When strong leaders of nations meet, the outcome can’t always be forecast. When Ronald Reagan met with Mikhail Gorbachev in 1986, he suddenly walked out on Gorbachev because the Russian demanded that he include ballistic missile defenses in any future arms limitations treaty. By sticking to his guns and walking out, Reagan greatly accelerated the fall of the Soviet Union.
The outcome when a weak leader meets a strong one is all too predictable. In his June 16 summit with Russian President Vladimir Putin, President Biden drew a “red line” by telling the Russian strongman that further attacks by Russians against our infrastructure — e.g., the May 7 Colonia Pipeline ransomware attack, which shut down the main East Coast supply of gasoline — were off limits.
In my June 20 American Spectator column, I predicted that those attacks would continue and that Biden would do nothing to enforce the “red line” he drew. Both of those predictions have proven correct all too quickly.
Russian government cyberwarriors have been attacking the United States regularly for years, and the Putin regime has suffered no consequences for those attacks. In the 2020 “SolarWinds” attack, Russian government agents, using malware that they had inserted into a program commonly used by government agencies and commercial entities, managed to gain access to emails and databases. All five branches of our military, the NSA, and the State Department were all opened up for the Russians to see.
The May 7 Colonial Pipeline ransomware attack was perpetrated, I was told by an expert source, by the same Russians who perpetrated the SolarWinds attack.
Earlier this year, the same Russians were responsible for accessing the emails and databases of USAID. Another ransomware attack, against JBS — one of the nation’s largest meat suppliers — was, according to the FBI, perpetrated by a Russian gang that goes by the name “REvil.” (Russian and other nations’ cyberwarriors can change names as fast as terrorist groups.)
During the June summit, Biden gave Putin a list of a dozen or more elements of U.S. infrastructure that he told Putin were off limits to future cyberattacks. The list was almost certainly the public list published by the Cybersecurity and Infrastructure Security Agency. He drew a “red line” for Putin, which Putin was sure to ignore.
As I wrote on June 20, there were sure to be more Russian cyberattacks on U.S. infrastructure and commercial entities beyond the list Biden gave Putin. I predicted that after the next attack and the ones after that, Biden will satisfy himself by demanding that Putin put an end to them. I wrote that he’d give Putin the benefit of the doubt by asserting that Putin may not be able to control the Russian hackers.
And he has done precisely that. According to a Washington Times report last week, REvil announced a successful cyberattack on HX5, a defense contractor, and stole about 23 gigabytes of data. HX5’s clients include the Air Force, the Navy, NASA, and the General Services Administration.
On Friday, Biden called Putin and reportedly told him that the U.S. would take “any necessary action” to defend U.S. infrastructure and businesses from ransomware attacks. According to a White House statement, Biden also emphasized to Putin that he is committed to continued engagement on the broader threat posed by ransomware. Also, according to that statement, Biden told Putin that he must take action against the “independent” cybergangs that are mounting attacks on the U.S. from Russian soil.
It is improbable that there are any “independent” gangs. In Russia, such cyber-gangs are part of Putin’s intelligence agencies, are taking direct orders from them, or are operating with the regime’s knowledge and consent.
Putin is reveling in the results of attacks such as the SolarWinds and Colonial Pipeline ransomware attacks, as well as REvil’s successes. And, as Putin expected, Biden did nothing to punish the cyberattackers or Putin’s regime for the first round of post-summit attacks.
Putin isn’t going to stop cyberattacks on our defense and commercial infrastructures perpetrated by his regime or those committed by gangs such as REvil unless Biden takes serious action against both the attackers and Putin’s regime. Putin’s ordering or permitting such attacks is akin to the Taliban hosting al-Qaida so they could attack U.S. on 9/11. Both are attacks on the United States and constitute acts of war. The big differences are in the facts that no deaths are proximately caused by the Russian cyberattacks or by Biden’s weakness.
The modern definition of an act of war includes not only acts by foreign nations (or non-state actors such as al-Qaida) that result in deaths, but also cyberattacks that disable a significant element of our infrastructure such as the Colonial Pipeline attack.
Cyberattacks — at least those that cause no deaths — must be responded to in kind. As my June 20 column also reported, Biden apparently has no desire to do so. He has reduced our offensive cyber-capability by cutting its budget for the next fiscal year.
Russia isn’t the only perpetrator of cyberattacks against us. China, Iran, and North Korea also have their cyberwarriors attacking the U.S. every day. Tens of thousands of cyberattacks, mostly from China, attempt to penetrate our cyber-defenses — both government and commercial — daily. We are spending billions every year on cyber-defense, including defense against ransomware attacks.
In cyberwar, like football, the best defense is a good offense. About four years ago, Adm. Mike Rogers, then-commander of U.S. Cyber Command, told Congress that we had no operational doctrine for offensive cyberwar. In the years since, even if we have developed one, we haven’t had a president wiling to implement it. The operational doctrine — which, by definition, will always be evolving — needs to be there, and we need a president who is willing to turn our cyberwarriors loose on those who threaten us.
We need a cyber-offensive operational doctrine that will require counterattacks by the NSA and other capable agencies outside the law enforcement community. Those counterattacks need to occur in as close to real time of any attack on our defense, intelligence, and major infrastructure as we can perform. The only thing that we can be assured of is that Biden won’t authorize its implementation.
Biden could — and should — do that and a lot more. Huffing and puffing at Putin in telephone calls is a callow response. The president could — and should — order major economic sanctions against governments permitting significant cyberattacks. He should be speaking out regularly and asserting whatever diplomatic pressure he can on those governments, including China. But Biden won’t.
Putin and his ilk aren’t going to stop cyberattacks on the U.S. unless they have to pay a substantial price for not doing so. Putin erased Biden’s “red line” within weeks after it was drawn.
We cannot underestimate the seriousness of this problem. An attack, for example, on our stock markets could freeze our economy or even make trillions of dollars disappear.
It’s easy to forecast Joe Biden’s foreign policy failures. It would be fun, if the consequences for our national security were not so dire.