Mariam Baksh of NextGov published
– as usual – a very interesting article
on Jan. 16, which begins with this paragraph:
A senior administration official
put questionable timing aside and commended the Kremlin’s arrest Friday of individuals Russian
officials say comprise the notorious REvil ransomware group, which U.S.
officials have attributed to attacks on critical infrastructure.
“Questionable timing” indeed! Putin
is poised with a knife to the Ukraine’s throat and threatening to send troops
to Venezuela and Cuba to threaten the US – so of course this is a great time to
thank him for his noble efforts against REvil.
Let me suggest that the real question
is this: Seven months ago, Biden - after the Kaseya attacks, which were
instigated by REvil) – said (quoting from WaPo)
“Putin must put an immediate stop to this activity, or Biden’s administration
will take ‘any necessary action’ to stop it.” Why is the
administration now taking credit for the fact that Putin finally acted, when Putin’s
people certainly knew all along who needed to be arrested (because the Russian
intelligence services collaborate with those people all the time, and the US
intelligence services had given them a list of names)?
And why, after calling for an immediate
stop to “this activity” (which, in case you hadn’t noticed, didn’t bring
Russian ransomware activity to a hard stop last July), didn’t Biden keep the
pressure on Putin all this time? And given that Putin obviously didn’t pay any
attention at all to Biden’s order last July, why doesn’t this “senior
administration official” even think, “Hey, the fact that he’s finally arresting
the REvil guys now is probably not because he’s been listening to us. It’s
because he wants to look as good as he can in other areas, while he’s issuing a
new ultimatum to Biden to abandon the Ukraine to him”?
Perhaps the senior official is Secretary
of State Blinken, who in September asserted
that “no one in the U.S. government expected the Afghan government to fall as
quickly as it did.” Of course, there was no way the administration could
possibly have known that the Taliban wouldn’t keep their promise of a cease-fire.
After all, the Taliban are honorable men. Why Blinken wasn’t fired after that
debacle would be a mystery to me, were it not clear that there are lots of
others in the administration who also think their job is to claim credit for
successes, rather than actually be successful.
Of course, the senior
administration official’s comments really aren’t about Putin at all. They’re a
vain attempt to at least get some good news out about the
administration, since lately all the news has been bad. But frankly, the fact
that this clown – whoever he or she is – is trying to turn the fact that Putin
completely stiffed Biden for seven months and is now doing what Biden ordered
only because he’s trying to divert attention from a much bigger transgression he
wants to commit, only shows how weak and clueless they are. And unfortunately,
that’s not news.
A much better thing to say – and not
through an anonymous spokesperson – would have been “We wish to ‘congratulate’
Mr. Putin on finally taking an itty bitty step to combat one of the many evils
Russia has inflicted on the world in recent years. Now here are some more steps
Mr. Putin must take, and the consequences that will follow if he doesn’t (BTW,
this time we mean it about the consequences):
1.
Adequately compensate
the families of victims and governments for their losses in the shooting down
of flight
MH17 in 2014 or face a ban on all Russian aircraft in international
airspace.
2.
Compensate Maersk and
the other companies worldwide that lost an estimated $10 billion in the
NotPetya attack, or risk being cut off from the SWIFT international funds
transfer system.
3.
Compensate the victims
(especially government agencies) of the SolarWinds and Kaseya attacks and arrest
the perpetrators of both of these (who are either Russian government employees or
well known to them) or face an order to US financial institutions and citizens
to divest themselves of their Russian bonds and not own them in the future.
And speaking of Russian attacks,
here’s another idea: Why don’t we investigate the assertions
made by the CIA and FBI in the last “annual” Worldwide Threat Assessment in
2019, to the effect that the Russians had penetrated the US power grid and
could cause outages at any time? There’s never even been an investigation
of those statements. And there haven’t been any more WTAs since that one.
I guess that’s one way to solve
the problem of bad press.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. Nor
are they necessarily shared by CISA’s Software Component Transparency
Initiative, for which I volunteer as co-leader of the Energy
SBOM Proof of Concept. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
There are still WTA's produced annually by the Director of National Intelligence (DNI).
ReplyDeletehttps://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2021/item/2204-2021-annual-threat-assessment-of-the-u-s-intelligence-community
Actually, no WTAs have been produced since the 2019 one. They previously came out annually in early January, and they were skipped under the Trump administration in 2020 and 2021. Last year, the incoming Biden administration put out a new report in April called the Annual Threat Assessment, which you link in your comment. This document doesn't make any specific mention of the Russians implanting malware in the US grid, as the 2019 report did.
ReplyDeleteThe fact is that the statements by the FBI and CIA in the 2019 report have never been investigated, unless this was done without any notice to the utilities, whether classified or otherwise. Of course, the whole point of investigating the reports would be to find the malware, so the utilities can eradicate it. Why this was never done wasn't a mystery under the Trump administration, since they didn't want to hear bad thingsa about Russia.
It's a mystery that the Biden administration has never looked into this, although it would certainly not be too late for them to do it now.