed a symbolic threat to our democracy and political autonomy.
Given the substantive and symbolic stakes of the DNC breach, the Obama administration faces a difficult task in determining the appropriate response. What type of response would be aggressive enough to deter future hacks and punish Russia for committing this one, but still measured enough to avoid escalating the conflict? In a press conference on October 11, the White House Press Secretary, Josh Earnest, said that the United States’ response would be “proportional,” and mentioned the possibility of an offensive operation. Vice President Joe Biden has hinted that the administration may have already taken some covert action.
One option available to the White House is to levy economic sanctions against Russia. The United States used this approach in responding to North Korea’s breach of Sony Pictures Entertainment’s electronic data last year. It would likely be difficult, however, for the United States to garner European support for economic sanctions. Not only is Russia a substantial market for Western consumer goods, but more importantly, Russian oil and gas are essential to the functioning of several Western European states. Economic sanctions also might not be sufficiently impactful to deter future hackers.
Alternatively, President Obama could authorize a secret intelligence attack on Russian servers. As James Stavridis suggested in Foreign Policy, this would presumably allow the administration to identify the Russian officials who authorized the DNC attacks and “put Moscow in an extremely uncomfortable position.” But naming names might only provoke further denials from Putin and other Russian officials, who disclaim involvement with the incident.
Others have suggested using a secret cyber attack to expose information Putin would prefer not to publicly disclose, such as his alleged links to Russian oligarchs or his rumored financial holdings overseas. However, this approach poses a significant risk of escalation. The United States and Russia are embroiled on opposite sides of a number of major international conflicts, including Syria and the annexation of Crimea; publicly embarrassing Russian officials might exacerbate those conflicts and alter the risk-benefit analysis.
Each of these options poses its own risks to the United States. However, the threat of unconstrained international cyber attacks is arguably more significant than any one of them. A monumental election is a few short weeks away, and Russia has proven that the results are vulnerable to outside manipulation. While a decisive offense is essential, it should not overshadow the value of a rigorous defense. Perhaps the only clear takeaway from the DNC breach is that the United States must reevaluate and reinforce its cyber security systems across the board. Defensive measures should take priority and should precede inflammatory counteraction.
*Laura is a 2L at Harvard Law School and an Online Editor for HLPR.