U.S. intelligence agencies have no way of measuring the impact of Russian hacking on the recent election result, the nation’s top spy told senators Thursday.
“They did not change any vote tallies or anything of that sort,” Director of National Intelligence James Clapper told a hearing of the Senate Armed Services Committee.
But he added that U.S. intelligence lacked the tools to estimate what the effect had been on Americans’ voting choices of the still ongoing campaign of hacked Democratic Party emails dumped on the web, and their content amplified by fake news stories and automated social media echo chambers.
“We in the intelligence community can’t gauge the impact it had on the choices that the electorate made,” Clapper said.
Such a judgment “certainly isn’t in the purview of the U.S. intelligence community,” he acknowledged later.
Committee Chairman John McCain, R-Ariz., asked him whether a successful attempt to influence U.S. elections would qualify as an act of war.
“That is a very heavy policy call that the intelligence community should not be making, in my view,” Clapper replied.
He added that, in international cyber-relations, offline policy options like sanctions and naming-and-shaming had proved most effective, rather than responding in kind.
Clapper characterized the Russian effort as “a multi-faceted campaign — the hacking was one part of it, it also entailed classical propaganda, disinformation [and] fake news.”
“Does that continue?” asked Democratic Sen. Jack Reed, of Rhode Island.
“Yes,” Clapper replied.
Before Christmas, U.S. officials acknowledged that they lacked the policy tools to respond to such a campaign of hybrid warfare.
Awkward timing, ahead of report
Clapper complained repeatedly that he was hamstrung by the timing of the hearing — days before the release of a classified report on the election hacking ordered by President Obama, who has only about two weeks left in the White House.
Clapper said he expected to testify next week at closed intelligence committee hearings in both chambers, and to provide classified briefings for all lawmakers.
“I don’t want to get too far ahead of our rollout to the Congress,” he said at several points, adding that there would be an unclassified version released as well.
U.S. intelligence agencies also have formed a consensus view on the motivation for the hacking, he said, without elaborating on what it might be.
“Yes we will ascribe a motivation. Again, I’d rather not preempt the report,” he said.
“There was more than one motivation,” he added later, acknowledging that judging the intent of foreign leaders was one of the most difficult and delicate tasks in intelligence.
Clapper said next week’s report would include a chapter from the Department of Homeland Security and the National Institute of Standards and Technology about best cybersecurity practices to counter Russian hackers — whose election-related operations largely relied on sophisticated, but blockable, spear-phishing email attacks.
He said the report had been compiled “essentially by those three agencies — CIA, FBI and NSA” and they were in agreement that the Russian effort was authorized at the highest levels of the Kremlin.
Questioned about the U.S. response last week — when Obama imposed financial sanctions on Russian intelligence agencies, senior officials and private sector contractors — Clapper criticized a knee-jerk impulse to respond in the cyber domain.
“Our automatic default policy position should not be exclusively to counter cyber with cyber, we should consider the use of all aspects of national power,” he said, adding that actually non-cyber responses had so far proved more effective, for instance with China.
“To date non-cyber tools have been more effective at changing our adversaries’ cyber behavior,” he said.
“When we do choose to act, we need to model the rules we want others to follow as our actions will set a precedent,” in the borderless domain of cyberspace.
“If you do retaliate in the cyber dimension, the problem is not knowing what you might get back,” he said later.
U.S. forces were extremely cautious about the possible collateral consequences of any cyber weapons deployment, he said. “I don’t think others are committed to that level of precision,” he added of U.S. adversaries.
It was also hard to achieve deterrence.
“The problem with the cyber domain, it doesn’t have those physical dimensions” that nuclear deterrence relies on, he said. In cyber, “It is … very hard to create the substance and psychology of deterrence in my view.”
Cyber attacks were likely to continue to be a favored tactic by U.S adversaries, Clapper said, since they “don’t cost much and cannot always be easily attributed.”
“I cannot think of a single significant actor out there who is decreasing their level of investment or losing capability” in the cyber domain, added NSA chief Adm. Michael Rogers.