While President Trump has avoided criticizing Russia for cyberattacks on the United States and its allies, his administration is taking a harder line.
The Treasury Department on Monday hit a group of Russian companies and business executives with economic sanctions for helping Russia’s military and intelligence services launch cyberattacks against the West. The timing was especially striking just three days after Trump proposed allowing Russia back into the Group of Seven industrial nations.
The sanctions highlight how even though Trump continues to rattle U.S. allies with his olive branches to Moscow, there’s still a strong behind-the-scenes push in his administration to check Russian aggression in cyberspace.
Rep. Joaquin Castro (D-Tex.), who serves on the House Foreign Affairs Committee, tweeted that although the administration had been “slow to roll out” sanctions against Russia that Congress approved last year, “they took an important step forward today on sanctioning a number of Russian entities connected to Russian intelligence services for cyber attacks on the U.S. and our allies.”
While the Administration has been slow to roll out its sanctions on #Russia as required by law, they took an important step forward today on sanctioning a number of Russian entities connected to Russian intelligence services for cyber attacks on the US and our allies. https://t.co/OgZGIgkAbj— Joaquin Castro (@JoaquinCastrotx) June 11, 2018
The apparent clash between Trump’s Kremlin-friendly rhetoric and his administration’s punitive action is no surprise to close observers, said Nina Jankowicz, a fellow at the Wilson Center.
“This is how the Trump administration's Russia policy has always operated,” Jankowicz told me in an email. “He says one thing, and others in his administration continue quietly doing what we expect (and in some cases, going beyond that).”
The Treasury Department’s latest sanctions target five Russian companies and three executives who worked with Russia’s Federal Security Service, or FSB, freezing their assets and barring American companies from doing business with them, as my colleague Ellen Nakashima reported.
Treasury said it was a response to Moscow-backed cyber activities, including the devastating NotPetya cyberattack in 2017 that wreaked havoc on banks and other institutions around the world; recent cyber intrusions on the U.S.energy grid; and a global hacking campaign on wireless routers and other devices that the FBI disrupted last month. The action also was also meant to curb Russian efforts to track undersea communications cables that carry most of the world’s telecommunications data, according to the Treasury Department.
Treasury Secretary Steven Mnuchin didn’t mince words in announcing the sanctions. “The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities," he said in a statement.
It was a stark departure from Trump’s conciliatory remarks at the G-7 summit in Canada over the weekend. On the first day of the tumultuous meeting, the president broke with some of the United States’ closest allies by calling for Russia to be readmitted to the alliance. "Whether you like it or not, and it may not be politically correct, but we have a world to run,” Trump said. "They should let Russia come back in."
Russia was booted from the group four years ago after it annexed Ukraine’s Crimea region. And Moscow’s interference in the presidential election only angered U.S. lawmakers and foreign partners — though Trump himself has long expressed a desire to forge closer relations with Russian President Vladimir Putin and has been reluctant to condemn Russia’s digital attacks outright. The president has also repeatedly rejected conclusions by the intelligence community and congressional investigators that Russia interfered in the 2016 election to help him win.
“Suffice it to say,” Jankowicz said, “he seems to be in a different place intellectually regarding his opinions about Russia's role in the world."
Indeed, the administration and lawmakers from both parties have adopted an increasingly aggressive stance toward Moscow’s cyber offensives in recent months -- while Trump has stayed on the sidelines.
Last summer, Congress voted overwhelmingly to impose economic sanctions on Russia in retaliation for its interference in the 2016 election. Trump signed the sanctions legislation, but not before questioning its constitutionality and raising doubts about whether he would enforce it.
And in February, the White House publicly attributed the NotPetya attack to Russia — calling it “the most destructive and costly cyberattack in history” — but the move came in a statement from press secretary Sarah Huckabee Sanders, with no remarks from Trump himself.
Yet the administration followed through on Congress's sanctions mandate with tough penalties. In March of this year, it slapped sanctions on Russian government hackers and spy agencies as punishment for election interference and the NotPetya attack. And another round of sanctions came in April, targeting a group of Russian politicians, tycoons and businesses as a response for the same offenses. This latest round of sanctions were imposed under the sanctions law and an executive order from former President Barack Obama that created a way to impose sanctions for cyber activity. (To be sure, while the administration initially missed multiple deadlines for imposing the sanctions, saying in January that the legislation itself was enough of a deterrent, they have since seemed to embrace the punishment for Russia despite the relative silence from the top.)
Yet the Treasury Department’s salvos keep the pressure mounting on Russia, Jankowicz said.
“I think this round of sanctions is intended to send a signal that we mean business about Russia's cyber operations,” she said.
