Written byChris Bing
A powerful, newly appointed adviser to President-elect Donald Trump believes she has crafted the “ultimate” plan to punish Russia for its high-profile cyberattacks on U.S. political organizations and institutions. This supposed strategy would effectively weaken the Kremlin’s ability to censor internet content that is viewed, shared and created domestically.
K.T. McFarland, Trump’s pick to be deputy national security adviser, recently proposed that the U.S. respond to Russia’s hacking of the Democratic National Committee by tearing down the Kremlin’s “cyber wall,” assumably referring to both online surveillance and censorship technologies used to review Russian communications. The idea has appeal as a way to push back against the Kremlin — but it also has its skeptics.
“The ultimate weapon against Russia is to say privately to them, you want to do this to us, you want to have a cyberwar with America? We know how to respond to that, which is we will tear down your cyber walls. Because the one thing that Putin fears more than anything is that his own population rises up against him like the Ukrainians did against Yanukovych,” McFarland said during a televised Fox News interview.
Former U.S. officials, national security and cybersecurity experts who spoke to CyberScoop share differing opinions about McFarland’s idea.
“All things equal, it seems like a strong, non-escalatory way to respond to a cyberattack, though it lacks the signaling power that more public responses, like sanctions, would,” said New America Policy Analyst Robert Morgus.
Morgus said he has questions, though, about whether McFarland’s plan is feasible, given the current context.
“The Russian market for technology is — at least in comparison to other parts of the world — relatively insular, so pushing the adoption of encryption products, which would likely be marketed as ‘U.S. developed and NSA approved’ by the Kremlin, may prove very difficult,” Morgus said.
Attempts to contact McFarland through the presidential transition team press office, her booking agent for public speaking opportunities and also on Twitter went unanswered. A spokesperson for Fox News, the same organization for which McFarland worked as a security analyst, said they did not have contact information to provide.
“The presence of more anonymizing software will not suddenly galvanize opposition to the regime among large swathes of the Russian population,” said Adam Segal, director of digital and cyberspace policy at the Council on Foreign Relations.
Segal, a skeptic of the plan, added: “the Russian government already seems to view the open Internet as a weapon directed at regime transition. Putting new anonymizing tools into a domestic market may not be interpreted as a response to a specific Russian action rather than another step in a long-running battle between the two sides.”
Beyond U.S. think tanks, McFarland’s strategy seems to have found support from an influential former U.S. intelligence official: NSA Director Michael Hayden. Although Hayden has publicly and repeatedly criticized Trump’s basic understanding of national security and foreign policy, he appears to agree with McFarland’s diagnosis.
In a small, public speaking event at a D.C.-based think tank last week, Hayden told a crowd of policy wonks, journalists and Capitol Hill staffers that America should respond to the Kremlin’s offensive cyber-operations by flooding Russia’s domestic market with anonymizing technologies designed for the public, like encrypted messaging applications.
“What is really attractive to me, is to do everything in your power to push into the Russian cybersphere as much anonymizing technology as you possibly can because nothing will get the attention more of the Russian leadership than threatening their ability to monitor their own population,” said Hayden.
While the idea of secretly promoting commercial encryption in a foreign country may sound far-fetched, experts agreed that McFarland’s idea is worth consideration.
“Covert promotion of communication technologies, such as WhatsApp, that have end-to-end encryption built into them is definitely a viable course of action that should be considered,” said Ely Kahn, a former National Security Council director of cybersecurity in the White House. “[However], the promotion of other anonymizing technology like VPN and Tor will likely have less success given the complexities in setting up those types of tools.”
The ongoing cross-border conflict in Ukraine and more specifically, Russia’s efforts to hide the deaths of federation soldiers abroad, shows the nervous tendencies of the Kremlin when it comes to a free and open internet, according to senior vice president at the Center for Strategic and International Studies James Lewis.
Lewis, a national security and foreign policy expert, favors McFarland’s suggestion because of its timing and potential impact. “You really don’t even need to ‘flood the market’ per se, once you enable people these things spread by word of mouth. Putin has and continues to be greatly concerned with how Russians perceive him … he’s always been worried about optics,” said Lewis.
The existing “line” between online misinformation campaigns and traditional cyberwarfare — a tradecraft largely dependent on the discovery of zero days and ability to compromise specific computers — has blurred, said Christopher Porter, a FireEye iSIGHT Intelligence manager.
“In the internet era there are new targets deep behind the front lines: the hearts and minds of Russian and American citizens,” surmized Kenneth Geers, a senior research scientist at Comodo and renowned expert on cyber-espionage and cyberwarfare.
“The West has many vulnerable digital targets, but in fact [the U.S.] has far greater strategic depth in cyberspace than Russia or any other authoritarian country,”Geers told CyberScoop, “Putin scored the first touchdown, but we are still in the first quarter.”