The administration is still finalizing the details, which are also expected to include covert action that likely will involve cyber operations, the officials said. An announcement on the public elements of the response could come as early as this week.
The sanctions part of the package culminates weeks of debate in the White House about how to revise an executive order from last year meant to give the president authority to respond to cyberattacks from overseas, but which did not originally cover efforts to influence the electoral system.
The Obama administration last year rolled the order out to great fanfare as a way to punish and deter foreign hackers who harm the United States’ economic or national security.
The threat to use it last year helped wring a pledge out of China’s president that his country would cease hacking U.S. companies’ secrets to benefit Chinese firms.
But officials this fall concluded that it could not, as written, be used to punish the most significant cyber-provocation in recent memory against the United States — Russia’s hacking of Democratic organizations, targeting of state election systems and meddling in the presidential election.
With the clock ticking, the White House is working on adapting the authority to punish the Russians, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations. President Obama last week pledged there would be a response to Moscow’s interference in the U.S. elections.
One clear way to use the order against the Russian suspects would be to declare the electoral systems part of the “critical infrastructure” of the United States. Or it could be amended to clearly apply to the new threat — interfering in elections.
Administration officials would also like to make it difficult for President-elect Donald Trump to roll back any action they take.
“Part of the goal here is to make sure that we have as much of the record public or communicated to Congress in a form that would be difficult to simply walk back,” said one senior administration official, who like others spoke on the condition of anonymity to discuss internal deliberations.
Obama issued the executive order in April 2015, creating the sanctions tool as a way to hold accountable people who harm computer systems related to critical functions such as electricity generation or transportation or who gain a competitive advantage through cybertheft of commercial secrets.
The order allows the government to freeze the assets in the United States of people overseas who have engaged in cyber acts that have threatened U.S. national security or financial stability. The sanctions would also block commercial transactions with the designated individuals and bar their entry into the country.
But just a year later, a Russian military spy agency would hack into the Democratic National Committee and steal a trove of emails that were released a few months later on WikiLeaks, U.S. officials said. Other releases followed, including the hacked emails of Hillary Clinton’s campaign chairman, John Podesta.
“Fundamentally, it was a low-tech, high-impact event,” said Zachary Goldman, a sanctions and national security expert at New York University School of Law. And the 2015 executive order was not crafted to target hackers who steal emails and dump them on WikiLeaks or seek to disrupt an election. “It was an authority published at a particular time to address a particular set of problems,” he said.
So officials “need to engage in some legal acrobatics to fit the DNC hack into an existing authority, or they need to write a new authority,” Goldman said.
Administration officials would like Obama to use the power before leaving office to demonstrate its utility.
“When the president came into office, he didn’t have that many tools out there to use as a response” to malicious cyber-acts, said Ari Schwartz, a former senior director for cybersecurity on the National Security Council. “Having the sanctions tool is really a big one. It can make a very strong statement in a way that is less drastic than bombing a country and more impactful than sending out a cable from the State Department.”
The National Security Council concluded that it would not be able to use the authority against Russian hackers because their malicious activity did not clearly fit under its terms, which require harm to critical infrastructure or the theft of commercial secrets.
“You would (a) have to be able to say that the actual electoral infrastructure, such as state databases, was critical infrastructure, and (b) that what the Russians did actually harmed it,” said the administration official who spoke on the condition of anonymity. “Those are two high bars.”
Though Russian government hackers are believed to have penetrated at least one state voter-registration database, they did not tamper with the data, officials said.
Some analysts believe that state election systems would fit under “government facilities,” which is one of the 16 critical infrastructure sectors designated by the Department of Homeland Security.
Another option is to use the executive order against other Russian targets — say, hackers who stole commercial secrets — and then, in either a public message or a private one, make clear that the United States considers its electoral systems to be critical infrastructure.
The idea is to not only punish but also deter.
“As much as I am concerned about what happened to us in the election, I am also concerned about what will happen to us in the future,” a second official said. “I am firmly convinced that the Russians and others will say, ‘That worked pretty well in 2016, so let’s keep going.’ We have elections every two years in this country.”
Even the threat of sanctions can have deterrent value. Officials and experts point to the agreement Chinese President Xi Jinping reached with Obama last year that his country would stop commercial cyberspying. Xi came to the table following news reports last summer that the administration was preparing to sanction Chinese companies.