But it’s unlikely to completely stop them, she added. “Russia notoriously uses criminals and others outside of the ‘traditional’ loci of government and tech business to do their dirty work in this area, and they'll continue to do so after these sanctions.”
Real change in Moscow’s behavior will probably only come if the U.S. government targets Putin’s closest affiliates, according to Chris Painter, the State Department’s first cyber diplomat during the Obama administration.
“The U.S. will need to use sanctions and other measures to affect things that Russian leadership cares about,” he said. “While this is a good step, it appears initially that these entities [targeted in Monday’s sanctions] don't rise to that level.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Authorities have arrested 74 people in the United States and overseas as part of a crackdown on online wire transfer fraud that targeted businesses and individuals, the Justice Department announced in a statement Monday. The enforcement operation lasted over six months and resulted in the arrests of 42 people in the United States, 29 in Nigeria and three in Canada, Mauritius and Poland, according to the department. “Fraudsters can rob people of their life's savings in a matter of minutes,” Attorney General Jeff Sessions said in a statement. “These are malicious and morally repugnant crimes.”
Scammers engaging in "business email compromise" impersonate business professionals via email and request payments or access to sensitive financial information such a payrolls or W2 forms, according to an FBI notice issued Monday. Fraudsters can also impersonate real estate executives, human resources employees and law firms. “This operation demonstrates the FBI’s commitment to disrupt and dismantle criminal enterprises that target American citizens and their businesses,” FBI Director Christopher A. Wray said in a statement. “We will continue to work together with our law enforcement partners around the world to end these fraud schemes and protect the hard-earned assets of our citizens.”
PATCHED: Congress is challenging Trump on ZTE in the form of an amendment from Sens. Tom Cotton (R-Ark.) and Chris Van Hollen (D-Md.), which was included in the National Defense Authorization Act for fiscal 2019. “The bipartisan amendment would reimpose penalties on ZTE for violating U.S. sanctions against exporting to Iran and North Korea that the Trump administration sought to lift in exchange for the company paying a $1 billion fine and funding an in-house compliance team of U.S. officials,” The Washington Post's Karoun Demirjian writes. “It would also ban U.S. government agencies from purchasing any devices or services from ZTE or Huawei, another major Chinese telecom firm, or using government loans to subsidize any subsidiaries or affiliates of the two companies.”
“The threat Huawei and ZTE pose to our national security is too great to ignore,” Cotton said in a statement. “This amendment will help keep Americans' private information out of the hands of the Chinese Communist Party, and I'm pleased it will be included in the NDAA.” Sen. Marco Rubio (R-Fla.), who also backs the amendment, said “lawmakers must 'remain clear-eyed and unified on the threat China poses to U.S. interests and national security,' even if the president wasn’t,” Demirjian reports.
From Senate Minority Leader Charles E. Schumer (D-N.Y.), one of the amendment's backers:
The fact that a bipartisan group of senators came together this quickly is a testament to how bad the Trump administration's ZTE deal is and how we will not shy away from holding the president's feet to the fire when it comes to keeping his promise to be tough on China.— Chuck Schumer (@SenSchumer) June 11, 2018
There were other cyber-related amendments senators sought to add to the defense bill: Sen. Mark R. Warner (D-Va.), the Senate Intelligence Committee's vice chairman, introduced one that would direct the government to retaliate should a foreign power conduct cyberattacks against U.S. elections, Warner's office announced in a news release on Monday. “The sophisticated cyber effort by Russia during the 2016 presidential election made clear just how unprepared we are as a nation to address cyber threats posed by foreign adversaries,” Warner said in a statement. “That is why I have offered an amendment that would require a direct response by the U.S. should a foreign adversary attempt to intervene and undermine the integrity of local, state, or federal elections.” Warner also introduced an amendment aiming to revamp the security clearance system.
And Sen. Martin Heinrich (D-N.M.) submitted an amendment that would demand that Trump restore the White House cybersecurity coordinator position that the administration recently terminated, the Hill's Morgan Chalfant reports. “Heinrich’s amendment to the NDAA would effectively reverse the White House’s decision, requiring Trump to appoint an official within the Executive Office of the President to develop and coordinator federal governmentwide cyber strategy and policies and oversee the implementation of those policies,” Chalfant writes.
PWNED: Duke University researcher David Brady developed a powerful surveillance camera that initially included funding from the Pentagon, and now the technology is being used in China, the Wall Street Journal's Wenxin Fan reports. Brady's cameras use 19 lenses and provide such detail that they allow users to identify someone almost as far as the length of a football field. “The cameras are linked to facial-recognition technology that enables police to identify people, part of the surveillance web that tracks criminals as well as citizens,” Fan writes. “Aqueti cameras are now installed around Tiananmen Square in Beijing, monitor main streets in Kunshan, a city near Shanghai, and are spreading to other towns, said William Wang, Mr. Brady’s Chinese partner in Aqueti.” Brady told Fan that he isn't bothered that Chinese authorities use those cameras. “A government doesn’t need the hand of technology to be oppressive,” Brady said.
