Q&A: Probing Russian hacking, asking what can be done?

Last week, President Barack Obama ordered a full review into claims that the 2016 presidential election was tainted by Russian hacking, to be completed before the President-elect Donald Trump takes office on Jan. 20, 2017. In the months leading up to the election, e-mail break-ins were reported by the Democratic National Committee, the Democratic Senatorial Campaign Committee and Clinton campaign Chairman John Podesta.

In a joint statement issued in October, all 17 agencies in the Intelligence Community agreed that the Russian government was behind this cyber activity, and that it was intended to interfere with the US election process. While there is no consensus within the intelligence community as to whether the hacking was a deliberate move to help elect Trump, many prominent Republicans and Democrats have insisted that this should not become a partisan issue. Although both Russia and China have engaged in cyber espionage against the United States for years, this type of interference with the U.S. election system is seen to be unprecedented.

Jamie Winterton

ASU cybersecurity expert Jamie Winterton discusses the extent, impact and meaning of this type of hacking, and to consider possible solutions moving forward. Winterton is the director of strategic research initiatives with Arizona State University’s Global Security Initiative, which focuses on defense and security research with a special emphasis on cybersecurity.

Question: What is the “apparatus” or system for these operations? Are most of these Russian hackers working for the government or operating independently?

Answer: It’s worth noting that many other countries have a different relationship with hackers than the US government does. For the most part, the US government keeps hackers at arm’s length. In other countries, Russia included, hackers often work closely with government. 

Analysis by CrowdStrike found that much of the work done on the DNC hack was performed from 8am to 8pm Moscow time which indicates that this was a more organized, official operation, rather than unaffiliated individuals. The sophistication and breadth of some of these methods also indicates a coordinated effort. It’s hard to pull off advanced persistent threat (APT) activities as a single hacker or loose collective. 

Q: What do you think is the likelihood that Russian hackers interfered with the US elections?

A: Nations interfering with each others’ elections isn’t new — that’s been happening for decades, at least — but the electronic networks we rely upon bring a whole new set of issues to the game. Attribution — knowing who’s doing what in cyberspace — is an incredibly difficult problem. That said, there is evidence that Russia was involved in the election in multiple ways, such as breaking into voter registration databases and the DNC email server. It’s important to note that no evidence has been found that the vote tallies themselves were hacked — and there are far easier ways to influence an election outside of vote-counting software. 

Q: Going forward, what can be done to slow or stem these intrusions?

A: First, we should establish national standards for election hardware and software. Complexity is rarely good for security, and right now, we have an insanely complex system. Managing software updates and security upgrades is nearly impossible. And it’s not just a complex system — it’s one that’s too old. Election officials are stockpiling old parts, buying them from eBay because they aren’t available from the manufacturer any more. 

Second, we need a routine audit of every election, whether they’re contested or not. The most secure networks include continual monitoring to characterize and alert for abnormal activity. Our election systems should as well. 

Finally, we need to verify our information sources while at the same time protecting free speech. There’s been a lot of talk about the effect that “fake news” had on the election. Whether that misinformation comes from a foreign entity or domestic, we can’t ignore the social element of democracy when it comes to securing the vote. 

Q: We often use the term “cyberwarfare.” Do you see this as a form of war?

A: I’m leery of the term "cyberwar" because it draws false equivalences with conventional warfare. When we think of war, we think of two nation states attacking each other in well-defined, kinetic, easily quantifiable ways. Operations in cyberspace are vastly different. There can be physical damage inflicted via cyberattack, but not always. An attack on the power grid could result in physical damage (and even loss of life). But often the results are not physical. They can be economic; sometimes they impact confidence or morale. The actors are often unknown, they may not even belong to any organized group, much less one that occupies set geographic boundaries. There is no easily defined ‘proportional response.’ We’re experiencing a sea change in attack and defense; we should create a unique term that reflects this new reality.