Complicating matters, the Trump transition team has not yet had extensive briefings with the White House on cyber issues, including the potential use of the cyber-sanctions order. The slow pace has caused consternation among officials, who fear that the administration’s accomplishments in cybersecurity could languish if the next administration fails to understand their value.
Sanctions are not a silver bullet. Obama noted that “we already have enormous numbers of sanctions against the Russians” for their activities in Ukraine. So it is questionable, some experts say, whether adding new ones would have a meaningful effect in changing the Kremlin’s behavior. But in combination with other measures, they could be effective.
Criminal indictments of Russians might become an option, officials said, but the FBI has so far not gathered enough evidence that could be introduced in a criminal case. At one point, federal prosecutors and FBI agents in San Francisco considered indicting Guccifer 2.0, a nickname for a person or people believed to be affiliated with the Russian influence operation and whose true identity was unknown.
Before the election, the administration used diplomatic channels to warn Russia. Obama spoke to Russian President Vladimir Putin at a Group of 20 summit in China in September. About a week before the election, the United States sent a “hotline”-style message to Moscow using a special channel for crisis communication created in 2013 as part of the State Department’s Nuclear Risk Reduction Center. As part of that message, the officials said, the administration asked Russia to stop targeting state voter registration and election systems. It was the first use of that system. The Russians, officials said, appeared to comply.
Sanctions against Russia over election hacking forthcoming: report
U.S. officials told The Washington Post that the response is expected to include covert cyber operations. An announcement describing the public elements could come as early as this week, the newspaper reported.
Holding up the announcement is an internal debate over how best to adapt a 2015 executive order that gave the president the authority to levy sanctions against foreign actors who carry out cyberattacks against the U.S.
The order was used as the “stick” in negotiations over a highly publicized 2015 agreement with China that neither nation would hack the other for economic gain.
But officials concluded this past fall that the order does not cover the kind of covert influence operation that the Intelligence Community believes Russia carried out during the election — hacking political organizations and leaking stolen emails with the goal of influencing the outcome.
The April 2015 order allows the Treasury Department to freeze the assets of individuals or entities who used digital means to damage U.S. critical infrastructure or engage in economic espionage.
“You would (a) have to be able to say that the actual electoral infrastructure, such as state databases, was critical infrastructure, and (b) that what the Russians did actually harmed it,” a senior administration official told The Post. “Those are two high bars.”
Officials told the newspaper that the order could be amended to clearly designate that it applies to election interference, or the government could declare the electoral system “critical infrastructure” — a controversial proposal that states have pushed back on in the past.
Obama has been under pressure from some Democrats to issue a response to Russia over the hacking before he cedes the White House to Donald Trump in January. Critics fear that Trump, who has expressed a desire for warmer relations with the Kremlin, will take no action against Russia.
“I have no confidence that President Trump will bring about any sanctions on Russia. I’m more worried that he’s going to repeal the sanctions we already have than impose new ones,” Rep. Adam Schiff (D-Calif.), the top Democrat on the House Intelligence Committee, said this week. “So I think the administration ought to do what it’s going to do ASAP.”
The administration has publicly attributed attacks on the Democratic National Committee (DNC) and other political organizations — including Hillary Clinton campaign chair John Podesta’s personal email account — to Russian intelligence. Intelligence officials believe the subsequent release of those stolen emails through WikiLeaks and other outlets was an attempt by the Russian government to meddle in the U.S. election.
The CIA and the FBI have reportedly assessed that the hacking and subsequent data dumps were an explicit effort to help Trump attain the White House at the behest of Russian President Vladimir Putin.
Trump, meanwhile, has vehemently denied the reports. The president-elect frequently praises Putin and has expressed hope that Moscow and Washington can work closer together in the future.
The White House is reportedly taking steps to make the sanctions package against Russia difficult for the next administration to unravel.
“Part of the goal here is to make sure that we have as much of the record public or communicated to Congress in a form that would be difficult to simply walk back,” an official told the Post.
The response package is also aimed at deterring Russia from using the same kind of influence operations in the future, officials say.
“As much as I am concerned about what happened to us in the election, I am also concerned about what will happen to us in the future,” a second official told the Post. “I am firmly convinced that the Russians and others will say, ‘That worked pretty well in 2016, so let’s keep going.’ We have elections every two years in this country.”
The Obama White House has a range of other possible responses at its disposal, each of which comes with its own set of risks.
Officials say that while criminal indictments could be an option — like those used against five Chinese PLA officers in 2014 and seven Iranians earlier this year — the FBI has yet to amass sufficient evidence to proceed with the case.