— More cybersecurity news from The Post and elsewhere:
— The Interior Department's Bureau of Reclamation chose Booz Allen Hamilton and Spry Methods to take charge of the cyberdefenses of more than 600 dams across 17 states, Nextgov's Aaron Boyd reports. “The Interior Department’s Bureau of Reclamation awarded winners on its five-year indefinite-delivery, indefinite-quantity contract for IT risk management services on June 5,” Boyd writes. “The contract covers technical and professional services in support of the bureau’s threat monitoring and mitigation programs; compliance with the Federal Information Security Management Act; security of dam industrial control systems, or ICS; and working with Reclamation’s information system security officer.”
— Net neutrality rules are officially gone, but Federal Communications Commission Chairman Ajit Pai says Internet users probably won't notice the difference for now, The Post's Tony Romm reports. “In the short term, I don't think consumers are going to see any change at all from the Internet experience they've come to cherish,” Pai told Romm in an interview on Friday. “And in the medium- to long-term, I think we're going to see more investment in high-speed networks, particularly in rural areas that are difficult to serve.” Pai also said he thinks opposition to the repeal of net neutrality is the consequence of “a fair amount of misinformation.”
— More cybersecurity news from the public sector:
— The embattled Russian cybersecurity firm Kaspersky Lab wants to do business with the U.S. government again. The company asked a federal appeals court to reverse a governmentwide ban on its products after losing a court battle to lift the ban last month, Nextgov reports.
According to Nextgov, Kaspersky argued in an emergency motion that the court “must act quickly to reverse that decision because the ban is having a profound effect on Kaspersky’s reputation and bottom line ... Kaspersky’s U.S. government business accounted for a very small portion of its multinational operations, the company acknowledged. About one-fourth of Kaspersky sales, however, go to U.S. companies and households that might be scared off by the government’s contention that Kaspersky software could be used as a Russian government spying tool, the company said.”
Congress prohibited federal agencies from using Kaspersky software last year over concerns that its products could be used for Russian spying.
— Facebook is under fire for treating ads promoting news articles no differently from ads from political candidates, Bloomberg News reports. Seven trade groups representing media outlets including the New York Times, BBC.com and 21st Century Fox told chief executive Mark Zuckerberg in a letter Monday to scrap the policy.
“We see your policy as another step toward furthering a false and dangerous narrative that blurs the lines between real reporting from the professional media and propaganda,” the letter said. “Marketing our products, or subscriptions to our products, is not separate from our journalism or from press freedom.”
— More cybersecurity news from the private sector:
— The encrypted messaging app WhatsApp is poised to transform politics in Brazil, my colleague Marina Lopes reports. “Disparate bands of truckers turned to the messaging app to organize thousands of drivers in the largest and most effective truckers strike in the nation’s history,” she writes.
The event could be a model for future social movements: “Nearly two-thirds of Brazil’s 200 million people use WhatsApp to share memes, set up meetings and, increasingly, vent about politics. Now, the messaging app is helping Brazilians undermine established power structures, injecting a level of unpredictability and radicalization into a country beset by economic and political crises.”
— More cybersecurity news from around the world:
- Senate Judiciary Committee hearing on combating election interference.
- Senate Homeland Security and Governmental Affairs Committee hearing on the Chemical Facility Anti-Terrorism Standards program.
- Last day of HIMSS Healthcare Security Forum in San Francisco.
- Colloquium for Information Systems Security Education in New Orleans through tomorrow.
- Cisco Live conference in Orlando through June 14.
- The Senate Homeland Security and Governmental Affairs Committee examines the Cyber SAFETY Act of 2018 tomorrow.
- Senate Commerce Committee hearing on the National Telecommunications and Information Administration tomorrow.
- 2018 Cybersecurity Leadership Forum in Washington tomorrow.
- Missouri Digital Government Summit in Jefferson City, Mo., tomorrow.
- House Energy Subcommittee hearing on the Chemical Facility Anti-Terrorism Standards program on June 14.
- Interface Phoenix conference on June 15.
- BSides San Antonio conference on June 16.
- Senate Judiciary Committee hearing on the Justice Department inspector general’s first report on the department and FBI’s actions before the 2016 election on June 18.
- House Judiciary Committee hearing on the Justice Department and the FBI’s actions before the 2016 election on June 19.
The Trump-Kim Jong Un summit, in about two minutes:
Trump: “Take a good picture, everybody, so we look nice and handsome and thin.”
Robert De Niro's bleeped moment at the Tonys: