“Russia, China and others knowingly exploit two fundamental gaps in our cybersecurity architecture. They acquire or co-opt domestic computers and cloud services as a platform to launch malicious cyber operations. They appreciate that our intelligence services are focused on cyber activities beyond our borders, and that these services are generally not allowed to track foreign mischief once it moves onshore. Moreover, the private sector — very much a component of our national security — is largely left to fend for itself against foreign cyberattacks, yielding a situation inconsistent with the federal government’s role of providing our “common defense” under the Constitution.
Addressing these gaps raises enormously complex legal and policy questions about the scope of government in protecting us from foreign cyber malevolence. Yet our understandable hesitancy in confronting these questions allows adversaries to continue to exploit the situation. We must start that discussion and consider how our foreign intelligence services could work with the FBI and CISA — in a manner fully consistent with our values and the Constitution — to pursue foreign cyber maliciousness when it involves using domestic parts of the internet.
To have prevented this hack, we would have had to piece together information from the intelligence community about Russian intentions and activity, link it to hints (from affected agencies or DHS) that some government systems had suspicious domestic internet connections, and then monitor those internet connections. Media reports indicate that the Russians used a domestic internet domain leased from Go Daddy, a reputable and popular host for web domains, to control the malware that was inserted in government networks. Normally a search warrant or other legal process, often taking days, is required before the FBI can fully review the traffic connecting with a suspected malicious internet site. None of the foregoing steps could, at least under current structures, have been taken in sufficient time to detect the attack in the first place; at a very minimum, we could be better structured to stop such attacks from spreading.
There is no single structural or legal solution to the problem of foreign cyberattacks. More robust sanctions against foreign adversaries and better international efforts to stop the export of cyber mischief and bring cyber criminals to justice will also help. Working with other like-minded nations, we need to raise the risks and costs of cyber espionage and cyber damage.
But steps like those outlined above are also needed to bolster our federal government’s defenses and to give us more robust tools to use against foreign cyber wrongdoers. That, along with more vigorous sharing with private businesses of otherwise classified information about the techniques of those wrongdoers, would go a long way to addressing the vulnerabilities of the private sector, and thus help fulfill government’s responsibilities in that regard. As if we needed an illustration of the private sector’s vulnerability, the recent sophisticated attack was undetected even by cybersecurity incident response firm FireEye, apparently itself a victim, with some of its cybertools used to test customer network security audaciously stolen by the intruders.”
“these two international crises highlight a major challenge Biden will face over the next four years, just as other presidents before him did: how to support democratic movements in places where the US doesn’t have actually much leverage, and where doing so could end up hurting the very movements the US wants to support.
In Myanmar, the US has few options to push the ruling generals to reverse course, especially since it provides almost no financial assistance to the government. As for Russia, any American effort to bolster democracy in and around it is viewed as a threat to be stamped out and delegitimized. Last October, shortly after the Kremlin poisoned and nearly killed Navalny, Putin’s regime claimed the dissident worked with the CIA.
American leaders with high hopes of ushering in a more democratic future inevitably run into the harsh reality of their limitations and the opposing forces working against them. “Every administration for the last 30 years has struggled with this,” said Erin Snider, an expert on US democracy promotion at Texas A&M University.
Myanmar and Russia, then, show the Biden administration is already in the thick of this dilemma.”
…
“Biden is also looking into the possibility of placing economic sanctions on Myanmar in the coming weeks. But while that would potentially give the US additional leverage over the military generals ruling the country, it could backfire.
That’s because some experts have warned that doing so could end up increasing authoritarian China’s already immense economic influence in Myanmar while pushing out democratic countries like South Korea and Japan, which have worked to develop economic and military ties to the country and break China’s “stranglehold” there.
And though China has had a complicated relationship with Myanmar’s military regime, it’s unlikely closer ties between the two countries will bode well for Myanmar’s pro-democracy movement — or for the Biden administration’s efforts to counter China’s growing influence in the region.”
