The Obama administration is close to announcing a series of measures to punish Russia for its interference in the 2016 presidential election, including economic sanctions and diplomatic censure, according to U.S. officials.
The administration is finalizing the details, which also are expected to include covert action that will probably involve cyber-operations, the officials said. An announcement on the public elements of the response could come as early as this week.
The sanctions portion of the package culminates weeks of debate in the White House on how to revise a 2015 executive order that was meant to give the president authority to respond to cyberattacks from overseas but that did not cover efforts to influence the electoral system.
The Obama administration rolled the executive order out to great fanfare as a way to punish and deter foreign hackers who harm U.S. economic or national security.
The threat to use it last year helped wring a pledge out of China’s president that his country would cease hacking U.S. companies’ secrets to benefit Chinese firms.
But officials concluded this fall that the order could not, as written, be used to punish the most significant cyber-provocation in recent memory against the United States — Russia’s hacking of Democratic organizations, targeting of state election systems and meddling in the presidential election.
With the clock ticking, the White House is working on adapting the authority to punish the Russians, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations. President Obama pledged this month that there would be a response to Moscow’s interference in the U.S. elections.
Russia had denied involvement in the hacking.
One clear way to use the order against the Russian suspects would be to declare the electoral systems part of the “critical infrastructure” of the United States. Or the order could be amended to clearly apply to the new threat — interfering in elections.
Administration officials would also like to make it difficult for President-elect Donald Trump to roll back any action they take.
“Part of the goal here is to make sure that we have as much of the record public or communicated to Congress in a form that would be difficult to simply walk back,” said one senior administration official.
Obama issued the executive order in April 2015, creating the sanctions tool as a way to hold accountable people who harm computer systems related to critical functions such as electricity generation or transportation, or who gain a competitive advantage through the cybertheft of commercial secrets.
The order allows the government to freeze the assets in the United States of people overseas who have engaged in cyber-acts that have threatened U.S. national security or financial stability. The sanctions would also block commercial transactions with the designated individuals and bar their entry into the country.
But just a year later, a Russian military spy agency would hack into the Democratic National Committee and steal a trove of emails that were released a few months later on WikiLeaks, U.S. officials said. Other releases followed, including the hacked emails of Hillary Clinton’s campaign chairman, John Podesta.
“Fundamentally, it was a low-tech, high-impact event,” said Zachary Goldman, a sanctions and national security expert at New York University School of Law. And the 2015 executive order was not crafted to target hackers who steal emails and dump them on WikiLeaks or seek to disrupt an election. “It was an authority published at a particular time to address a particular set of problems,” he said.
So officials “need to engage in some legal acrobatics to fit the DNC hack into an existing authority, or they need to write a new authority,” Goldman said.
Administration officials would like Obama to use the power before leaving office to demonstrate its utility.
“When the president came into office, he didn’t have that many tools out there to use as a response” to malicious cyber-acts, said Ari Schwartz, a former senior director for cybersecurity on the National Security Council. “Having the sanctions tool is really a big one. It can make a very strong statement in a way that is less drastic than bombing a country and more impactful than sending out a cable from the State Department.”
The National Security Council concluded that it would not be able to use the authority against Russian hackers because their malicious activity did not clearly fit under its terms, which require harm to critical infrastructure or the theft of commercial secrets.
“You would (a) have to be able to say that the actual electoral infrastructure, such as state databases, was critical infrastructure, and (b) that what the Russians did actually harmed it,” said the administration official. “Those are two high bars.”
Although Russian government hackers are believed to have penetrated at least one state voter-registration database, they did not tamper with the data, officials said.
Some analysts believe that state election systems would fit under “government facilities,” which is one of the 16 critical infrastructure sectors designated by the Department of Homeland Security.
Another option is to use the executive order against other Russian targets — say, hackers who stole commercial secrets — and then, in either a public message or a private one, make clear that the United States considers its electoral systems to be critical infrastructure.
The idea is not only to punish but also to deter.
“As much as I am concerned about what happened to us in the election, I am also concerned about what will happen to us in the future,” a second administration official said. “I am firmly convinced that the Russians and others will say, ‘That worked pretty well in 2016, so let’s keep going.’ We have elections every two years in this country.”
Even the threat of sanctions can have deterrent value. Officials and experts point to Chinese President Xi Jinping’s agreement with Obama last year that his country would stop commercial cyberspying. Xi came to the table after news reports that summer that the administration was preparing to sanction Chinese companies.
Complicating matters, the Trump transition team has not yet had extensive briefings with the White House on cybersecurity issues, including the potential use of the cyber sanctions order. The slow pace has caused consternation among officials, who fear that the administration’s accomplishments in cybersecurity could languish if the next administration fails to understand their value.
Sanctions are not a silver bullet. Obama noted that “we already have enormous numbers of sanctions against the Russians” for their activities in Ukraine. So it is questionable, some experts say, whether adding new ones would have a meaningful effect in changing the Kremlin’s behavior. But in combination with other measures, they could be effective.
Criminal indictments of Russians might become an option, officials said, but the FBI has so far not gathered enough evidence that could be introduced in a criminal case. At one point, federal prosecutors and FBI agents in San Francisco considered indicting Guccifer 2.0, a nickname for a person or people believed to be affiliated with the Russian influence operation and whose true identity was unknown.
Before the election, the administration used diplomatic channels to warn Russia. Obama spoke to Russian President Vladimir Putin at a Group of 20 summit in China in September. About a week before the election, the United States sent a “hotline”-style message to Moscow using a special channel for crisis communication created in 2013 as part of the State Department’s Nuclear Risk Reduction Center. As part of that message, the officials said, the administration asked Russia to stop targeting state voter registration and election systems. It was the first use of that system. The Russians, officials said, appeared to comply.