Our So-Called Foreign Policy: Sense and Nonsense on Russia’s Hacking

Tags

2016 election, Amy Klochubar, China, cyber-security, cyber-war, defense spending, Democrats, hacking, Hillary Clinton, intelligence, John McCain, Middle East, NATO, Obama, Office of Personnel Management, Our So-Called Foreign Policy, Putin, Republicans, Russia, sanctions, terrorism, Trump

What could be more predictable? The growing uproar over charges that Russia’s government waged a cyber-focused disinformation campaign to influence the last U.S. presidential election has let loose a flood of positively inane statements and arguments on both sides that show politics at its absolute worst.

Even worse, unless both Democrats and Republicans – and the various conflicting camps within the two major parties – get their act together quickly, the odds of further attacks and all the damage they can cause to American governance will only keep shooting up.

Let’s start with those who have expressed skepticism about these allegations, including regarding the substance of yesterday’s intelligence community report concluding that “President Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine confidence in the democratic process, denigrate [former] Secretary [of State Hillary] Clinton [the Democratic nominee], and harm her electability and potential presidency.”

Can they really be serious in contending that the intelligence agencies’ publicly expressed judgments don’t pass the credibility test because no smoking gun or any other compelling evidence has been published? Do they really want the CIA etc to reveal whatever human and technical sources and methods they rely on? Do they really believe that any effective counter-hacking strategy can be developed or continued after disclosing that information?

The insistence on definitive proof, moreover, amounts to terrible advice for making foreign and national security policy generally. It seeks to apply to the jungle realm of international affairs the standards of the American legal system. President Obama’s years in office should have taught Americans how dangerously childish it is to believe that relations among sovereign countries are governed by commonly agreed on rules and norms, that the world is on the verge of this beatific state of affairs, or even that significant progress is being made. And Americans should hold shadowy world of spying and counter-spying to a simon-pure standard?

A more defensible rationale for doubting the intelligence community’s work emphasizes its past major blunders. And from what’s been made public, they have indeed been all too common and all too troubling.  (Please keep in mind, though, that successes often cannot be made public.)

Nevertheless, if a president or president-elect has no faith in a high confidence judgment of this importance from his intelligence agencies, then it’s clearly time to clean house. If the next administration does indeed decisively reject the community’s work on this matter, it will have no legitimate choice but to replace it leaders.

Back to the genuinely ditzy positions: statements that the Russian hacking failed to influence the course of the election. I personally believe this, and shame on those partisans who keep insisting that this interference prevented former Secretary of State Hillary Clinton from winning the White House or that it delegitimizes to any extent Donald Trump’s victory.

But should the United States count on Moscow – or any other actor – continuing to fail? Should it wait to respond forcefully until a U.S. adversary succeeds? Shouldn’t Washington capitalize on its adversaries’ current evident shortcomings in this regard and focus on punishment and deterrence? Simply posing these questions should make clear how obvious the answers are.

A final major objection to hammering the Russians represents another more reasonable judgment call, but it’s still fatally flawed. It’s the argument that Washington needs to softpedal the hack attack because the United States has a vital interest in improving relations with Moscow.

As I’ve written, opportunities for better ties with Russia abound, and they should be pursued. But that’s no reason to let Moscow off lightly for its cyber-aggression. In the first place, in any mutually beneficial relationship, boundaries need to be drawn. This is especially true given how much stronger and wealthier than Russia the United States is. If an effort to subvert America’s democratic processes doesn’t qualify, count on further, even worse provocations by Moscow.

Just as important, this approach overlooks a crucial reality: Clear indications that Russia has an incentive to cooperate with the United States in fighting Islamic extremism and terrorism haven’t appeared because Moscow is in a charitable, or even helpful, mood. They’ve appeared because these are vital interests as well for Russia, which both borders the dysfunctional Middle East and rules over its own Muslim populations.

In other words, Moscow has plenty of incentive to play ball with Washington on the Middle East whether the United States retaliates sharply for the hacking or not. And if the Russians don’t understand that, then there’s little hope of any form of meaningful cooperation.

Yet the actual and potential inconsistencies and hypocrisies of those urging tough retaliatory measures are equally troubling. Some are exclusive to Democrats. For example, the sanctions imposed on Moscow by the Obama administration for the hacking seem pretty modest for actions that it claims “demonstrated a significant escalation” of Russia’s “longstanding” efforts “to undermine the US-led liberal democratic order.”

And at the same time, the outrage voiced at Moscow contrasts conspicuously with reactions to China’s successful attack on the federal Office of Personnel Management, in which the records of some 22 million U.S. government employees – including classified and confidential information – were compromised. Indeed, President Obama never publicly blamed China’s government nor announced any responses.

Most important, however, is the question of whether Russia hardliners in both major parties old and new will act on the logical implications of their views of Russian actions and intentions – including on Moscow’s efforts to expand its influence along its own European borders. If for instance the hacking, as per Arizona Republican Senator John McCain, is truly an “act of war,” then will the call go out to cut off economic and diplomatic relations with Moscow?

If Russia’s moves against Crimea or Ukraine or the Baltics mean, in the words of Minnesota liberal Democratic Senator Amy Klochubar, that “Our commitment to NATO is more important than ever,” will today’s hawks – especially the noveau liberal variety – call for more U.S. defense spending and bigger American military deployments in endangered countries? And will they demand that American treaty allies in Europe finally get serious collectively about contributing to the common defense – which is first and foremost their own defense?

The answers to these questions will speak volumes to the American people as to whether their government is truly determined to defend interests declared to be major against foreign threats. And you can be sure they’ll convey the same vital information to America’s foreign friends and foes, too.

Following Up: How Intel May Wind Up Inside China’s Military

Tags

China, cyber-security, Digitimes, Following Up, hacking, Intel, multinational corporations, national security, Obama, Office of Personnel Management, South China Sea, technology transfer, The New York Times, The Wall Street Journal

China keeps challenging American security interests, notably by staging damaging cyber attacks on key U.S. strategic and commercial targets, and by asserting territorial claims in Asian waters that could threaten global shipping and air traffic. And evidence keeps pouring in of U.S. technology companies showering China with valuable capital and defense-related know-how – and of a decided “What, me worry?” attitude taken by the Obama administration.

Last week, a post of mine summarized two recent New York Times articles reporting the beginnings of some concerns in the national security community about these dangerous corporate activities, along with a Wall Street Journal piece that summarized some especially troubling recent tie-ups involving entities part of or clearly controlled by the Chinese government.

This week, the Taiwanese publication Digitimes shed major new light on the American tech sector’s role in beefing up China’s capabilities in a piece focusing on Intel’s operations. According to Digitimes, by the end of this year, the world’s biggest semiconductor company will have committed nearly $1.80 billion to helping Chinese companies develop advanced new products and services. Just as alarming as the scale of this investment are some of the specific recipients.

Digitimes correspondents Monica Chen and Joseph Tsai report that the company now owns part of a Hong Kong company that makes unmanned aerial vehicles, and parts of firms in China proper involved in smart devices, robotics, cloud computing services, artificial intelligence, machine vision, three-dimensional modeling, virtual reality technologies, and advanced optics.

Every single one of these investments could easily find its way into Chinese weapons – which could easily wind up using them against the American military. But although tensions in the South China Sea may be rising, and the files of tens of millions of federal employees may have been hacked earlier this year, don’t tell any of Intel’s top executives or anyone making China policy for President Obama. For them, it’s clearly business as usual with Beijing.

Our So-Called Foreign Policy: Obama Cyber-Security Failings Getting Lost in the Shuffle

Tags

China, cyber-security, cyber-security summit, Financial Times, hacking, Obama, Office of Personnel Management, OPM, Our So-Called Foreign Policy, Xi JInPing

President Obama has two big reasons to thank his lucky stars so far this summer. As widely noted, he’s racked up a series of impressive legislative and political wins, including fast track trade negotiating authority, favorable Supreme Court decisions on same sex marriage and his healthcare program, and (for now) conclusion of a nuclear arms proliferation deal with Iran.

Less widely noted is how this winning streak, along with a stunning rush of events that’s included everything from the Greece Crisis to the noisy rise of Donald Trump as a presidential candidate, has contributed to the president’s luck in another big way. They have also greatly overshadowed the hack of the federal government’s main personnel agency, which has been called a genuine intelligence disaster, and which should have the nation robustly debating whether the Obama administration has been asleep at the cyber-security switch.

Of course, the president has said a great deal about cyber-security. For example, he’s brought up the issue at a summit with Chinese leader Xi Jinping – whose government is suspected of hacking the Office of Personnel Management (OPM) and other important American targets. And he’s held a splashy White House meeting on the issue. But according to a Financial Times analysis last week of U.S. Government figures and studies, administration actions have been woefully inadequate.

The Financial Times says it’s looked at “dozens of reports by agency inspectors general, the Government Accountability Office and the Office of Management and Budget [OMB].” Their collective findings? “For years more than half of the 24 agencies required to report their cyber defences failed to take the most basic security steps. Such measures include patching software holes, using strong authentication technology and continuously monitoring systems, to help secure the troves of data collected on employees, retired military officials and government programmes.”

One big reason for this shoddy record is that few government agencies appear to take cyber threats seriously. According to the Financial Times, OMB figures show that agencies whose cyber-security expenditures represented less than two percent of their 2014 budgets include the Pentagon, the Energy Department (which handles much American nuclear weapons and proliferation-related research), NASA, the State Department, the Treasury (whose responsibilities include staunching the flow of funding to terrorist groups), the Social Security Administration, and OPM.

The Justice Department and Department of Homeland Security look more on the ball, but still only devoted a little more than three percent and just about two percent of their budgets, respectively, to cyber-security.

Throwing money at a problem is no cure-all, especially since as the Financial Times piece makes clear, the federal bureaucracy still isn’t well structured to spend it effectively? (A problem that, as I’ve written, includes the appointment of cyber-clueless agency heads.) But how can the nation hope to protect itself adequately against cyber-threats if, as the article also documents, the overall funding available to handle them is growing so much more slowly than the number of attacks? Where’s the evidence that the president is even thinking about raising Washington’s game, or that Congress and the media are acting like effective watchdogs? And how many more mega-hacks will the nation need to experience before cyber-security even becomes front page news again, much less a real White House priority?

Following Up: Trump & Sanders, Obama’s Katrina Moment, Manufacturing Fakeonomics – & an Overdue Thank You

Tags

2016 elections, Bernie Sanders, climate change, cyber-security, Democratic Party, Donald Trump, Following Up, hacking, Hillary Clinton, Immigration, Institute for Supply Management, ISM, Katherine Archuleta, manufacturing, Obama, Office of Personnel Management, Open Borders, OPM, Populism

For some reason, Hillary Clinton’s campaign website isn’t technologically up to speed enough to have posted a transcript of the “economic vision” speech she delivered this morning. So instead of analyzing it, I’ll try something a little different on RealityChek – a “Following Up” offering covering multiple subjects.

The first starts off with an apology. In last week’s piece on how Donald Trump could (but probably won’t) help generate long-term change in American politics, I wrote that his president candidacy nonetheless seemed more likely candidate than Democrat-Socialist Bernie Sanders’ to foster badly needed ideological realignment. My stated reason was that the big obstacle to Trump efforts along these lines is his personality, whereas the big obstacle to the Vermont Senator playing such a role is his ideology.

But then when I discussed in detail Sanders’ prospects as a change agent, I wrote that “he seems to be a more plausible candidate to help create an enduring populist alternative to the two major parties.” And my stated reasons included the ideological flexibility he’s displayed on issues like gun control! So what gives? In a word, I messed up. So let me try to clarify.

I still believe that Trump’s “superstar CEO” nature and consequent unwillingness to take advice from anything but Yes-men will prevent him from trying to turn his presidential campaign into a lasting movement once the former runs its course. Nor do I see any reason to change my mind despite some new comments from him suggesting the possibility of running as an independent in the fall campaign and continuing his political work beyond the current election cycle.

I also remain impressed with Sanders’ pragmatism and willingness to reach across the aisle for both legislative support and also counsel. But I don’t believe that he’ll display the same traits on the immigration and climate change issues I focused on. Re the former, he seems to be too personally invested to moderate much. Re the latter, I don’t believe he’ll want to buck the overwhelming tide I see in the Democratic party for ever more Open Borders.

Hence my conclusion – that a Trump personality change relevant to creating a new, bipartisan American populism is a better bet than a similar Sanders ideological change. But that doesn’t mean I view such a Trump transformation as even close to likely. And I do apologize for the confusion I might have created.

Second, my post on how unqualified Katherine Archuleta was to head the mega-hacked federal Office of Personnel Management left out the strongest evidence for that argument: She wasn’t only a veteran Democratic political operative (with zero background in technology). She was also a senior official in President Obama’s 2012 reelection campaign. In other words, in an age of mounting cyber-threats, the president treated the government’s main personnel agency like a cushy ambassadorship to some Caribbean island mini-state. And he still hasn’t caught much heck from the Mainstream Media for this dangerously cavalier decision.

Third, one of my longtime bugaboos is how seriously economic journalists and even economists themselves take the monthly reports on domestic American manufacturing’s health by the Institute for Supply Management (ISM). In particular, I’ve shown that neither ISM’s headline readings, nor its sub-readings on production and manufacturing orders, correlate well at all with the more reliable output and orders data put out by the federal government.

Imagine, therefore, how pleased I was to discover that, a few years ago, a Commerce Department economist came to pretty much the same conclusions. According to this study, the ISM surveys don’t even do an especially good job at what’s supposed to be their strong suit – not precisely gauging the state of manufacturing in any given month, but presenting evidence of approaching changes in its fortunes and the broader business cycle. As author Daniel Bachman demonstrated exhaustively, “While more information about the state of the economy is always better, analysts of the business cycle should realize that the ISM surveys do not supercede or fully anticipate more comprehensive official data.”

Finally, one house-keeping point: an overdue thank you to the growing ranks of RealityChek followers. Your interest is greatly appreciated – and I hope you’ll spread the word!

Our So-Called Foreign Policy: OPM Hack Still Looks Like Obama’s Katrina Moment

Tags

cronyism, cyber-security, George W. Bush, hacking, Hurricane Katrina, Katherine Archuleta, Michael Brown, New Orleans, Obama, Office of Personnel Management, OPM, Our So-Called Foreign Policy

Remember the scorn heaped on former President George W. Bush when, amid the Hurricane Katrina disaster, he told the head of the main federal disaster relief agency that he was doing “a heck of a job”? The reaction seemed fitting not only because Washington’s efforts to help New Orleans were so obviously failing, but because the official, Michael Brown, was so obviously unqualified for the job. Indeed, his appointment seemed like a classic example of rewarding a political crony with a fancy government title at a supposed backwater bureaucracy.

Katherine Archuleta has now quit as Director of the federal Office of Personnel Management. But given the hacking disaster she presided over – only the latest worrisome cyber-attack on his watch – why hasn’t President Obama been treated just as scornfully? The twin cyber breaches OPM has suffered are widely seen as “among the most potentially damaging cyber heists in U.S. government history” because they could pose huge threats to American national security. And although the president never personally lauded or defended Office Director Katherine Archuleta, the White House was until the last minute expressing “confidence that she’s the right person for that job.”

Yet a look at Archuleta’s bio strongly suggests that, at a time of rapidly emerging cyber insecurity, her 2013 appointment to lead OPM was arguably an even more inexcusable example of cronyism than Bush’s choice of Brown.

Two Mays ago, when Mr. Obama chose Archuleta, cyber security was amply recognized as a top policy challenge. In fact, in February, 2013, the president himself issued an Executive Order to “improve critical infrastructure cybersecurity” because “The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”

So who did he place in charge of the nation’s federal personnel records, which include detailed, sensitive information that foreign powers could use as tools for recruiting spies inside official American ranks? Someone with no apparent expertise whatever in any technology issues, much less tech-related security issues. Archuleta started her career as a Colorado school teacher – an honorable profession of course – and came to Washington through having served as a staff chief to a former Denver Democratic mayor who wound up heading two cabinet agencies during the Clinton Administration.

When she returned to Colorado when Republicans recaptured the White House, she went back to work for another Denver mayor as a “Senior Policy Advisor” before coming back to federal service for another chief of staff job – at the Labor Department.

This isn’t to say that Archuleta is a dodo – though she didn’t exactly display sterling judgment by claiming that “There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s system.” Like she would be in a position to know? Like the sky isn’t the limit over any significant stretch of time? But more important, there’s no evidence that she boasted any qualifications for protecting some of the nation’s most crucial data.

The OPM disaster could dwarf Katrina in its long-term impact.  But since it lacks heart-rending visuals and patently buffoonish moments, it’s easy to see why Washington’s sensation-seeking chattering classes hasn’t zeroed in on Obama’s responsibility. From the standpoint of common sense, though, it’s hard to understand why that’s necessary.

Im-Politic: When Journalism…Isn’t

Tags

China, cyber-security, hacking, Im-Politic, Mainstream Media, Obama, Office of Personnel Management, Xi JInPing

I didn’t think going on benders was a Fourth of July tradition. Then I read the Washington Post‘s editorial this morning on responding to the recent massive hacking of U.S. government personnel files that American intelligence officials publicly suspect China carried out. The lead writer must have been severely hung over.

Let’s leave aside the Post’s consistent record of staunchly insisting that the U.S. military must stand (and sail) as tall as ever in East Asia to defend national security. Let’s also leave aside the paper’s equally staunch support for the very trade expansion measures that have fueled China’s rapid military buildup – not to mention the related export control policies that have permitted American companies to transfer crucial defense-related technology to the government-dominated Chinese economy.

Now, because this particular theft is supposedly not spying as usual, the Post wants President Obama to get “mad as hell” about the cyber attack on the Office of Personnel Management. Further, he should “begin preparations for retaliation” if his expressed wrath at an upcoming summit with Chinese leader Xi Jinping doesn’t get the job done.  Unless the Post doesn’t really want any of this? 

Think of it this way. If you genuinely wanted these cyber-attacks stopped, and were thinking clearly, would you then say – in the very next sentence – “Not all of the broad U.S.-China bilateral relationship needs to be put at risk”? Would you insist on restricting counter-moves to “the alleged Chinese hackers,” as if they could possibly be operating independent of China’s top leadership in an area this sensitive? Of course not.

Like so many politicians in so many instances, Post editors are (with unusual ineptitude in this case) trying to pretend, despite burgeoning evidence to the contrary, that the nation can have its China cake and eat it, too – virtually unrestricted economic relations along with adequate cyber-security. Also like so many politicians in so many instances, these editors seem to be hoping that the more indignant they wax, the more effectively they can hide their own role in creating the problem to start with.

Except Post editors are supposed to hold American leaders accountable, especially for massive, dangerous blunders. They’re supposed to guard the guardians, not flatter and coddle them. They’re supposed to speak truth to power, not parrot its boilerplate. In other words, they’re supposed to be journalists. And until they and the rest of the Mainstream Media start acting this way, don’t expect American democracy to become much healthier anytime soon.

Following Up: Emerging Possibilities on Hacking Retaliation and a Cyber Balance of Terror

Tags

Adam Schiff, asymmetrical war, balance of terror, China, Chris Wallace, Cold War, Congress, cyber-security, cyber-war, deterrence, Following Up, Fox News Sunday, hacking, infrastructure, Martin Dempsey, nuclear weapons, Obama, Office of Personnel Management, Peter King, Russia, terrorism

Here’s a suggestion for Fox News Sunday anchor Chris Wallace – start watching some recent episodes of your own show before conducting interviews. You might be able to move the public debate on vital issues forward, rather than trodding over well-worn ground.

Wallace led off this morning’s show with a look at this past week’s news that the federal government’s personnel agency has been hacked twice in the last year, and that China is widely suspected as the attack’s source. And that’s entirely understandable. The examination of whether the Obama administration is dealing adequately with cyber threats, moreover, is vitally important. What was completely weird was how Wallace – not to mention his two Congressional guests, who both have key national security posts on the intelligence committee – handled the issue of retaliation.

It began with Representative Adam Schiff of California, ranking Democrat on the House Intelligence Committee, stating that “one of the big things that we really have to do in addition to our defense is figure out when we’re going to go on offense and how we’re going to provide a deterrent to future attacks.”

Wallace then asked Republican Congressman Peter King of New York, a member of the House Homeland Security Committee, “Do we need to retaliate against the people that we believe are conducting cyber warfare against us?” King answered, “I believe we do. I don’t think we should announce what we’re doing. I think the president and his administration have the capacity to respond once they find out, you know, sort of malware signature, who they believe this is. Then, I think, yes, there has to be a price to pay for this.”

Sounds perfectly reasonable, right? Except that only this January, no less than the nation’s top uniformed military officer told Wallace that the United States currently lacks superiority in cyber-war capabilities. According to Chairman of the Joint Chiefs of Staff Martin Dempsey, “In every domain…we generally enjoy a significant military advantage. We have peer competitors in cyber….We don’t have an advantage. It’s a level playing field, and that makes this Chairman very uncomfortable.”

Now Dempsey might have been mistaken (though that’s unlikely) or engaged in a head fake against America’s adversaries (though I can’t imagine the rationale for this one). But why didn’t Wallace remember that this is the most plausible reason for the nation’s failure to strike – fear that attackers can cause still further damage? Moreover, hadn’t Schiff or King been aware of Dempsey’s statement? If they were, do they have their own reasons for considering Dempsey mistaken?

In any event, the more I think about the issue, the more I wonder if the United States would retaliate even with clear-cut superiority. Think of it this way. Relatively few Americans nowadays – particularly in the big cities, which would be most vulnerable to a truly debilitating cyber attack – have any recent experience with the kind of privation and disruption that such a hack could create. Even most prosperous Russians and Chinese do – and then some. So even though these two countries are increasingly networked and enjoying the advantages thereof, it seems clear that they’re much better positioned to cope with cyber-generated confusion than Americans.

Another important point recently was brought to my attention. For all the damage done by foreign hackers to date, they haven’t yet (apparently) launched the kinds of attacks that could bring such massive disruptions – e.g., by bringing down the banking system, or the communications and energy infrastructure. It’s possible that these systems are adequately protected. But it’s also possible that China’s hackers in particular understand that their country would be victimized as well, since it’s so heavily dependent on exporting to the United States for continued growth and economic progress.

So although it’s certain that cyber attacks will continue, it’s also distinctly possible that many will stay relatively restrained. This could mean that America has more scope to retaliate than seems currently to be the case, but also that it has less need – and that we’ll need to (keep) getting used to greater levels of cyber risk if we want to keep reaping the benefits we perceive from more networked lives. In other words, we may be seeing the emergence of a cyber balance of terror similar to the nuclear balance of terror that helped avert great-power conflict during the Cold War. 

But there would still remain the risk of attacks from sources that don’t feel any stake in America’s continued viability, and could have even more broadly destructive aims. Dealing with these hackers – who could belong to major terrorist groups – will be complicated by the asymmetry problem: Relatively modest capabilities seem able to inflict tremendous damage on America’s economy and society.  Moreover, the perpetrators could be exceedingly difficult to track down and hack in return, and these enemies would have relatively little to lose in terms of physical assets and large-scale social systems. These observations lead me to the conclusion that the key to defeating these hackers lies not in the cyber realm but in the domain of broader counter-terrorism policies.