…
“it’s not clear the US actually has many ways of successfully pushing Russia to change. The Kremlin rejects any efforts at democratization in Russia and its surroundings, while pro-democracy groups like Navalny’s get stamped out the second they become overly threatening. The best way to punish Russia would be to get European nations to curb ties with Moscow, but that’s always proven hard for any US administration to do.
No one expects Biden, or any US administration, to depose autocrats and usher in full-blown democracies over his four or even eight years. At most, the US can move the needle a little bit so that, over time, a country liberalizes so organic democracy movements can grow. But even incremental progress requires trade-offs, ones that require the president and his team to assess how much they value a foreign nation’s democratic leanings against everything else.”
“Russian President Vladimir Putin and U.S. President Joe Biden agreed Tuesday to extend the New START nuclear nonproliferation treaty, which is due to expire next month, according to Kremlin and White House summaries of a phone call between the leaders.
“They discussed both countries’ willingness to extend New START for five years, agreeing to have their teams work urgently to complete the extension by February 5,” the White House said.”
…
“Formally called the “New Strategic Arms Reduction Treaty,” the agreement limits Washington and Moscow’s deployed nuclear weapons to 1,550 each. It was signed in 2010, entered force on February 5, 2011 and was set to expire on its 10th anniversary.
New START is the last remaining nonproliferation agreement between the former Cold War superpower rivals, after another key nuclear accord, the Intermediate-Range Nuclear Forces Treaty, expired in August 2019.”
“The Russian Army has received its first batch of BMP-T tank support vehicles, more than 30 years after they were first conceived. The BMP-T, also known as the “Terminator,” is designed to accompany tanks on the battlefield, zeroing in on and terminating enemy anti-tank teams.”
“President-elect Joe Biden may want his administration to focus on long-term issues like the coronavirus pandemic, climate change, rebuilding alliances, and America’s relationship with China, but some key near-term foreign policy problems will likely require his attention first.
After the assassination of its top nuclear scientist by an unknown attacker, Iran might be less willing to engage in diplomacy with America and instead seek revenge by targeting US officials. North Korea could test an intercontinental ballistic missile early in Biden’s term to try to gauge the new administration’s response. The last remaining nuclear arms control deal between the US and Russia is set to expire just over two weeks after Biden takes office. And the reduced number of American troops in Afghanistan could derail sputtering peace talks and worsen the country’s security situation.
Such a dilemma wouldn’t be unique to Biden. Every new president comes in with ideas on how to handle larger global problems, only to have the colloquial “tyranny of the inbox” monopolize their time. “If you assume that foreign policy is less than half, and maybe a quarter, of the president’s time, then that really shines a light on how serious this inbox problem is,” said Christopher Preble, co-director of the New American Engagement Initiative at the Atlantic Council think tank.
Once he’s in the Oval Office, then, Biden will likely find his hopes of tackling grander foreign policy challenges dashed by the effort he’ll have to expend cleaning up more immediate messes.”
“The United States is finally punishing Turkey for purchasing a Russian missile defense system, a long-anticipated move that is likely to increase tensions with a NATO ally.”
“the Trump administration imposed sanctions on Turkey for its purchase of the Russian-made S-400 surface-to-air missile defense system. The administration ordered the penalties under a section of the Countering America’s Adversaries Through Sanctions Act (CAATSA), which gives the president the power to sanction people or entities that do business with Russia’s intelligence or defense sectors. The sanctions specifically target Turkey’s defense procurement agency, known as the Presidency of Defense Industries (SSB), and its senior officials.”
…
“Turkey acquired the defense system last year, after repeated warnings by the Trump administration not to do so because they do not want a NATO ally relying on Russian systems. US officials also said Turkey’s use of the S-400 jeopardized America’s F-35 fighter jet program, over fears the Russian system’s radars could collect intelligence on the F-35s.
In response, the US removed Turkey from its F-35 fighter jet program, which barred the country from getting the jets and restricted any Turkish personnel from working with the planes. Still, bipartisan members of Congress continued to push for harsher punishment of Turkey, including sanctions.
Turkey’s decision to purchase the Russian system further strained relations between Washington and Ankara. Turkish President Recep Tayyip Erdoğan has consolidated power in recent years, becoming more explicitly authoritarian and cracking down on dissent, including by jailing journalists and others he perceives as his political enemies.
Erdoğan was angered by the US’s decision to ally with the Kurds in the fight against ISIS in Syria, as Erdoğan associates them with the Kurdistan Workers’ Party, a terrorist group that’s waged attacks in Turkey. He has also bristled at the US’s refusal to extradite a US-based cleric whom Erdoğan blames for a 2016 coup attempt.
Beyond Turkey’s flirtation with Russia, Turkey has also tried to exert its regional influence in places like Syria and Libya and the eastern Mediterranean Sea, where its gas exploration efforts have increased tensions with Greece and other NATO allies in the European Union, too. (The EU is also considering sanctions against Turkey.)
But despite issuing lots of admonitions, the Trump administration didn’t move forward with the CAATSA sanctions. Some attributed Trump’s refusal to do so to his personal affinity for Erdoğan.
Then in October, Turkey tested the S-400 system in defiance of US warnings, making it much harder for the US to ignore.
And this month, Congress, in its annual defense authorization bill, included mandatory sanctions against Turkey for its Russian defense shopping spree. Though Trump has threatened to veto the bill for lots of reasons, the administration’s move to sanction Turkey on Monday may have been an attempt to get ahead of that requirement.”
“The U.S. Treasury and Commerce departments, along with untold numbers of government and corporate computer networks, have been breached in what may be an espionage attempt by the Russian government. (The Russians are, of course, denying responsibility.)
The avenue was reportedly a malicious software update pushed through SolarWinds Inc., an Austin-based network management company that counts both the federal government and hundreds of major U.S. companies among its clients. Essentially, the hackers slipped some malicious code into a software update; if you were on the infected networks that installed the update, this gave the hackers backdoor access to your data.”
…
“It’s worthwhile to consider these developments in the light of law enforcement’s efforts to weaken encryption protections. When officials insist that individuals should not have access to strong encryption unless the government can bypass those protections and access our data, they don’t acknowledge that police won’t be the only ones exploiting those back doors. Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too. It has happened before to our own very own government, as another country, possibly China, figured out how to access a cybersecurity bypass that had been installed for the National Security Agency.”
“Hackers from a foreign nation-state have breached multiple federal agencies, including the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration, in a months-long campaign that has stirred concerns of the highest levels of the federal government.
While the full scope and significance of the breaches remain unclear, their discovery prompted an emergency meeting Saturday of the White House’s National Security Council, according to a U.S. official who requested anonymity to discuss an ongoing incident. A second U.S. official said the attack is believed to be the work of the Russian government, a link also made in multiple news reports Sunday night.”
“The Russian military operations in August inside the U.S. economic zone off the coast of Alaska were the latest in a series of escalated encounters across the North Pacific and the Arctic, where the retreat of polar ice continues to draw new commercial and military traffic. This year, the Russian military has driven a new nuclear-powered icebreaker straight to the North Pole, dropped paratroopers into a high-Arctic archipelago to perform a mock battle and repeatedly flown bombers to the edge of U.S. airspace.
As seas warmed by climate change open new opportunities for oil exploration and trade routes, the U.S. Coast Guard now finds itself monitoring a range of new activity: cruise ships promising a voyage through waters few have ever seen, research vessels trying to understand the changing landscape, tankers carrying new gas riches, and shipping vessels testing new passageways that sailors of centuries past could only dream of.
Russia’s operations in the Arctic have meant a growing military presence at America’s northern door. Rear Adm. Matthew T. Bell Jr., the commander of the Coast Guard district that oversees Alaska, said it was not a surprise to see Russian forces operating in the Bering Sea over the summer, but “the surprise was how aggressive they got on our side of the maritime boundary line.”
In the air, U.S. jets in Alaska typically scramble to intercept about a half-dozen approaching Russian aircraft a year, outliers on the long-range nuclear bomber patrols that Russia resumed in 2007. But this year that number has risen to 14 — on pace to set a record since the Cold War era. In the most recent case, last month, the United States responded to the approach of two Russian bombers and two Russian fighters that came within 30 nautical miles of Alaskan shores.”