Yesterday’s New York Times features an article
that begins with these two sentences: “The chief of Russia’s armed forces
endorsed on Saturday the kind of tactics used by his country to intervene
abroad, repeating a philosophy of so-called hybrid war that has earned him
notoriety in the West, especially among American officials who have accused
Russia of election meddling in 2016. At a conference on the future of Russian
military strategy, Gen. Valery V. Gerasimov, the chief of the general staff,
said countries bring a blend of political, economic and military power to bear
against adversaries.”
Further down
in the article, there’s this sentence: “Though definitions of the term vary,
some analysts see a progression from the blend of subversion and propaganda
used in Ukraine to the tactics later directed against Western nations, including
the United States, where Russia’s military intelligence agency hacked into
Democratic Party computers during the 2016 election. Russia denies interfering
in the election.”
Even further
on: “In the 2013 article, General Gerasimov wrote that there were no clear
borders between war and peace in the modern world. Militaries fight in
peacetime, he said, and political and economic means are deployed in war.”
Of course,
nothing directly stated above should be hugely surprising to anyone who has followed
the news on Russia in recent years. So why am I bringing this up? Because of what
is directly stated (by a Moscow journalist who’s still alive, so he must
reflect Putin’s opinions) in the last sentence of the article. This sentence
quotes Pavel Felgenhauer, a military analyst and columnist in Moscow for the newspaper
Novaya Gazeta, as saying “We don’t care what the West thinks, we are enemies.”
Of course,
this was implicitly stated by Gen. Gerasimov. Just consider the following
syllogism (my wording, but it’s all directly implied by his statements and by
recent news articles in the Wall Street
Journal):
- “We fight our enemies using both military and other means,
including cyber attacks.”
- “We have launched serious cyber attacks against the US in
many forms, including the 2016 elections and also a continuing campaign
aimed at penetrating the systems that control the power grid. One purpose
of those attacks is to be in a position to cut off power to key military
facilities in the event of an armed conflict.”
- “Therefore, the US is an enemy of Russia, just as much as
if we were in a purely military conflict. The only reason we’re not using
military means (possibly including nuclear weapons, as we have repeatedly threatened)
is we don’t think it’s an appropriate time to do so. That might change in
the future, since we’ll most likely be at war with the US for a long time.”
- “Have a nice day.”
Which
reminds me: I wrote a post
recently (currently well over 1,000 views) that wondered why nobody seems to be
in any great hurry to investigate the statement by the CIA, FBI and the
Director of National Intelligence in this year’s Worldwide
Threat Assessment, to the effect that the Russians now have the ability to “bring
the grid down…for at least a few hours” - using malware planted by cyber attacks, of course. This is especially odd, since an outage caused by
the Russians in the Ukraine in 2015 (and a follow-on in 2016, presumably to
show that the Russians were busy improving their malware all the time, in case
anyone thought of trying to pull the same trick on them) was investigated – with great publicity - by various
government agencies and other groups, and the findings were the subject of
white papers and DHS briefings across the country.
Has my post
created a flurry of activity, with people jumping on planes to find out what happened and inform the electric power industry
so they can shore up their defenses against these attacks – and root out the
malware that may already be in their control networks (and it’s a lot shorter ride from DC to any US city than it is from the US to Kiev, except for the ride from DC to Honolulu. But I don’t believe the Russian attacks have targeted Hawaii, perhaps because an outage there would never spread to the mainland grid)?
I know it
will surprise you greatly to hear this, but even though I’ve kept my phone close to
me day and night, I have yet to hear of any investigation either being under
way or starting. Not only that – I’ve contacted two people who hold responsible
positions at two of the four organizations that I believe should do the
investigation (namely the NERC E-ISAC, FERC, DoE and DHS. I name them because
the investigation would need to look at the evidence that the FBI
and CIA have already gathered, then
determine whether or not the Russians have actually penetrated networks at grid
control centers; this is the only plausible way an outage of any size could be
caused in the US. Only another government agency –and while NERC isn’t
technically a government agency, it is a “delegate” for FERC, which is part of
DoE – would be allowed to see this evidence, although I can see private
organizations like SANS and Dragos being brought in to help the agency or agencies doing
the investigating).
While both of
these people did engage in a short email dialogue with me, neither one has
gotten back to tell me a) the investigation is underway; or b) they are getting
ready to start one; or c) they already have investigated the FBI and CIA
statement, and – while they can’t tell me the conclusion, of course – they are
satisfied they know what actually happened. I would be more than happy to
hear any of these three things. And of course, I wouldn’t publish it in this
blog, or anywhere else.
Two more
questions:
- Has anyone given me a good reason why there shouldn’t be
an investigation of this? I’ve heard a few of those, and I’ll discuss them
in a post in the (relatively) near future. Suffice it to say that I don’t
think any of them hold water. (Note on 3/31: I'm now up to over ten excuses, a few of which are just misunderstanding, but at least a few of which may be deliberate attempts by what I'm beginning to call the "government-cyber complex" to divert attention from this. I intend to write a post on one of the latter this week)
- Then do I have a good idea what might be the real reason there’s been no investigation? Yes, I do. I’ll also address them in a post in the relatively near future, so you’ll have to live in suspense for the time being. I’ll give you a hint now: It doesn’t involve any particular US government official.
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment